Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 21 - 30 of 2877 in total

Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit

Disclosed: January 27, 2015

This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server.

Remote Code Execution in WordPress Platform Theme Exploit

Disclosed: January 21, 2015

The WordPress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.

IPass Control Pipe Remote Command Execution Exploit

Disclosed: January 21, 2015

This module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force the service to load a DLL from a SMB share.

WordPress Pixabay Images PHP Code Upload Exploit

Disclosed: January 19, 2015

This module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.

MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape Exploit

Disclosed: January 13, 2015

This module abuses a process creation policy in Internet Explorer's sandbox; specifically, Microsoft's RemoteApp and Desktop Connections runtime proxy, TSWbPrxy.exe. This vulnerability allows the attacker to escape the Protected Mode and execute code with Medium Integrity. At the moment, this module only bypass P...

WordPress WP EasyCart Unrestricted File Upload Exploit

Disclosed: January 08, 2015

WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php ...

OpenNMS Authenticated XXE Exploit

Disclosed: January 08, 2015

OpenNMS is vulnerable to XML External Entity Injection in the Real-Time Console interface. Although this attack requires authentication, there are several factors that increase the severity of this vulnerability. 1. OpenNMS runs with root privileges, taken from the OpenNMS FAQ: "The difficulty with the core of OpenNMS is...

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit

Disclosed: January 06, 2015

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 'sa' user and of the admin user cr...

ManageEngine Desktop Central Administrator Account Creation Exploit

Disclosed: December 31, 2014

This module exploits an administrator account creation vulnerability in Desktop Central from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in several versions of Desktop Central (including MSP) from v7 onwards.

Achat Unicode SEH Buffer Overflow Exploit

Disclosed: December 18, 2014

This module exploits a Unicode SEH buffer overflow in Achat. By sending a crafted message to the default port 9256/UDP, it's possible to overwrite the SEH handler. Even when the exploit is reliable, it depends on timing since there are two threads overflowing the stack in the same time. This module has been tested on ...