Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 21 - 30 of 3109 in total

Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow Exploit

Disclosed: August 23, 2015

This module exploits an SEH overflow in Konica Minolta FTP Server 1.00. Konica Minolta FTP fails to check input size when parsing 'CWD' commands, which leads to an SEH overflow. Konica FTP allows anonymous access by default; valid credentials are typically unnecessary to exploit this vulnerability.

ManageEngine ServiceDesk Plus Arbitrary File Upload Exploit

Disclosed: August 20, 2015

This module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.

CMS Bolt File Upload Vulnerability Exploit

Disclosed: August 17, 2015

Bolt CMS contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This module was tested on version 2.2.4.

Mac OS X "tpwn" Privilege Escalation Exploit

Disclosed: August 16, 2015

This module exploits a null pointer dereference in XNU to escalate privileges to root. Tested on 10.10.4 and 10.10.5.

Symantec Endpoint Protection Manager Authentication Bypass and Code Execution Exploit

Disclosed: July 31, 2015

This module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.

Heroes of Might and Magic III .h3m Map file Buffer Overflow Exploit

Disclosed: July 29, 2015

This module embeds an exploit into an ucompressed map file (.h3m) for Heroes of Might and Magic III. Once the map is started in-game, a buffer overflow occuring when loading object sprite names leads to shellcode execution.

BIND TKEY Query Denial of Service Exploit

Disclosed: July 28, 2015

This module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9....

Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation Exploit

Disclosed: July 21, 2015

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

ManageEngine EventLog Analyzer Remote Code Execution Exploit

Disclosed: July 11, 2015

This module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has fu...