• Close
  • Vulnerability & Exploit Database

    Displaying module details 31 - 40 of 3190 in total

    PHP Utility Belt Remote Code Execution Exploit

    Disclosed: December 08, 2015

    This module exploits a remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application runs arbitrary PHP code as an intended functionality.

    Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution Exploit

    Disclosed: December 04, 2015

    This module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. ...

    Easy File Sharing HTTP Server 7.2 SEH Overflow Exploit

    Disclosed: December 02, 2015

    This module exploits a SEH overflow in the Easy File Sharing FTP Server 7.2 software.

    Advantech Switch Bash Environment Variable Code Injection (Shellshock) Exploit

    Disclosed: December 01, 2015

    This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the 'ping.sh' CGI script, acessible through the Boa web server on Advantech switches. This module was tested against firmware version 1322_D1.98.

    Jenkins CLI RMI Java Deserialization Vulnerability Exploit

    Disclosed: November 18, 2015

    This module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this vulnerability.

    Redis File Upload Exploit

    Disclosed: November 11, 2015

    This module can be used to leverage functionality exposed by Redis to achieve somewhat arbitrary file upload to a file and directory to which the user account running the redis instance has access. It is not totally arbitrary because the exact contents of the file cannot be completely controlled given the...

    Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload Exploit

    Disclosed: November 10, 2015

    This module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.

    vBulletin 5.1.2 Unserialize Code Execution Exploit

    Disclosed: November 04, 2015

    This module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9

    Atlassian HipChat for Jira Plugin Velocity Template Injection Exploit

    Disclosed: October 28, 2015

    Atlassian Hipchat is a web service for internal instant messaging. A plugin is available for Jira that allows team collibration at real time. A message can be used to inject Java code into a Velocity template, and gain code exeuction as Jira. Authentication is required to exploit this vulnerability, and you must make sure...

    China Chopper Caidao PHP Backdoor Code Execution Exploit

    Disclosed: October 27, 2015

    This module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers.