Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 3143 in total

Symantec Endpoint Protection Manager Authentication Bypass and Code Execution Exploit

Disclosed: July 31, 2015

This module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.

Heroes of Might and Magic III .h3m Map file Buffer Overflow Exploit

Disclosed: July 29, 2015

This module embeds an exploit into an ucompressed map file (.h3m) for Heroes of Might and Magic III. Once the map is started in-game, a buffer overflow occuring when loading object sprite names leads to shellcode execution.

BIND TKEY Query Denial of Service Exploit

Disclosed: July 28, 2015

This module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9....

Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation Exploit

Disclosed: July 21, 2015

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

MS15-078 Microsoft Windows Font Driver Buffer Overflow Exploit

Disclosed: July 11, 2015

This module exploits a pool based buffer overflow in the atmfd.dll driver when parsing a malformed font. The vulnerability was exploited by the hacking team and disclosed on the july data leak. This module has been tested successfully on vulnerable builds of Windows 8.1 x64.

ManageEngine EventLog Analyzer Remote Code Execution Exploit

Disclosed: July 11, 2015

This module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has fu...

X11 Keyboard Command Injection Exploit

Disclosed: July 10, 2015

This module exploits open X11 servers by connecting and registering a virtual keyboard. The virtual keyboard is used to open an xterm or gnome terminal and type and execute the specified payload.

Western Digital Arkeia Remote Code Execution Exploit

Disclosed: July 10, 2015

This module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the 'arkeiad' daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it's possible to e...

VNC Keyboard Remote Code Execution Exploit

Disclosed: July 10, 2015

This module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed.

Accellion FTA getStatus verify_oauth_token Command Execution Exploit

Disclosed: July 10, 2015

This module exploits a metacharacter shell injection vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'oauth_token' is passed into a system() call within a mod_perl handler. This module exploits the '/tws/getStatus' endpoint. Other vulnerable handlers include ...