Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 3048 in total

WordPress All-in-One Migration Export Exploit

Disclosed: March 19, 2015

This module allows you to export Wordpress data (such as the database, plugins, themes, uploaded files, etc) via the All-in-One Migration plugin without authentication.

Wordpress Work The Flow Upload Vulnerability Exploit

Disclosed: March 14, 2015

This module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.

Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability Exploit

Disclosed: March 13, 2015

This module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication...

iPass Mobile Client Service Privilege Escalation Exploit

Disclosed: March 12, 2015

The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM.

Adobe Flash Player NetConnection Type Confusion Exploit

Disclosed: March 12, 2015

This module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary memory. It can be used to overwrite dangerous objects, like vectors, and ultimately accomplish remote code execution. This module has been ...

Microsoft Windows Shell LNK Code Execution Exploit

Disclosed: March 10, 2015

This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates the required files to exploit the vulnerability. They must be uploaded to an UNC path accessible by the target. This modul...

Microsoft Windows Shell LNK Code Execution Exploit

Disclosed: March 10, 2015

This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be sent to the target. This module ha...

WordPress WPshop eCommerce Arbitrary File Upload Vulnerability Exploit

Disclosed: March 09, 2015

This module exploits an arbitrary file upload in the WordPress WPshop eCommerce plugin from version 1.3.3.3 to 1.3.9.5. It allows to upload arbitrary PHP code and get remote code execution. This module has been tested successfully on WordPress WPshop eCommerce 1.3.9.5 with WordPress 4.1.3 on Ubuntu 14.04 Server.

Generic Web Application DLL Injection Exploit

Disclosed: March 04, 2015

This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL.

Generic DLL Injection From Shared Resource Exploit

Disclosed: March 04, 2015

This is a general-purpose module for exploiting conditions where a DLL can be loaded from an specified SMB share. This module serves payloads as DLLs over an SMB service.