Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2905 in total

Malicious Git and Mercurial HTTP Server For CVE-2014-9390 Exploit

Disclosed: December 18, 2014

This module exploits CVE-2014-9390, which affects Git (versions less than, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be convinced to retr...

Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner Exploit

Disclosed: December 17, 2014

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution Exploit

Disclosed: December 16, 2014

This module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer Due to the lack of proper update package validation, a man-in-the-middle (MITM) attacker could execute arbitrary code by spoofing the update server...

Symantec Web Gateway 5 restore.php Post Authentication Command Injection Exploit

Disclosed: December 16, 2014

This module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerabi...

ManageEngine Multiple Products Authenticated File Upload Exploit

Disclosed: December 15, 2014

This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write to the file system. Authentication is needed to exploit this ...

WordPress WP Symposium 14.11 Shell Upload Exploit

Disclosed: December 11, 2014

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the f...

BMC TrackIt! Unauthenticated Arbitrary User Password Change Exploit

Disclosed: December 09, 2014

This module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3 and possibly prior versions. If the password reset service is configured to use a domain administrator (which is the recommended configuration), then domain credentials can be reset (such as domain Administrator).

Lexmark MarkVision Enterprise Arbitrary File Upload Exploit

Disclosed: December 09, 2014

This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1. A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested successfully on Lexmark MarkVision ...

ProjectSend Arbitrary File Upload Exploit

Disclosed: December 02, 2014

This module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.