Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2882 in total

BMC TrackIt! Unauthenticated Arbitrary User Password Change Exploit

Disclosed: December 09, 2014

This module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3 and possibly prior versions. If the password reset service is configured to use a domain administrator (which is the recommended configuration), then domain credentials can be reset (such as domain Administrator).

Lexmark MarkVision Enterprise Arbitrary File Upload Exploit

Disclosed: December 09, 2014

This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1. A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested successfully on Lexmark MarkVision ...

ProjectSend Arbitrary File Upload Exploit

Disclosed: December 02, 2014

This module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.

ManageEngine NetFlow Analyzer Arbitrary File Download Exploit

Disclosed: November 30, 2014

This module exploits an arbitrary file download vulnerability in CSVServlet on ManageEngine NetFlow Analyzer. This module has been tested on both Windows and Linux with versions 8.6 to 10.2. Note that when typing Windows paths, you must escape the backslash with a backslash.

Tuleap PHP Unserialize Code Execution Exploit

Disclosed: November 27, 2014

This module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from...

Arris VAP2500 tools_command.php Command Execution Exploit

Disclosed: November 25, 2014

Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the tools_command.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username.

Adobe Flash Player PCRE Regex Vulnerability Exploit

Disclosed: November 25, 2014

This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode.

GitLab User Enumeration Exploit

Disclosed: November 21, 2014

The GitLab 'internal' API is exposed unauthenticated on GitLab. This allows the username for each SSH Key ID number to be retrieved. Users who do not have an SSH Key cannot be enumerated in this fashion. LDAP users, e.g. Active Directory users will also be returned. This issue was fixed in GitLab v7.5.0 and is pre...

WordPress Long Password DoS Exploit

Disclosed: November 20, 2014

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing.