Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 72233 in total

Telisca IPS Lock Cisco IP Phone Control Exploit

Disclosed: December 17, 2015

This module allows an unauthenticated attacker to exercise the "Lock" and "Unlock" functionality of Telisca IPS Lock for Cisco IP Phones. This module should be run in the VoIP VLAN, and requires knowledge of the target phone's name (for example, SEP002497AB1D4B). Set ACTION to either LOCK or UNLOCK. UNLOCK is the...

Joomla HTTP Header Unauthenticated Remote Code Execution Exploit

Disclosed: December 14, 2015

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the ...

ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability Exploit

Disclosed: December 14, 2015

This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file...

MS15-134 Microsoft Windows Media Center MCL Information Disclosure Exploit

Disclosed: December 08, 2015

This module exploits a vulnerability found in Windows Media Center. It allows an MCL file to render itself as an HTML document in the local machine zone by Internet Explorer, which can be used to leak files on the target machine. Please be aware that if this exploit is used against a patched Windows, it can cause the ...

Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution Exploit

Disclosed: December 04, 2015

This module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot (Fire & Forget - DDoS Bot). Matt Thayer also found this script which has a description of LinuxNet perlbot. ...

Advantech Switch Bash Environment Variable Code Injection (Shellshock) Exploit

Disclosed: December 01, 2015

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the '' CGI script, acessible through the Boa web server on Advantech switches. This module was tested against firmware version 1322_D1.98.

Jenkins CLI RMI Java Deserialization Vulnerability Exploit

Disclosed: November 18, 2015

This module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this vulnerability.

Redis File Upload Exploit

Disclosed: November 11, 2015

This module can be used to leverage functionality exposed by Redis to achieve somewhat arbitrary file upload to a file and directory to which the user account running the redis instance has access. It is not totally arbitrary because the exact contents of the file cannot be completely controlled given the...

Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload Exploit

Disclosed: November 10, 2015

This module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.