Twitget version 3.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
266b8fb377793b085d1c5af6d02746d14f19958217853a10c4f6eee53b74a035
Comtrend CT 5361T suffers from a password disclosure vulnerability.
c3beb0a9debd4f539927231b553437a370d4c2a79b7130c247a0f5193a78bcb0
D-Link DAP 1150 suffers from cross site request forgery and cross site scripting vulnerabilities.
4df31b39cf88630f9e6a0e14c8f3506537065b37bfa5724c7cedfd18d99cbd4f
Apple Mac OS X Lion kernel xnu versions 1699.32.7 except 1699.24.8 NFS mount privilege escalation exploit. This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content.
8e779edf9df04a55e329faff795fd22465cd1d2fb570d611ba39e3d3871a8731
iVault Private P&V version 1.1 for iOS suffers from a directory traversal vulnerability.
8475893b7d785b8003e63e90143355211736835b580d0d5262083f82440f2a15
AppFish Offline Coder version 2.2 for iOS suffers from a persistent script insertion vulnerability.
2c1882b76fa726a744b7d1acaaefdc3d30d552e0f9c68a7c31b67f419b719f30
BlueMe Bluetooth version 5.0 for iOS suffers from a code execution vulnerability.
37d626f0020b96718d8daa286f2bae2c4ef35dbcc55bc04a265984572ffcd37a
Sendy version 1.1.9.1 suffers from a remote SQL injection vulnerability.
5c4b65786f4fb604aa4f00e42148db5fe0e0eb20240a98bab3e4f6d30e44c8be
CMS United suffers from a cross site scripting vulnerability.
c2a2ddf01cac17429386e56f8a4e8aa5d000c4d608d1954ca2ca1629f76bfaa7
CMS eaZy suffers from a remote SQL injection vulnerability.
ae9c4b7f5c9fc1ad7a554a04ae7ceb2dcd688127fcff9dd2f4ec6515e639fa76
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
8ac230f3902a7f35b6b76d9ad09ffa77ce032177754a06743c1ffa83672c1fcf
This Metasploit module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable.
81d080e43dc83f3e3ee46722a1679f1f403475e40beef0b849082092202ffa5c
WebLife CMS suffers from a remote SQL injection vulnerability.
709bb5589b06fbb5733cc7479901b4ccf2e8568e0dc997680e6c166fa88f7bee
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
0154e0117391da9f265ff0a83bcd76a93f62d16f309e587ba789d69c8bbd8009
This Metasploit module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the administrator's password hash, the module updates the password to login as the admin to reach the second vulnerability. No server-side sanitization is done on values passed when configuring a static network interface. This allows an administrator user to run arbitrary commands in the context of the web application, which is root when configuring the network interface. This Metasploit module will inadvertently delete any other users that may have been present as a side effect of changing the admin's password.
dec69c75e7fc0e768a05e89693c7430eec2119658aa589cd230964ae4332340f
XCloner Standalone version 3.5 suffers from a cross site request forgery vulnerability.
7cff0b0c5062289d1c5503f87678d7e6b556fb49bac270e87ee36c051e96f8a0
This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.
68bcedd2a727967e92d3a342ff6f366dc236929be5c2a5f69dba9ed2c35f299a
Orbit Open Ad Server version 1.1.0 suffers from a remote SQL injection vulnerability.
14a316274072f518559f502c18206d4ed660b33f9595c21dbee1144b878ea2ed
OpenSSL TLS Heartbeat extension memory disclosure proof of concept. Expansion of the original exploit from Jared Stafford - this one supports multiple SSL/TLS versions.
eacf96cd5f65b639ffd1574293f581a43f690b7ab4f4237f23f7ea69179e7347
Trixbox version 2.8.0.4 suffers from a cross site scripting vulnerability.
ac5debdefb1713dc35b3a6547af2cb9057024a951ff7e65c23b7c5901c7dc96f
Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The router is vulnerable to an authentication bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions.
22949d840ab867cf6603792f10c2fe512c4dd7337b959b8e1cc56ae6e862bc96
QuickCms version 5.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
77eab728345f155d905fd86af5dad89e8d24897cf985afdf2915d8fa61b866c9
csUpload from cgiscript.net suffers from an authentication bypass vulnerability.
735e30938f02765f8496c0e66fc35e514faf5d375041331fcaf86ea5113eb8c6
This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This Metasploit module was created by reversing a public malware sample.
dc312c58b345cdc30586c860d412b91fcac1d29d8b039194c3e389f62ccf5683
This python script is a modification of the heartbleed proof of concept exploit that looks for cookies, specifically user sessions.
6be146c172695396122c8d40d4638e904f2ee1a827bd6f5062014ed22f051f9f