Showing 1 - 8 of 8

Files Date: 2014-09-29 to 2014-09-30

Bacula-web 5.2.10 SQL Injection: Posted Sep 29, 2014; Authored by wishnusakti; Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, web, sql injection; SHA-256 | 8521ccbd84f8d2b97a8e8662f43056c2baefd4521bdf1a0434f2258ddfd95c17; Download | Favorite | View

ManageEngine OpManager / Social IT Arbitrary File Upload: Posted Sep 29, 2014; Authored by Pedro Ribeiro | Site metasploit.com; This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.; tags | exploit, file upload; systems | linux, windows; advisories | CVE-2014-6034; SHA-256 | e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73b; Download | Favorite | View

ManageEngine Code Execution / File Deletion: Posted Sep 29, 2014; Authored by Pedro Ribeiro; ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.; tags | exploit, remote, arbitrary, vulnerability, code execution, file inclusion; advisories | CVE-2014-6034, CVE-2014-6035, CVE-2014-6036; SHA-256 | 375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70; Download | Favorite | View

AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling: Posted Sep 29, 2014; Authored by indoushka; AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | f47761659053ee4c4dd3cdb085e36ec23e26920bfc02e9ec2dd44de4b627b3c5; Download | Favorite | View

WordPress Users Ultra 1.3.37 SQL Injection: Posted Sep 29, 2014; Authored by XroGuE; WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.; tags | exploit, remote, sql injection; SHA-256 | 83da12e41fe8a52bf90f4d659a6a4eb3c4147e951cc5121e09d3c3df702d14ea; Download | Favorite | View

Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass: Posted Sep 29, 2014; Authored by sickness, ryujin; Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 5.0 bypass exploit that leverages the issue outlined in MS12-037.; tags | exploit, bypass; advisories | CVE-2012-1876; SHA-256 | 876b8cd7e67c79c669947885b557203c13c38a1e58f07a2be3d86ba1ee061f95; Download | Favorite | View

GNU Bash 4.3 Command Injection: Posted Sep 29, 2014; Authored by Juan Sacco; ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.; tags | exploit, bash; advisories | CVE-2014-6271; SHA-256 | 142c835b75cbe04a6ca350ec7bb8fea228669c18def84dd5d24a93513e005852; Download | Favorite | View

Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure: Posted Sep 29, 2014; Authored by Nate Power | Site metasploit.com; This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.; tags | exploit, web, info disclosure; SHA-256 | 9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days