News

[Metasploit] FreeSWITCH Event Socket Command Execution exploit[2019-11-03]

[Metasploit] FusionPBX Command exec.php Command Execution exploit[2019-11-02]

[Metasploit] FusionPBX Operator Panel exec.php Command Execution exploit[2019-11-02]

[Metasploit] rConfig install Command Execution exploit[2019-10-30]

[Metasploit] Solaris xscreensaver log Privilege Escalation exploit[2019-10-21]

[Metasploit] ThinVNC Directory Traversal auxiliary module[2019-10-17]

[Metasploit] ktsuss suid Privilege Escalation exploit[2019-08-19]

[Metasploit] Xymon useradm Command Execution exploit[2019-07-03]

[Metasploit] Xymon Daemon Gather Information auxiliary module[2019-06-30]

[Metasploit] Serv-U FTP Server prepareinstallation Privilege Escalation exploit[2019-06-29]

[Metasploit] FreeBSD rtld execl() Privilege Escalation exploit[2019-05-03]

[Metasploit] ptrace Sudo Token Privilege Escalation exploit[2019-05-01]

[Metasploit] ABRT sosreport Privilege Escalation exploit[2019-04-20]

[Metasploit] SystemTap MODPROBE_OPTIONS Privilege Escalation exploit[2019-04-19]

[Metasploit] elFinder PHP Connector exiftran Command Injection exploit module[2019-03-09]

[Metasploit] Evince CBT File Command Injection module exploit[2019-02-03]

[Metasploit] AddressSanitizer (ASan) SUID Executable Privilege Escalation exploit[2019-01-12]

[Metasploit] blueman set_dhcp_handler D-Bus Privilege Escalation exploit[2018-12-24]

[Metasploit] FreeBSD 8.3 / 9.0 Intel SYSRET Privilege Escalation exploit[2018-12-18]

[Metasploit] Linux Nested User Namespace idmap Limit Local Privilege Escalation exploit[2018-11-21]

[Metasploit] Solaris RSH Stack Clash Privilege Escalation exploit[2018-09-19]

[Metasploit] Solaris 'EXTREMEPARR' dtappgather Privilege Escalation exploit[2018-09-18]

[Metasploit] Solaris libnspr NSPR_LOG_FILE Privilege Escalation exploit[2018-09-11]

[Metasploit] Network Manager VPNC Username Privilege Escalation exploit[2018-08-19]

[Metasploit] QNAP Q'Center change_passwd Command Execution exploit[2018-07-13]

[Metasploit] Quest KACE Systems Management Command Injection exploit[2018-06-22]

[Metasploit] HID discoveryd command_blink_on Unauthenticated RCE exploit[2018-05-03]

[Metasploit] HID discoveryd Information Discovery auxiliary module[2018-05-02]

[Metasploit] glibc 'realpath()' Privilege Escalation exploit[2018-05-27]

[Metasploit] Sudo Commands post module[2018-05-15]

[Metasploit] AF_PACKET chocobo_root Privilege Escalation exploit[2018-05-07]

[Metasploit] Reliable Datagram Sockets (RDS) Privilege Escalation exploit[2018-05-03]

[Metasploit] AF_PACKET packet_set_ring Privilege Escalation exploit[2018-04-28]

[Metasploit] Libuser roothelper Privilege Escalation exploit[2018-04-24]

[Metasploit] lastore-daemon D-Bus Privilege Escalation exploit[2018-03-25]

[Metasploit] ifwatchd Privilege Escalation exploit[2018-03-23]

[Metasploit] MagniComp SysInfo mcsiwrapper Privilege Escalation exploit[2018-02-06]

[Metasploit] glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation exploit[2018-01-28]

[Metasploit] glibc $ORIGIN Expansion Privilege Escalation exploit[2018-01-27]

[Metasploit] ABRT raceabrt Privilege Escalation exploit[2018-01-17]

[Metasploit] Juju-run Agent Privilege Escalation exploit[2018-01-14]

[Metasploit] Apport / ABRT chroot Privilege Escalation exploit[2018-01-12]

[Metasploit] HPE iMC dbman RestoreDBase Unauthenticated RCE exploit[2018-01-05]

[Metasploit] HPE iMC dbman RestartDB Unauthenticated RCE exploit[2018-01-05]

[SSRF Proxy] SSRF Proxy version 0.0.4 released[2017-12-22]

[Metasploit] WS-Discovery Information Discovery auxiliary module[2017-11-29]

[Metasploit] ASUS infosvr Unauthenticated Command Execution exploit[2017-11-28]

[Metasploit] ASUS infosvr Scanner auxiliary module[2017-11-28]

[Metasploit] QNAP Transcode Server Command Execution exploit[2017-08-13]

[Metasploit] TeamTalk Gather Credentials auxiliary module[2017-07-25]

[Metasploit] Asterisk Gather Credentials auxiliary module[2017-07-23]

[Metasploit] Gather PDF Authors auxiliary module[2017-07-07]

[Metasploit] Metasploit RPC Console Command Execution exploit[2017-07-05]

[Metasploit] VMware Workstation ALSA Config File Local Privilege Escalation exploit[2017-06-18]

[Metasploit] SurgeNews User Credentials scanner[2017-06-17]

[Metasploit] NNTP Login Utility scanner[2017-06-16]

[Metasploit] ProcessMaker Plugin Upload exploit[2017-06-10]

[Metasploit] IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution[2017-05-31]

[Metasploit] ScadaBR Credentials Dumper auxiliary module[2017-05-28]

[Metasploit] VICIdial user_authorization Unauthenticated Command Execution exploit[2017-05-27]

[Metasploit] Serviio Media Server checkStreamUrl Command Execution exploit[2017-05-05]

[PegaScan] PegaScan 0.0.1 released[2017-05-05]

[BeEF] Detect Software module[2017-04-10]

[Metasploit] Windows Gather DynaZIP Saved Password Extraction post module[2017-02-23]

[Metasploit] MVPower DVR Shell Unauthenticated Command Execution exploit[2017-02-22]

[BeEF] Invisible HTMLFile ActiveX persistence module[2017-02-22]

[BeEF] Hijack Opener persistence module[2016-09-02]

[BeEF] Mapping your LAN from a web browser: Introducing the Network extension for BeEF[2016-06-08]

[SSRF Proxy] SSRF Proxy version 0.0.3 released[2016-05-29]

[BeEF] Text to Voice module[2016-05-14]

[Ruby Advisory Database] festivaltts4r Gem for Ruby Arbitrary Command Execution[2016-05-07]

[Ruby Advisory Database] espeak-ruby Gem for Ruby Arbitrary Command Execution[2016-05-07]

[Metasploit] Dell Kace K1000 unauthenticated remote root exploit[2016-04-13]

[Metasploit] D-Link DCS-931L File Upload exploit[2016-01-04]

[Metasploit] Snare Lite for Windows Registry Access post module[2015-12-29]

[Metasploit] EasyCafe Server Remote File Access exploit[2015-12-27]

[SSRF Proxy] SSRF Proxy version 0.0.2 released[2015-11-14]

[BeEF] Get Proxy Servers (WPAD) module[2015-11-14]

[LiferayScan] LiferayScan 0.0.1 released[2015-08-01]

[Metasploit] ProjectSend Arbitrary File Upload exploit[2014-12-23]

[Metasploit] ActualAnalyzer 'ant' Cookie Command Execution exploit[2014-12-07]

[BeEF] Shell Shock Scanner (Reverse Shell) module[2014-10-30]

[Metasploit] CUPS Filter Bash Environment Variable Code Injection exploit[2014-10-20]

[Metasploit] ManageEngine DeviceExpert User Credentials auxiliary module[2014-09-19]

[Metasploit] HybridAuth install.php PHP Code Execution exploit[2014-08-17]

[Metasploit] SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write exploit[2014-02-25]

[Metasploit] DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials auxiliary module[2014-02-04]

[Metasploit] Windows Gather SmarterMail Password Extraction post module[2014-02-02]

[Metasploit] Simple E-Document Arbitrary File Upload exploit[2014-01-24]

[BeEF] Redis inter-protocol module[2014-01-08]

[Metasploit] OpenSIS 'modname' PHP Code Execution exploit[2013-12-09]

[Metasploit] Kimai v0.9.2 'db_restore.php' SQL Injection exploit[2013-11-23]

[Metasploit] ProcessMaker Open Source Authenticated PHP Code Execution exploit[2013-10-29]

[Metasploit] Open Flash Chart v2 Arbitrary File Upload exploit[2013-10-24]

[Metasploit] WebTester 5.x Command Execution exploit[2013-10-17]

[Metasploit] VMware Hyperic HQ Groovy Script-Console Java Execution exploit[2013-10-10]

[Metasploit] FlashChat Arbitrary File Upload exploit[2013-10-05]

[Metasploit] MiniWeb (Build 300) Arbitrary File Upload exploit[2013-08-14]

[Metasploit] Open-FTPD 1.2 Writable Directory Traversal Execution exploit[2013-08-12]

[Metasploit] Glossword Arbitrary File Upload Vulnerability exploit[2013-02-24]

[Metasploit] Kordil EDMS File Upload Vulnerability exploit[2013-02-22]

[Advisory] IPCop v2.x multiple vulnerabilities[2013-01-24]

[Metasploit] ZoneMinder Arbitrary Command Execution exploit[2013-01-22]

[Advisory] ZoneMinder Video Server arbitrary command execution vulnerability[2013-01-22 11:59 PM]

[Metasploit] php-Charts v1.0 PHP Code Execution exploit[2013-01-20]

[Metasploit] eXtplorer v2.1 Authentication Bypass exploit[2012-12-30]

[Advisory] eXtplorer v2.1 authentication bypass vulnerability[2012-12-31 1:09 AM]

[Advisory] MBLogic HMIServer Directory Traversal vulnerability[2012-12-17 7:09 AM]

[Metasploit] QNX QCOMM Command Execution exploit[2012-09-30]

[Metasploit] ZEN Load Balancer Filelog Command Execution exploit[2012-09-21]

[Advisory] ZEN Load Balancer v2.0 and v3.0-rc1 multiple vulnerabilities[2012-09-21 9:16 PM]

[Metasploit] Openfiler v2.x NetworkCard Command Execution exploit[2012-09-09]

[Metasploit] WANem v2.3 Command Execution exploit[2012-09-08]

[Advisory] Openfiler v2.x multiple vulnerabilities[2012-09-06 9:16 PM]

[Advisory] SugarCRM Community Edition 6.5.2 (Build 8410) multiple vulnerabilities[2012-08-30 6:11 PM]

[Metasploit] TestLink v1.9.3 Arbitrary File Upload exploit[2012-08-13]

[Advisory] TestLink 1.9.3 multiple vulnerabilities[2012-08-13 05:42 PM]

[Advisory] WANem v2.3 multiple vulnerabilities[2012-08-12 02:02 PM]

[Advisory] QLogic SANsurfer FC HBA Manager 5.0.1 build 31 Directory Traversal vulnerability[2012-08-05 11:34 PM]

[Advisory] Fizmez Web Server <= 1.3 Directory Traversal vulnerability[2012-08-05 11:34 PM]

[Advisory] Zenoss 3.2.1 multiple security vulnerabilities[2012-07-30 02:42 AM]

[Metasploit] Zenoss 'showDaemonXMLConfig' Command Execution exploit[2012-07-29]

[Metasploit] CuteFlow v2.11.2 Arbitrary File Upload exploit[2012-07-27]

[Advisory] CuteFlow 2.11.2 multiple security vulnerabilities[2012-07-01 10:19 PM]

[Metasploit] TFM MMPlayer (m3u/ppl File) Buffer Overflow exploit[2012-06-13]

[Research] ActiveX, Remote DoS and XSS[2012-04-13 11:23 AM]

[Research] Privilege escalation and remote inter-protocol exploitation with EXTRACT 0.5.1[2011-12-16 1:37 AM]

[Research] Abusing browser news URL handlers[2011-09-18 11:00 AM]

[Advisory] ActivDesk 3.0 multiple security vulnerabilities[2011-06-24 3:00 AM]

[Advisory] iSupport 1.8 SQL Injection Vulnerability[2011-06-23 3:50 PM]

[Advisory] BrewBlogger 2.3.2 multiple security vulnerabilities[2011-06-23 9:30 AM]

[Advisory] iGiveTest 2.1.0 SQL Injection Vulnerability[2011-06-22 3:50 AM]

[Research] Bitcoin - fun, profit and anonymity on the wire - part 1[2011-05-20 8:48 PM]

[Advisory] DoceboLMS 4.0.4 multiple security vulnerabilities[2011-03-27 7:15 PM]

[Advisory] Cachelogic Expired Domains Script 1.0 multiple security vulnerabilities[2011-03-24 5:18 PM]

[Advisory] rightscripts.com Extract Website Script Local File Inclusion Vulnerability[2010-12-27 7:00 AM]

[Advisory] InDoors Software InDoorsLogger 7.7 multiple security vulnerabilities[2010-12-27 7:00 AM]

[Advisory] phpRechnung 1.6 RC2 multiple security vulnerabilities[2010-12-17 11:55 AM]

[Advisory] thERP multiple security vulnerabilities[2010-11-23 3:20 AM]

[Advisory] newswall 1.05 multiple security vulnerabilities[2010-11-22 5:20 PM]

[Advisory] MonoQL 0.1a multiple security vulnerabilities[2010-11-22 3:00 AM]

[Advisory] Dolibarr ERP CRM 3.0.0-alpha multiple security vulnerabilities[2010-11-21 9:00 PM]

[Advisory] Webmedia Explorer 6.13.2 multiple security vulnerabilities[2010-11-13 8:30 PM]

[Advisory] Truworth PHP Invoice Software 2.1 multiple vulnerabilities[2010-11-13 8:20 PM]

[Advisory] Truworth Online Time Sheet 2.1 Authentication Bypass vulnerability[2010-11-13 8:20 PM]

[Tools] WhatWeb.net created[2010-09-19]

[Advisory] QNAP TS-239 Firmware 3.3.1 Build 0720T - multiple vulnerabilities[2010-08-04 5:42 PM]

[Research] Fingerprinting Browsers Using Protocol Handlers[2010-03-29 11:53 PM]

[Advisory] Wordpress 2.7.1 multiple minor vulnerabilities[2009-05-07 02:09 AM]

[Advisory] Belkin Broadband Voice Modem/Router - wireless 4 port - F1PI242EGau multiple vulnerabilities[2009-05-04 01:57 AM]

[Research] Escalating Wordpress 2.6 search XSS to arbitrary file upload[2008-08-27 00:00]