Windows NDProxy Privilege Escalation XP SP3 x86 and 2003 SP2 x86 (MS14-002) Exploit

NDPROXY is a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces TAPI services. The vulnerability is caused when the NDProxy.sys kernel component fails to properly validate input. An attacker wh...

Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002)

/ Exploit Title: Windows NDProxy Privilege Escalation MS14-002 Date: 2015-08-03 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows XP SP3 x86 Windows XP SP2 x86-64 Windows 2003 SP2 x86 Windows 2003 SP2 x86-64 Windows 2003 SP2 IA-64 Supported vulnerable software: Windows XP SP3 x86...

Symantec Endpoint Protection Manager Authentication Bypass and Code Execution

This module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution...

ZebOS routing remote shell service enabled

...

Poet - A simple Post-Exploitation Tool

The client program runs on the target machine and is configured with an IP address the server to connect to and a frequency to connect at. If the server isn't running when the client tries to connect, the client quietly sleeps and tries again at the next interval. If the server is running however...

Many Drug Pumps Open to Variety of Security Flaws

In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to call the pump “the least secure IP enabled device I’ve ever touched in my life.” As it turns out, those same vulnerabilities...

WordPress Amerisale Re Plugin - Remote Shell Upload

This plugin is prone to a remote shell upload vulnerability. Solution Update the plugin...

WordPress FCKeditor Deans With Pwwangs Code Plugin <= 1.0.0 - Remote Shell Upload

This plugin is prone to remote shell upload vulnerability. Solution Update the plugin...

EMC M&R (Watch4net) - Credential Disclosure Vulnerability

It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Abstract It was discovered that EMC M&R Watch4net...

EMC MR (Watch4net) - Credential Disclosure

EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...

EMC M&amp;R (Watch4net) - Credential Disclosure

Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affected products EMC reports that the following...

ElasticSearch Unauthenticated Remote Code Execution Exploit

Exploit for linux platform in category remote exploits !/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set...

RStickets! 1.0.0 Remote Shell Upload

RStickets! RSTickets!" is no longer sold / developed POC: Upload shell.php.zip from the form and the shell will be uploaded to the server on this path components/comrstickets/files/ and it will be executable May be another versions are vulnerable also to the same vulnerability = XSS In name...

RSform!Pro 1.3.0 Remote Shell Upload

RSform!Pro There is a reflected XSS Vulnerability in the form .. Birthdate parameter alert1337...

BMC TrackIt! 11.3 Unauthenticated Local User Password Change

BMC TrackIt! 11.3 Unauthenticated Local User Password Change Trial available here: http://www.trackit.com A Metasploit pull request has been made here: https://github.com/rapid7/metasploit-framework/pull/4359 BMC TrackIt! 11.3 when installed with TrackItWeb! allows an unauthenticated user to chan...

Drupal HTTP Parameter Key/Value SQL Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Drupal HTTP Parameter Key/Value SQL Injection', 'Description' = %q This module exploits the Drupal HTTP Parameter Key/Value SQL...

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

Drupal HTTP Parameter Key/Value SQL Injection

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. Two methods are available to trigger the PHP payload on the target: - set...

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability &#40;CVE-2014-5460&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website administrator by default. I have tested and verified that having the current version of the...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Python !/usr/bin/env python WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability CVE-2014-5460 Vulnerability discovered by: Jesus...