This Metasploit module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well as version 5.2 with either no patches or patches 1 and 2 are vulnerable.
54d55302d775461d1e6cfd871c69962a2b4788c6fb30a2e6b1ec87e240d2d030
This Metasploit module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS versions equal to and prior to 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in order to extract the "Auto Login" password hash. If this value is not set, the module will then extract the administrator account's MD5 password hash.
fc913d99854d2c8194e4f3b46434494278885d559958fa670ed923151a77b005
This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced back in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014 (before the patch).
85541f060fdc844f7022ba1f1028c17d0836c505b9c83aa7c8c91868e0d21f22
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.
43e33eef7564de8ef7460b90f5eacf0b5e096e9067163c4790e0950c800b1b87
This Metasploit module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as 'rdrf' or 'dref' in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the user.
15145b2469bd29030e19b5448ca2e224d6efff120fdd50fb770f210db2a4b736
JSPWiki version 2.4.103 and 2.5.139 suffer from cross site scripting vulnerabilities.
830bba8e9a39e88c8c76e32e4b6ecaf452aa7f56f2e0051c18edb4cf2f3e2509