This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This […]
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
Pachev FTP Server 1.0 – Path Traversal
Tags:
0day,
remote exploit
qdPM 9.1 – Remote Code Execution
Tags:
0day,
remote exploit
BOOTP Turbo 2.0 – Denial of Service (SEH)(PoC)
Tags:
0day,
remote exploit
WordPress WP Fanzone theme version 3.1 suffers from a remote SQL injection vulnerability.
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation.
KeePass 2.44 – Denial of Service (PoC)
Tags:
0day,
remote exploit
Citrix XenMobile Server 10.8 – XML External Entity Injection
Tags:
0day,
remote exploit