Lastest MorXploit:

Title Author Date
New! Exploit Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef 2014-09-12
New! Exploit Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef 2014-25-11
Exploit Incredible PBX remote command execution exploit Simo Ben youssef 2014-21-10
Exploit Fonality trixbox CE remote root exploit Simo Ben youssef 2014-17-10
Exploit Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) Simo Ben youssef 2014-17-10
Exploit Bash/cgi remote command execution exploit Simo Ben youssef 2014-26-09
Exploit Yahoo! Mail Captcha bypass/Brute force exploit Simo Ben youssef 2014-15-09
 Exploit Google Voice private number disclosure Simo Ben youssef 2014-04-04
Exploit Adobe Multiple Web Vulnerabilities exploit Simo Ben youssef 2014-27-03
 Exploit Kloxo remote root exploit Simo Ben youssef 2014-26-02
Paper Smashing Bitcoin BrainWallets for fun and profit! paper Simo Ben youssef 2014-30-01
 Exploit Zimbra file inclusion/Shell upload exploit Simo Ben youssef 2014-24-01
 Exploit Zimbra file inclusion/Admin account creation exploit Simo Ben youssef 2014-21-01

Latest CVE Feed:

  • CVE-2016-4349 - Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.
  • CVE-2016-1389 - Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.
  • CVE-2016-1386 - The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.
  • CVE-2016-1205 - Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
  • CVE-2016-0211 - IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.
  • CVE-2016-3672 - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.