Lastest MorXploit:

Title Author Date
New! Exploit Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef 2014-09-12
New! Exploit Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef 2014-25-11
Exploit Incredible PBX remote command execution exploit Simo Ben youssef 2014-21-10
Exploit Fonality trixbox CE remote root exploit Simo Ben youssef 2014-17-10
Exploit Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) Simo Ben youssef 2014-17-10
Exploit Bash/cgi remote command execution exploit Simo Ben youssef 2014-26-09
Exploit Yahoo! Mail Captcha bypass/Brute force exploit Simo Ben youssef 2014-15-09
 Exploit Google Voice private number disclosure Simo Ben youssef 2014-04-04
Exploit Adobe Multiple Web Vulnerabilities exploit Simo Ben youssef 2014-27-03
 Exploit Kloxo remote root exploit Simo Ben youssef 2014-26-02
Paper Smashing Bitcoin BrainWallets for fun and profit! paper Simo Ben youssef 2014-30-01
 Exploit Zimbra file inclusion/Shell upload exploit Simo Ben youssef 2014-24-01
 Exploit Zimbra file inclusion/Admin account creation exploit Simo Ben youssef 2014-21-01

Latest CVE Feed:

  • CVE-2016-4528 - Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
  • CVE-2016-4525 - Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.
  • CVE-2016-4519 - Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
  • CVE-2016-5723 - Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.
  • CVE-2016-5722 - OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.
  • CVE-2016-5709 - SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.