Lastest MorXploit:

Title Author Date
New! Exploit Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef 2014-09-12
New! Exploit Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef 2014-25-11
Exploit Incredible PBX remote command execution exploit Simo Ben youssef 2014-21-10
Exploit Fonality trixbox CE remote root exploit Simo Ben youssef 2014-17-10
Exploit Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) Simo Ben youssef 2014-17-10
Exploit Bash/cgi remote command execution exploit Simo Ben youssef 2014-26-09
Exploit Yahoo! Mail Captcha bypass/Brute force exploit Simo Ben youssef 2014-15-09
 Exploit Google Voice private number disclosure Simo Ben youssef 2014-04-04
Exploit Adobe Multiple Web Vulnerabilities exploit Simo Ben youssef 2014-27-03
 Exploit Kloxo remote root exploit Simo Ben youssef 2014-26-02
Paper Smashing Bitcoin BrainWallets for fun and profit! paper Simo Ben youssef 2014-30-01
 Exploit Zimbra file inclusion/Shell upload exploit Simo Ben youssef 2014-24-01
 Exploit Zimbra file inclusion/Admin account creation exploit Simo Ben youssef 2014-21-01

Latest CVE Feed:

  • CVE-2016-6369 - Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
  • CVE-2016-5681 - Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie
  • CVE-2016-5673 - UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number.
  • CVE-2016-4657 - WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
  • CVE-2016-4656 - The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
  • CVE-2016-4655 - The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.