Lastest MorXploit:

Title Author Date
New! Exploit Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef 2014-09-12
New! Exploit Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef 2014-25-11
Exploit Incredible PBX remote command execution exploit Simo Ben youssef 2014-21-10
Exploit Fonality trixbox CE remote root exploit Simo Ben youssef 2014-17-10
Exploit Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) Simo Ben youssef 2014-17-10
Exploit Bash/cgi remote command execution exploit Simo Ben youssef 2014-26-09
Exploit Yahoo! Mail Captcha bypass/Brute force exploit Simo Ben youssef 2014-15-09
 Exploit Google Voice private number disclosure Simo Ben youssef 2014-04-04
Exploit Adobe Multiple Web Vulnerabilities exploit Simo Ben youssef 2014-27-03
 Exploit Kloxo remote root exploit Simo Ben youssef 2014-26-02
Paper Smashing Bitcoin BrainWallets for fun and profit! paper Simo Ben youssef 2014-30-01
 Exploit Zimbra file inclusion/Shell upload exploit Simo Ben youssef 2014-24-01
 Exploit Zimbra file inclusion/Admin account creation exploit Simo Ben youssef 2014-21-01

Latest CVE Feed:

  • CVE-2016-5005 (archiva) - Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
  • CVE-2016-4469 (archiva) - Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via
  • CVE-2016-4531 (factorytalk_energrymetrix) - Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
  • CVE-2016-4522 (factorytalk_energrymetrix) - SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
  • CVE-2016-1467 (videoscape_session_resource_manager) - Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813.
  • CVE-2016-1465 (nx-os) - Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985.