Lastest MorXploit:

Title Author Date
New! Exploit Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Simo Ben youssef 2014-09-12
New! Exploit Slider Revolution/Showbiz Pro shell upload exploit Simo Ben youssef 2014-25-11
Exploit Incredible PBX remote command execution exploit Simo Ben youssef 2014-21-10
Exploit Fonality trixbox CE remote root exploit Simo Ben youssef 2014-17-10
Exploit Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) Simo Ben youssef 2014-17-10
Exploit Bash/cgi remote command execution exploit Simo Ben youssef 2014-26-09
Exploit Yahoo! Mail Captcha bypass/Brute force exploit Simo Ben youssef 2014-15-09
 Exploit Google Voice private number disclosure Simo Ben youssef 2014-04-04
Exploit Adobe Multiple Web Vulnerabilities exploit Simo Ben youssef 2014-27-03
 Exploit Kloxo remote root exploit Simo Ben youssef 2014-26-02
Paper Smashing Bitcoin BrainWallets for fun and profit! paper Simo Ben youssef 2014-30-01
 Exploit Zimbra file inclusion/Shell upload exploit Simo Ben youssef 2014-24-01
 Exploit Zimbra file inclusion/Admin account creation exploit Simo Ben youssef 2014-21-01

Latest CVE Feed:

  • CVE-2014-4626 - EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
  • CVE-2014-8006 - The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.
  • CVE-2014-6182 - Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
  • CVE-2014-4844 - The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.
  • CVE-2014-8248 - SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.
  • CVE-2014-8247 - Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.