Lastest MorXploit:

Title Author Date
New! Exploit Google Voice private number disclosure Simo Ben youssef 2014-04-04
New! Exploit Adobe Multiple Web Vulnerabilities exploit Simo Ben youssef 2014-27-03
New! Exploit Kloxo remote root exploit Simo Ben youssef 2014-26-02
New! Paper Smashing Bitcoin BrainWallets for fun and profit! paper Simo Ben youssef 2014-30-01
 Exploit Zimbra file inclusion/Shell upload exploit Simo Ben youssef 2014-24-01
 Exploit Zimbra file inclusion/Admin account creation exploit Simo Ben youssef 2014-21-01
Tool MorXAntiRE v1.5 Anti reverse code engineering and dynamic analysis tool Ayoub Faouzi 2013-28-12
Updated! Exploit Cisco Linksys CSRF password change exploit Simo Ben youssef 2013-12-12
 Tool MorXCrack v1.2: Multi-Algorithm/CMS password cracking tool Simo Ben youssef 2013-15-11
Tool MorXBrute v1.01 Beta: HTTP password cracking tool Simo Ben youssef 2013-08-11
 Exploit PHP + Apache remote code execution exploit Simo Ben youssef 2013-03-11
Exploit vBulletin remote admin injection exploit Simo Ben youssef 2013-18-09
Tool MorxBook: Facebook dictionary-attack based tool Simo Ben youssef 2013-17-04


Latest CVE Feed:

  • CVE-2014-5247 - The _UpgradeBeforeConfigurationChange function in lib/client/ in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.
  • CVE-2014-5073 - vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
  • CVE-2014-5119 - Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
  • CVE-2014-5147 - Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
  • CVE-2014-2390 - Cross-site request forgery (CSRF) vulnerability in the User Management module in McAfee Network Security Manager (NSM) before 7.1.5.x before, 7.1.15.x before, 7.5.x before, and 8.x before allows remote attackers to hijack the authentication of users for requests that modify user accounts via unspecified vectors.
  • CVE-2010-5110 - in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.