This module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.
This module uses a documented security weakness to execute arbitrary commands on any system running distccd.
This module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module. For Microsoft Windows targets, due to module limitations, use the "unix/cmd/generic" payload and set CMD to your command. You can only pass a small amount of characters (4) to the command line on Windows.
OpenDcHub doesn't handle specially crafted MyINFO message which lead to a stack overflow.
This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands.
This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution.
Under some circumstances, it may be possible to disclose the contents of directories. By passing a malicious request to the viewtopic.php script, UPB may return a listing of the directory. This could be further refined to disclose the contents of selected files.
Emumail, an open source web mail application, may reveal sensitive configuration information under certain conditions. When unexpected characters are inserted into certain fields in web mail forms, the form generates an error. The error page returned may contain the directory to the web root on the Emumail server.
The Gender Mod for phpBB2 allows a remote user to manipulate the SQL statement used to update their user profile, potentially gaining administrative access to the system.
The IRCIT client is vulnerable to a remote buffer overflow vulnerability. When an INVITE message is received, the supplied from user data is copied into a fixed buffer of length MAXHOSTLEN. A maliciously formatted message can overflow this buffer and execute arbitrary code.
Services By CQR