This module uses a documented security weakness to execute arbitrary commands on any system running distccd.
This module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module. For Microsoft Windows targets, due to module limitations, use the "unix/cmd/generic" payload and set CMD to your command. You can only pass a small amount of characters (4) to the command line on Windows.
FVWM is prone to a command execution vulnerability that allows an attacker to execute arbitrary commands on a vulnerable system. The fvwm-menu-directory component does not properly sanitize user input, allowing a user with write permissions to a directory to execute arbitrary commands.
SpeechD, a device-independent layer for speech synthesis under Linux, is vulnerable to a local command execution flaw. This vulnerability allows a local user to pass malicious commands to the /dev/speech device, which can be executed with the privilege level of the speechd user (usually root). An attacker can exploit this vulnerability by injecting malicious commands using the echo command and redirecting the output to /dev/speech.
A problem with the web server could allow a remote user to execute arbitrary commands, and potentially gain local access to the system. The problem is in the validation of URLs that have been encoded in hex. By encoding an URL in hex, it is possible to bypass any filtering for directory traversal, and execute arbitrary programs on the local system.
A vulnerability exists in Services for Unix 2.0 that allows a remote user to execute arbitrary commands on a target machine by crafting a URL with command line parameters to the telnet client. The telnet client initiates the logging of session information, allowing an attacker to write and execute arbitrary commands.
Alibaba Web Server fails to filter piped commands when executing cgi-scripts. This can be used to execute commands with the privileges of the web server process on a target machine.
This module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
This module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed to the PHP 'exec' command. In order to reach the vulnerable 'exec' call, the input must pass several validation steps. The vulnerabilities actually reside in the following functions: image_processor.php: rotate_image(...), include/imageObjectIM.class.php: imageObject::cropImage(...), include/imageObjectIM.class.php: imageObject::rotateImage(...), include/imageObjectIM.class.php: imageObject::resizeImage(...), include/picmgmt.inc.php: resize_image(...). NOTE: Use of the ImageMagick library is a non-default option. However, a user can specify its use at installation time.
This module exploits a vulnerability in the history component of TWiki. By passing a 'rev' parameter containing shell metacharacters to the TWikiUsers script, an attacker can execute arbitrary OS commands.
Services By CQR