This module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and receipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. For more information refer to the 'data fields' section of the help menu in ActFax. This has been fixed in a beta version which wont be pushed to release until May 2013.
User input passed through the $_POST['shipping'] parameter is not properly sanitized before being used in an unserialize() call at line 521. This can be exploited to inject an arbitrary object into the application scope. For e.g. the destructor method of the 'Config' class could be abused.
The vulnerability is caused by missing input validation in the TimeToLive parameter and can be exploited to inject and execute arbitrary shell commands. It is possible to upload and execute a backdoor to compromise the device.
Cool PDF Reader 3.0.2.256 is vulnerable to a buffer overflow vulnerability. This vulnerability was discovered by Francis Provencher and reported to Secunia on 12-19-2012. Chris Gabriel also discovered the vulnerability and reported it to US-CERT on 11-20-2012. The vendor was emailed on 12-4-2012. The exploit was written by Chris Gabriel and tested on Windows XP SP3. The PoC is available at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24463.py.
Hiverr v2.2 is vulnerable to multiple vulnerabilities such as SQL Injections, Shell Upload and PHP Info Leak. An attacker can exploit these vulnerabilities to gain access to sensitive information, execute arbitrary code and upload malicious files on the server.
This module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
This PoC determines the password length of a local user who runs 'su -'. It is done thanks to the ptmx keystroke timing attack (CVE-2013-0160). It is tested on Debian 6.0.5 (kernel 2.6.32-5-amd64).
A vulnerability exists in Oracle Automated Service Manager 1.3.1 which allows a local user to gain root privileges during the installation process. The vulnerability is due to the insecure handling of temporary files in the /tmp directory. An attacker can exploit this vulnerability by creating a malicious crontab file and placing it in the /tmp directory. The malicious crontab file will be executed when the installation process is completed, granting the attacker root privileges.
Glossword 1.8.3 is vulnerable to SQL injection. To exploit this vulnerability, magic_quotes_gpc must be turned off on the server side. An exploit coded in AutoIT is available which can be used to send a fake SESSUID and fetch a valid SESSUID. This can be used to gain access to the admin account.
This module exploits a buffer overflow in the unique_service_name() function of libupnp's SSDP processor. The libupnp library is used across thousands of devices and is referred to as the Intel SDK for UPnP Devices or the Portable SDK for UPnP Devices. Due to size limitations on many devices, this exploit uses a separate TCP listener to stage the real payload.
Services By CQR