This module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Sun Solaris up to and including 8.0. This module uses a technique discovered by Dino Dai Zovi to exploit the flaw without needing to know the resolved name of the attacking system.
This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
This module can be used to execute a payload on JBoss servers that have an exposed 'jmx-console' application. The payload is put on the server by using the jboss.system:MainDeployer functionality. To accomplish this, a temporary HTTP server is created to serve a WAR archive containing our payload. This method will only work if the target server allows outbound connections to us.
This module can be used to execute a payload on Apache Tomcat servers that have an exposed 'manager' application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request.
This module uses the DeploymentFileRepository class in JBoss Application Server (jbossas) to deploy a JSP file in a minimal WAR context.
This module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.
This module exploits a buffer overflow in Sun Java Web Server prior to version 7 Update 8. By sending an 'OPTIONS' request with an overly long path, attackers can execute arbitrary code. In order to reach the vulnerable code, the attacker must also specify the path to a directory with WebDAV enabled.
This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL to the exec_raw.php page, an attacker may be able to execute arbitrary commands.
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
This module exploits a format string vulnerability in versions of the Washington University FTP server older than 2.6.1. By executing specially crafted SITE EXEC or SITE INDEX commands containing format specifiers, an attacker can corrupt memory and execute arbitrary code.
Services By CQR