This module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".
The vulnerability allows an attacker to execute arbitrary code on the server by exploiting a parameter in the index.php file. The attacker can provide a malicious value for the 'rootpath' parameter, which is not properly validated or sanitized, allowing for remote code execution.
Kemana stores database backups using the Backup DB tool with a predictable file name inside the '/admin/backup' directory as '_Full Backup YYYYMMDD_1.sql' or '_Full Backup YYYYMMDD_1.gz', which can be exploited to disclose sensitive information by downloading the file. The '/admin/backup' is also vulnerable to directory listing by default.
The Linux and BSD LPR exploits are buffer overflow vulnerabilities that allow an attacker to execute arbitrary code with the privileges of the lpr daemon. The exploit code overflows a buffer in the lpr command, allowing the attacker to overwrite the return address and execute shellcode.
The WebBuilder version 2.0 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file using the 'GLOBALS[core][module_path]' parameter in the StageLoader.php file. This allows the attacker to execute arbitrary code on the affected system.
CUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local users may also exploit this vulnerability to elevate privileges. Successful remote exploits may require printer sharing to be enabled on the vulnerable system.
This exploit allows an attacker to include arbitrary files from remote servers.
The SIPS version 0.3.1 and earlier is vulnerable to remote file inclusion. The 'box.inc.php' file does not properly validate user input, which allows an attacker to include remote files and execute arbitrary code.
Nokia PC Suite is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition.
This module exploits a default hardcoded private SSH key or default hardcoded login and password in the vAPV 8.3.2.17 and vxAG 9.2.0.34 appliances made by Array Networks. After logged in as the unprivileged user, it's possible to modify the world writable file /ca/bin/monitor.sh with our arbitrary code. Execution of the arbitrary code is possible by using the backend tool, running setuid, to turn the debug monitoring on. This makes it possible to trigger our payload with root privileges.