This module exploits an unauthenticated remote command execution vulnerability in the discoveryd service exposed by HID VertX and Edge door controllers. The vulnerability allows an attacker to execute arbitrary commands on the target system. This module was tested successfully on a HID Edge model EH400 with firmware version 2.3.1.603 (Build 04/23/2012).
This module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller <= 2.7.18.0503 to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN is blank, USERNAME and PASSWORD will be used for authentication. An additional login request will be sent.
The MOSMediaLite451 script is vulnerable to remote file inclusion. The vulnerability allows an attacker to include and execute arbitrary files from a remote server by manipulating the 'mosConfig_absolute_path' parameter in various PHP files.
A malicious .wav file cause this vulnerability.
The wzdftpd 0.8.0 (USER) Remote Denial of Service vulnerability allows remote attackers to cause a denial of service (DoS) by sending a specially crafted USER command to the vulnerable server. This can result in an access violation, causing the server to crash.
This module exploits a stack buffer overflow in Boxoft WAV to MP3 Converter versions 1.0 and 1.1. By constructing a specially crafted WAV file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.
The vulnerability is found in the com_wmtportfolio component version 1.0 of Joomla. It allows an attacker to include a remote file by manipulating the 'mosConfig_absolute_path' parameter in the 'admin.wmtportfolio.php' file. This can lead to remote code execution on the server.
This module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.
This exploit allows an attacker to execute arbitrary code remotely without authentication in Dolibarr ERP CRM version 7.0.3 or below. By manipulating the 'db_name' parameter in the 'step1.php' page during the installation process, an attacker can inject malicious code and gain unauthorized access to the system.
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
Services By CQR