A stack-based buffer overflow in WECON LeviStudio HMI Editor allows an attacker to execute arbitrary code via crafted .UMP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The page served when the link is clicked will attempt to gather information about the browser version, operative system and browser plugins. Additionally an NTLM handshake will be attempted if the parameter Request NTLM auth is set to yes. Finally the victim will be redirected to the URL specified by Redirect to URL parameter.
The page served impersonates the given URL web page and its web forms. It will retrieve the information entered by the user in the web forms when it's submitted and redirect the user to the original web page. This information will be stored into the target's email entity. It also attempts to gather information about the browser version, operating system and browser plugins.
VX Search Enterprise is prone to a buffer-overflow vulnerability when handling a crafted packet, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
The application allows an attacker to specify a server to perform authentication. That server also allows to execute controlled SQL directly against the database. This module abuses of the previous vulnerabilities in order execute an agent as SYSTEM.
This module exploits a memory corruption vulnerability in the Linux kernel. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption that can be used by an attacker to escalate privileges.
This module exploits a zip file upload directory traversal in ATutor AContent to install an agent.
This module exploits a directory traversal arbitrary file upload in Schneider Electric U.Motion Builder to install an agent.
CMS Made Simple is prone to an OS command injection which allows attackers the execution of system commands.