This module exploits a zip file upload directory traversal in ATutor AContent to install an agent.
This module exploits a directory traversal arbitrary file upload in Schneider Electric U.Motion Builder to install an agent.
CMS Made Simple is prone to an OS command injection which allows attackers the execution of system commands.
This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word parses SOAP WSDL links. It is possible to open a RTF file and execute arbitrary code in vulnerable installations of Microsoft Office Word.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Fuji Electric Monitouch is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted.v8 document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A vulnerability exists in the way RAT Gh0st Controller Server process a remote request. The vulnerability is caused due to a boundary when handling network messages and can be exploited to cause a buffer overflow via a specially crafted packet sent to the server.
Eaton ELCSoft is prone to a heap-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .EPC document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A heap overflow in the ActiveX control nvA1Media.ocx in Advantech WebAccess allows remote attackers to execute arbitrary code via a crafted argument to the Caption method. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The specific flaw exists within the parsing of a pm3 project file. A heap-based buffer overflow vulnerability exists in a call to memcpy. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.