Omni-NFS Enterprise is a suite of network related tools, including an FTP Server. That server is vulnerable to stack-based buffer overflow caused by malicious FTP requests, and this module exploits that vulnerability in order to install an agent on the target machine.
After successful exploitation an agent will be deployed with the privileges of the NTP daemon (usually root)
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway. The vulnerability is caused due to a boundary error within Now SMS MMS Gateway web interface which listens on port 8800 and allows the users to use the gateway for sending various types of messages. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the web interface. Authentication is not required to exploit this vulnerability.
This module exploits a vulnerability in the Novell ZENworks Mobile Management application by injecting code in the PHP session file and leveraging a Local File Inclusion in mdm.php to execute the injected PHP code. The agent installed by this exploit will run with the privileges of the "IUSR" user.
A remote code execution vulnerability in the UploadServlet component of Novell ZENworks Configuration Management allows remote attackers to execute arbitrary code. This module uploads an arbitrary .WAR file on the target in order to deploy an agent on it.
This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP.
This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP.
This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP.
This module exploits a path traversal vulnerability in Novell ZENworks Asset Management. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location.
This module exploits a path traversal vulnerability in Novell ZENworks Asset Management. The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension.