This module exploits a remote code execution vulnerability in HP Data Protector by sending a specially crafted EXEC_BAR user name request. The 32-bit version of Data Protector is the only one exploitable, however, in 64-bit operating systems, the installer will always choose the 64-bit version of the software.
The DefaultActionMapper class in Apache Struts 2 supports a Dynamic Method Invocation feature via the "method:" prefix. The information contained in this prefix is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server. This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework with the "struts.enable.DynamicMethodInvocation" configuration parameter in struts.xml set to True.
This module exploits an arbitrary file upload vulnerability in Advantech WebAccess. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload script allows unauthenticated callers to upload arbitrary code to directories in the server where the code can be automatically executed under the high-privilege context of the IIS AppPool. Authentication is not required to exploit this vulnerability.
Jenkins is prone to a remote vulnerability that allows attackers to take advantage of a deserialization vulnerability present in the XStream Java library. By exploiting known methods, it is possible to remotely load a ProcessBuilder Java class, which allows the execution of system commands.
The specific flaw exists within the implementation of the 0x13C83 opcode in the webvrpcs Service BwWebSvc.dll . A stack-based buffer overflow vulnerability exists in a call to sprint. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
A vulnerability exists in the FileUpload2Controller servlet. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
The specific flaw exists in fsws.exe (Easy Fila Sharing server) when handling specially crafted GET requests.
A vulnerability exists in the UploadServlet servlet. By providing a filename header containing a directory traversal, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution.
A vulnerability exists in the UploadFileAction servlet. By providing a fileType parameter of "*" to the UploadFileUpload page, an attacker can upload a file to an arbitrary location on the system. This module abuses the auto deploy feature in the server in order to achieve remote code execution. Also, this module makes use of an authentication bypass vulnerability to perform the attack.
The specific flaw exists within the implementation of the 0x280B opcode in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.