This module exploits a stack-based buffer overflow in the Surgemail Server 3.x
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing SurgeMail Mail Server. The vulnerability is caused due to a boundary error within SurgeMail Mail Server. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module.
After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually root.
This module exploits a buffer overflow vulnerability in the Sun Web Server Webdav service when parsing OPTION requests. After successful exploitation an agent will be installed. The process being exploited is usually run as root.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software using Sunway Force Control SCADA. A stack based buffer overflow in the SNMP NetDBServer service of Sunway Forcecontrol is triggered when sending an overly long string to the listening service on port 2001. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Sunway Force Control SCADA. A buffer-overflow vulnerability affects the httpsvr.exe webserver included in the device. This issue occurs when handling an excessively large URI. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Steamcast. A boundary error can be exploited to cause a stack-based buffer overflow by sending a specially crafted GET HTTP request with an overly long path to the web server.
A buffer overflow vulnerability exists in the Private Communications Transport (PCT) protocol. Systems running any Microsoft SSL capable service are vulnerable.
After successful exploitation an agent will be installed. This agent will inherit the user identity and capabilities of the abused service, usually the super user, but in some configurations it might be that of any other user in the target system.
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting.