This module exploits a buffer overflow vulnerability during the processing of requested resources to cause a stack-based buffer overflow by requesting a resource with an overly long name.
This module exploits a remote vulnerability in the TCPUploadServer service included in the Movicon 11 application to install an agent by writing and running an executable file.
An off-by-two heap overflow exists in ProFTPD 1.2.7 to 1.2.9rc1 and 1.2.7p to 1.2.9rc1p. This bug can only be exploited if there is a writable directory on the FTP server. This module uses two different techniques in order to exploit the bug, depending on the glibc version (new glibc versions use a modified malloc implementation). Once the bug has been exploited, full root capabilities are regained (chroot can therefore be broken thanks to the appropriate module).
The vulnerability is caused due to a boundary error while reading Telnet IAC. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted telnet IAC to the affected server.
ProFTPD is prone to an remote buffer-overflow vulnerability. This issue is due to an off-by-one error, allowing attackers to corrupt memory. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the server application, facilitating the compromise of affected computers. ProFTPD versions prior to 1.3.0a are vulnerable to this issue. The FTP server will remain active after a successful exploitation. Exploitation requires a valid user or anonymous account, with a writable directory. If a anonymous account is used, the agent will be in a chrooted environment and a shell can't be executed in this state. The "DisplayFirstChdir .message" option must be present for the user account in the proftpd.conf file (this is the default). After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the ftp server. However, the euid (as opposite to the uid) of the agent may be not that of the super user (usually is "nobody"). By using the setuid module (see setuid module documentation), the user id will be changed to zero (root) and the upgrade will be possible.
A backdoor introduced by attackers allows unauthenticated users remote root access to systems which run the maliciously modified version of the ProFTPD daemon.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Procyon Core Server. A remote user can send specially crafted data to TCP port 23 to trigger a stack overflow and execute arbitrary code on the target system.
The DBA Management Server component of EnterpriseDB Postgres Plus Advanced Server does not restrict access to the underlying JBoss JMX Console. This can be abused by remote, unauthenticated attackers to execute arbitrary code on the vulnerable server. This module uploads an arbitrary .WAR application to the target in order to deploy an agent on it. On Windows targets, the deployed agent will run with SYSTEM privileges.
PoPToP PPTP server before 1.1.4-b3 allows remote attackers to execute code via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
This module exploits a remote command execution vulnerability in the Zope web application server used by Plone, by sending a specially crafted HTTP request to the affected web site. The vulnerability exists because it is possible to remotely invoke the popen2 function from the Python os package with arbitrary arguments in the context of the affected server. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the target machine.