The Pagent service component of Panda Security for Business is prone to a path traversal vulnerability when handling MESSAGE_FROM_REMOTE packets. This vulnerability can be exploited by remote unauthenticated attackers to drop arbitrary files in the vulnerable machine in order to gain remote code execution with SYSTEM privileges.
Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.
This module exploits a vulnerability in Oracle WebLogic IIS Connector when sending a specially crafted POST message with a specially JSESSIONID cookie.
This module exploits a vulnerability in Oracle Secure Backup when sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet.
This module exploits a command injection error in the Oracle Secure Backup Administration server. The error is located on the exec_qr function, called from the login.php page.
This module exploits an authentication bypass in the login.php in vulnerable versions of Oracle Secure Backup in order to execute arbitrary code via command injection parameters.
The Administration Console of Oracle GlassFish Server is prone to a authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable server. This module will create a backdoor administrator account in the Administration Console of Oracle GlassFish and then deploy a .WAR application in order to install an agent on the target server.
One of the vulnerabilities allows remote attackers writing to the host filesystem on vulnerable installations of software utilizing Oracle Forms and Reporting.
This module exploits a buffer overflow when parsing the password used to authenticate a connection via HTTP services.
This module exploits a buffer overflow in the UNLOCK command of the Oracle 9i Database FTP XDB service.