This exploit abuses an integer overflow condition present in sshd's authentication for bsdauth and skey authentication modes. After successful exploitation an agent will be deployed. The agent will be installed with root privileges. Tests performed in our lab required up to 1 hour to find the needed address in the raw brute forcing mode.
The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server.
Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution.
Omni-NFS Enterprise is a suite of network related tools, including an NFS Server. That server is vulnerable to stack-based buffer overflow caused by malicious NFS requests, and this module exploits that vulnerability in order to install an agent on the target machine.
Omni-NFS Enterprise is a suite of network related tools, including an FTP Server. That server is vulnerable to stack-based buffer overflow caused by malicious FTP requests, and this module exploits that vulnerability in order to install an agent on the target machine.
After successful exploitation an agent will be deployed with the privileges of the NTP daemon (usually root)
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the web interface of Now SMS MMS Gateway. The vulnerability is caused due to a boundary error within Now SMS MMS Gateway web interface which listens on port 8800 and allows the users to use the gateway for sending various types of messages. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the web interface. Authentication is not required to exploit this vulnerability.
This module exploits a vulnerability in the Novell ZENworks Mobile Management application by injecting code in the PHP session file and leveraging a Local File Inclusion in mdm.php to execute the injected PHP code. The agent installed by this exploit will run with the privileges of the "IUSR" user.
A remote code execution vulnerability in the UploadServlet component of Novell ZENworks Configuration Management allows remote attackers to execute arbitrary code. This module uploads an arbitrary .WAR file on the target in order to deploy an agent on it.
This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP.