This module exploits the following vulnerability, as described by the CVE database: "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to [...] execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call." The most common TCP ports used by vulnerable programs are 10000 for Webmin and 20000 for Usermin. This module will run 2 different phases: the first phase will bruteforce a return address location (retloc) and the second phase will bruteforce the address of the agent code (retaddr). NOTE: The first phase might create zombie processes that should be killed once the agent has been installed. The second phase might generate a few megabytes of traffic.

This vulnerability allows remote attackers to execute arbitrary code on a server running MinaliC. The vulnerability is caused due to a boundary error within MinaliC when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.

Multiple MicroWorld eScan products are vulnerable to a remote command-execution vulnerability because they fail to properly sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands with superuser privileges. Successful attacks will completely compromise affected computers. The issue affects the following products versions prior to 4.1.x: eScan for Linux Desktop, eScan for Linux File Servers, MailScan for Linux Mail servers, WebScan for Linux Proxy Servers.

A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows remote code execution.

When the SMTP Client ( this module ) sends an email to "[email protected]", the SMTP Server tries to resolve the IP of "caronte.com" domain. In that moment, the SMTP Server sends a DNS request to the configured DNS Server. This module tries to send a response to the SMTP Server before the configured DNS Server does. As the vulnerable target doesn't check the DNS response "Transaction IDs", if a spoofed response is processed before that a real response the SMTP Server finishes sending an email to a SMTP Server indicated by the spoofed DNS response.

This module exploits a Windows kernel remote vulnerability on the srv.sys driver via a malformed SMB packet. It could allow an attacker to connect to a shared folder and send a specially crafted SMB message to an affected system exploiting the target and installing an agent.

This module exploits a vulnerability on srv2.sys via a SMB negociation packet.

This module exploits an impersonation vulnerability on "spoolsv.exe" ( Microsoft Windows Print Spooler ) by first sending a job to the shared printer which overwrites a DLL printer driver with an arbitrary one, and then another job which causes the shared printer to load it and install an agent on the target system.

This module exploits a buffer overflow vulnerability in the EnumeratePrintShares function in the Print Spooler Service in Microsoft Windows to install an agent in the target machine.

This module exploits a remote buffer overflow in the Microsoft Windows Media Services by sending a specially crafted packet to the 1755/TCP port.