This module exploits a buffer overflow vulnerability during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field.
A path traversal vulnerability affects the Issue Collector plugin in Atlassian JIRA. This module exploits that vulnerability to achieve remote code execution. The installed agent will have SYSTEM privileges.
This module exploits a remote code execution vulnerability in the XWork component of Atlassian FishEye, by sending specially crafted HTTP requests to the port 8060/TCP. The ParametersInterceptor class of the XWork framework, part of the Struts 2 web framework, as shipped with Atlassian FishEye, does not properly restrict access to server-side objects. This can be exploited by remote unauthenticated attackers to modify server-side objects and finally execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language) expressions.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing ASUS Remote Console. The vulnerability is caused due to a boundary error within ASUS Remote Console. A buffer-overflow vulnerability is located in the function which gets the data received from the client, store it in a stack buffer of about 1024 bytes and checks the presence of an end of line delimiter (carriage return).
This module exploits a buffer overflow vulnerability in the T38FaxRateManagement parameter when parsing SIP/SDP requests in 1.4.x prior to 1.4.3. After successful exploitation an agent will be installed. The process being exploited is usually run as root.
This exploit takes advantage of various vulnerabilities and default permissions in the affected versions of the Arkeia Network Backup Software. In the target setup the exploit attempts to gather specific information about the target: the remote operating system, the Arkeia Network Backup version, the target system's name; and attempts to download and analyze a loaded PE file by the Arkeia Network Backup Client to find certain patterns of reusable code loaded in memory. In the attack setup the exploit decides how the target will be exploited in the most successful way using the information gathered in the attack setup.
This module sends to the target a crafted NetWkstaTransportEnum SMB Request exploiting a heap overflow.
This module exploits an arbitrary index array vulnerability in the cupsd service when parsing HPGL filetypes running on certain versions of Apple Mac OS X and Linux. The vulnerability is exploited remotely by sending a specially crafted IPP request packet to install an agent.
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
The best practice for web applications built on top of the Apache Struts 2 framework is to switch off Developer Mode (struts.devMode parameter in the struts.xml configuration file) before going into production. When devMode is left enabled, attackers can gain remote code execution by setting the 'debug=command' URL parameter and sending OGNL expressions through the 'expression' URL parameter. This module takes advantage of this misconfiguration scenario in order to deploy an agent in the target system.