The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server and waiting for the administrator of Sami FTP Server to set focus on the GUI of the program in order to deploy an agent.
This module exploits an off-by-one condition by sending a specially crafted RCPT verb argument to a Novell GroupWise Internet Agent.
This module exploits a vulnerability in PHPMyAdmin. server_databases.php fails when it attemps to sanitize the sort_by parameter. It allows an attacker to inject code, and execute it on the web server with www-data privileges.
This module exploits a stack buffer overflow vulnerability in the Sourcefire Snort DCE/RPC preprocessor. An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code with the privileges of the Snort process.
This update improves the reliability for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 8.0
This update improves the reliability for Redhat Enterprise Linux 4 and FreeBSD 6.2 on Impact 8.0
This module exploits a remote heap overflow in the Helix DNA Server (rmserver.exe) by sending a specially crafted RTSP packet to the 554/TCP port.
A Remote Code Execution (RCE) vulnerability has been found in filter/tex/texed.php. Due to the fact this file does not properly check the input parameters, it is possible to exploit this vulnerability in order to execute arbitrary commands on the target server. This module starts a web server on the CORE IMPACT Console to publish the agent, which is downloaded from the target. In order to exploit this vulnerability register_globals must be enabled (in PHP) and the TeX Notation filter in Moodle must be turned on.
This module exploits a Remote Code Execution vulnerability in Mantis version 1.1.3 caused by Mantis handling the sort parameter in manage_proj_page without the proper validation. This allows for remote code execution on Mantis' Web server.
This module exploits a command injection error in the Oracle Secure Backup Administration server.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 SMTP Server Module (mercurys.dll) when processing arguments to the AUTH CRAM-MD5 command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
This update adds support for DEP (Data Execution Prevention).
This update adds support for DEP (Data Execution Prevention).
This module exploits the random number generator in Debian's OpenSSL package being predictable. This vulnerability is used to generate SSH keys and to install an agent into the target host.
The exploit will generate the complete vulnerable keyspace, and will try to log as the provided user. If the user is root, the agent will have superuser capabilities.
This update improves exploit performance when used through Network Attack and Penetration RPT.
The exploit will generate the complete vulnerable keyspace, and will try to log as the provided user. If the user is root, the agent will have superuser capabilities.
This update improves exploit performance when used through Network Attack and Penetration RPT.