CA BrightStor ARCserve Backup is prone to a stack based buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer.
CA ARCserve Backup is prone to a command injection vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer.
This module exploits a remote stack-based buffer overflow in Motorola Timbuktu Pro by sending a long malformed string over the plughNTCommand named pipe.
This module exploits a remote buffer overflow in the Motorola Netopia netOctopus SDCS server service. The vulnerability exists within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer. This results in an exploitable stack buffer overflow.
A Remote Code Execution (RCE) vulnerability has been found in filter/tex/texed.php. Due to the fact this file does not properly check the input parameters, it is possible to exploit this vulnerability in order to execute arbitrary commands on the target server. In order to exploit this vulnerability register_globals must be enabled (in PHP), magic_quotes must be disabled, and the TeX Notation filter in Moodle must be turned on.
This module exploits a vulnerability in MongoDB server. An arbitrary value passed as a parameter to the nativeHelper function in MongoDB server allows an attacker to control the execution flows to achieve remote code execution.
The mongo::mongoFind method in MongoDB makes use of uninitialized memory. A remote attacker can fill that memory address with controlled data and then call the vulnerable function in order to execute arbitrary code on the affected server.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing MiniShare. The vulnerability is caused due to a boundary error within MiniShare when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
This module exploits the following vulnerability, as described by the CVE database: "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to [...] execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call." The most common TCP ports used by vulnerable programs are 10000 for Webmin and 20000 for Usermin. This module will run 2 different phases: the first phase will bruteforce a return address location (retloc) and the second phase will bruteforce the address of the agent code (retaddr). NOTE: The first phase might create zombie processes that should be killed once the agent has been installed. The second phase might generate a few megabytes of traffic.
This vulnerability allows remote attackers to execute arbitrary code on a server running MinaliC. The vulnerability is caused due to a boundary error within MinaliC when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.