This module installs a level0 agent by writing a .so library and requesting an open pipe on the remote host.
This module exploits a SQL Injection vulnerability in Joomla which allows gathering of users and password hashes by parsing SQL output errors.
This module uses an arbitrary file upload vulnerability in Magento eCommerce Web Sites to gain arbitrary code execution on the affected system.
Authentication is required to access the administrative panel.
Authentication is required to access the administrative panel.
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.
This module exploits the ms17-010 vulnerability by taking advantage of a remote pool overflow in the smb transaction handling code of the windows smb driver.
Use After Free in Microsoft Office allows remote attackers to execute arbitrary code via crafted EPS file in an Office document, leading to improper memory allocation.
This module uses a directory traversal vulnerability in the file import feature in Nuxeo Platform CMS to upload a JSP to gain arbitrary code execution on the affected system.
This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word handles OleLink objects. It is possible to open a RTF file and execute arbitrary code in vulnerables installations of Microsoft Office Word.
This vulnerability was originally seen being exploited in the wild starting in October 2016.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This vulnerability was originally seen being exploited in the wild starting in October 2016.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
ErraticGopher exploits a memory corruption (seems to be a Heap Overflow) in the Windows DCE-RPC Call MIBEntryGet.
This version adds XP SP3 support.
This version adds XP SP3 support.
Disk Sorter Enterprise server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.