This module exploits a command injection error in the function runScripts in vdccm (SynCE daemon), reached through a information message remote request. For this exploit to work, there must be at least one script file on the SynCE scripts directory.
A vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
This module exploits a remote code execution vulnerability in Symantec Web Gateway by using a log injection and a local file inclusion to run an arbitrary PHP script.
The AMS2 (Alert Management Systems 2) component of multiple Symantec products is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. A remote user can send specially crafted data to TCP port 12174 to execute arbitrary commands on the target system.
This module exploits a buffer overflow vulnerability in Symantec Client Security 3.x and Symantec Antivirus Corporate Edition 10.x that allows a remote un-authenticated attacker to compromise the target system and obtain system privileges.
This module exploits a remote buffer overflow in the awhost32 service included in the Symantec PCAnywhere application by sending a crafted packet with a long username to TCP port 5361.
This module exploits a default password vulnerability in Symantec Messaging Gateway.
This module exploits a buffer overflow vulnerability in the Intel Alert Originator service by sending a specially crafted packet to the 38292/TCP port.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing the Centennial Software XFERWAN component. Authentication is not required to exploit this vulnerability.
This module exploits command injection vulnerability in Symantec AMS Intel Handler Service and install an agent into the target machine.