This module exploits a vulnerability in the Microsoft SQL Server. After successful exploitation an agent will be installed. If the attack was not successful, the server might stop responding (one-shot-exploit).
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten.
This vulnerability allows remote attackers to execute arbitrary code on installations of Soulseek Server, which can be exploited by malicious people to compromise a vulnerable system. Soulseek Server is prone to a stack-based buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when performing a direct peer file search.
The /opt/cma/bin/clear_keys.pl Perl script in Sophos Web Protection Appliance, which can be executed by the 'spiderman' user with the sudo command without password, is prone to an OS command injection vulnerability, because its close_connections() function does not escape the second argument of the script before using it within a string that will be executed as a command by using backticks. This vulnerability can be abused to escalate privileges within the appliance from 'spiderman' to root.
The /opt/ws/bin/sblistpack Perl script in Sophos Web Protection Appliance, which can be reached from the web interface, is vulnerable to an OS command injection because its get_referers() function does not escape the first argument of the script before using it within a string that will be executed as a command by using backticks. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code in the affected appliance. The agent installed by this exploit runs with the privileges of the 'spiderman' user. After successfully installing an agent, by default this module will automatically run another module (Sophos Web Protection Appliance clear_keys.pl Privilege Escalation Exploit), which will try to exploit a privilege escalation vulnerability that is also present in the Sophos appliance in order to install another agent with root permissions.
This module exploits a remote stack-based buffer overflow in pdmwService by sending a malformed packet to the 30000/TCP port.
This module exploits a vulnerability in the SolarWinds Storage Manager Server. The LoginServlet page available on port 9000 is vulnerable to SQL injection via the loginName field. An attacker can send a specially crafted username and execute arbitrary SQL commands leading to remote code execution.
This module exploits a buffer overflow on the DCE/RPC processing in the Snort 2.6.1.2 package. For this exploit to work, the DCE/RPC Preprocessor must be active on the configuration file, snort.conf. The agent will normally run as the "root" user.
This module exploits a remote buffer overflow in the SNMPc Network Manager by sending a specially crafted Trap packet with a long Community String to the UDP port 164 and installs an agent if successful.
There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This allows an attacker to execute arbitrary code with System privileges. The vulnerability is triggered by sending a malformed message to the vulnerable host. Manipulating the length of the packet allows portions of the heap memory to be overwritten with user defined data.