This module exploits a buffer overflow in PHP. The specific flaw is in the apache_request_handlers() function. The apache_request_handlers() function fails to validate the length of certain headers in the HTTP request and blindly copy all the string received in the vulnerable header to the stack causing a buffer overflow.
This module exploits a Remote Code Execution vulnerability in PHPMyAdmin installing an agent. In PHPMyAdmin 3.0.0 RC1 it works with MYSQL 5 and above. In PHPMyAdmin 2.9.11 and below, it works if the databes is before MYSQL 5 This module starts a web server on the Core Impact Console to publish the agent, which is downloaded from the target. It only works for Cookie-Authenticated sites.
This module abuses a vulnerability in phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 that allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
The highlight parameter in the viewtopic.php script is not properly sanitized when it is decoded, this is exploited by this module to execute arbitrary php code on a vulnerable server in order to upload and execute an agent. When the target platform is Windows, this module leaves a file at the phpBB installation path with the name: decoded-XXXXXX.exe (where XXXXXX is a random number). This file will not be removed on agent uninstall, so it must be manually deleted.
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
PeerCast is prone to a remote buffer overflow vulnerability that allows for remote arbitrary code execution.
The Pagent service component of Panda Security for Business is prone to a path traversal vulnerability when handling MESSAGE_FROM_REMOTE packets. This vulnerability can be exploited by remote unauthenticated attackers to drop arbitrary files in the vulnerable machine in order to gain remote code execution with SYSTEM privileges.
Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.
This module exploits a vulnerability in Oracle WebLogic IIS Connector when sending a specially crafted POST message with a specially JSESSIONID cookie.
This module exploits a vulnerability in Oracle Secure Backup when sending a specially crafted NDMP_CONNECT_CLIENT_AUTH packet.