This module also know as EternalRomance exploits the ms17-010 vulnerability by taking advantage of a remote pool overflow in the smb transaction handling code of the windows smb driver. You will need to provide windows credentials in order to exploit the remote host. This module should never crash a target, so if the exploit does not work probably its because the credentials were wrong.
HP Intelligent Management Center is prone to a remote vulnerability that allows attackers to execute commands under the context of system.
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated remote attacker, to execute arbitrary commands with SYSTEM user privileges. This module will access the specified remote target using SMB, and install an agent with SYSTEM user privileges.
AVEVA InduSoft Web Studio is prone to a remote vulnerability that allows attackers to execute commands under the context of de program user.
The function 'processHeaderConfig' is vulnerable to command injection due to lack of validation in the HTTP headers that process as argument. This module exploits this vulneravility to install an agent
Advantech WebAccess is prone to a remote vulnerability that allows attackers to execute commands under the context of de program user.
Advantech WebAccess is prone to a buffer overflow vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer.
The specific flaw exists within bwnodeip.exe, which is accessed through the 70022 IOCTL in the webvrpcs process. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
The specific flaw exists within bwnodeip.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.