This module exploits a buffer overflow vulnerability in Quick TFTP Server Pro when processing a very large mode field in a read or write request and installs an agent if successful. This vulnerability can be exploited remotely by sending a very long TFTP Error Packet to both service or standalone versions.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing PSOProxy. The vulnerability is caused due to a boundary error within PSOProxy when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
The DBA Management Server component of EnterpriseDB Postgres Plus Advanced Server does not restrict access to the underlying JBoss JMX Console. This can be abused by remote, unauthenticated attackers to execute arbitrary code on the vulnerable server. This module uploads an arbitrary .WAR application to the target in order to deploy an agent on it. On Windows targets, the deployed agent will run with SYSTEM privileges.
This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution.
This module exploits a buffer overflow in PHP. The specific flaw is in the apache_request_handlers() function. The apache_request_handlers() function fails to validate the length of certain headers in the HTTP request and blindly copy all the string received in the vulnerable header to the stack causing a buffer overflow.
Subscribe to Windows