CA ARCserve Backup is prone to a command injection vulnerability on the RPC interface that could permit the execution of arbitrary remote code. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer.
This module exploits a remote stack-based buffer overflow in Motorola Timbuktu Pro by sending a long malformed string over the plughNTCommand named pipe.
This module exploits a remote buffer overflow in the Motorola Netopia netOctopus SDCS server service. The vulnerability exists within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer. This results in an exploitable stack buffer overflow.
A Remote Code Execution (RCE) vulnerability has been found in filter/tex/texed.php. Due to the fact this file does not properly check the input parameters, it is possible to exploit this vulnerability in order to execute arbitrary commands on the target server. In order to exploit this vulnerability register_globals must be enabled (in PHP), magic_quotes must be disabled, and the TeX Notation filter in Moodle must be turned on.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing MiniShare. The vulnerability is caused due to a boundary error within MiniShare when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on a server running MinaliC. The vulnerability is caused due to a boundary error within MinaliC when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows a privilege escalation.
A memory corruption vulnerability in the ChkNtfSock function of wins.exe allows remote code execution.
When the SMTP Client ( this module ) sends an email to "[email protected]", the SMTP Server tries to resolve the IP of "caronte.com" domain. In that moment, the SMTP Server sends a DNS request to the configured DNS Server. This module tries to send a response to the SMTP Server before the configured DNS Server does. As the vulnerable target doesn't check the DNS response "Transaction IDs", if a spoofed response is processed before that a real response the SMTP Server finishes sending an email to a SMTP Server indicated by the spoofed DNS response.
This module exploits a Windows kernel remote vulnerability on the srv.sys driver via a malformed SMB packet. It could allow an attacker to connect to a shared folder and send a specially crafted SMB message to an affected system exploiting the target and installing an agent.