This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting.
This module exploits a Remote Code Execution vulnerability in Mantis
version 1.1.3 when handling the sort parameter in manage_proj_page without
the proper validation that leads to a remote code execution on Mantis' Web
server.
This update adds support for the OSX platform.
version 1.1.3 when handling the sort parameter in manage_proj_page without
the proper validation that leads to a remote code execution on Mantis' Web
server.
This update adds support for the OSX platform.
The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver.
This update adds support for the AIX platform.
This update adds support for the AIX platform.
This module exploits a Remote Code Execution vulnerability in Mantis
version 1.1.3 when handling the sort parameter in manage_proj_page without
the proper validation that leads to a remote code execution on Mantis' Web
server.
This update adds support for the AIX platform.
version 1.1.3 when handling the sort parameter in manage_proj_page without
the proper validation that leads to a remote code execution on Mantis' Web
server.
This update adds support for the AIX platform.
Distcc, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. This module exploits the vulnerability to install an agent.
The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver.
This update adds support for Solaris platforms.
This update adds support for Solaris platforms.
This update adds support for Solaris platforms.
This module exploits a missing verification of the path in the command "sudoedit", provided by the sudo package. This can be exploited to execute any command as root including a shell, allowing an unprivileged process to elevate its privileges to root.
This update adds OSX 10.6 (Snow Leopard) as supported target.
This update adds OSX 10.6 (Snow Leopard) as supported target.
A vulnerability has been identified in ISC BIND, which could be exploited by remote attackers to cause a denial of service. This issue is caused due to the "dns_db_findrdataset()" function failing when the prerequisite section of a dynamic update message contains a record of type "ANY" and where at least one RRset for this FQDN exists on the server, which could allow attackers to cause a vulnerable server to exit when receiving a specially crafted dynamic update message sent to a zone for which the server is the master.
This update adds more supported platforms to the exploit.
This update adds more supported platforms to the exploit.