This module exploits a command injection error in the function runScripts in vdccm (SynCE daemon), reached through a information message remote request. For this exploit to work, there must be at least one script file on the SynCE scripts directory.
This module exploits a remote code execution vulnerability in Symantec Web Gateway by using a log injection and a local file inclusion to run an arbitrary PHP script.
This module exploits a default password vulnerability in Symantec Messaging Gateway.
This module exploits a local privilege escalation vulnerability in certain packages shipped with Sun xVM VirtualBox for the Linux platform. After successful exploitation an agent running as root will be installed.
After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually root.
After successful exploitation an agent will be installed. This agent will inherit the user identity and capabilities of the abused service, usually the super user, but in some configurations it might be that of any other user in the target system.
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. This module works if map:map_yp_alias is set as the imap server address in config.php, which is not the default setting.
Stack buffer overflow in the ntlm_check_auth function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code.
The /opt/cma/bin/clear_keys.pl Perl script in Sophos Web Protection Appliance, which can be executed by the 'spiderman' user with the sudo command without password, is prone to an OS command injection vulnerability, because its close_connections() function does not escape the second argument of the script before using it within a string that will be executed as a command by using backticks. This vulnerability can be abused to escalate privileges within the appliance from 'spiderman' to root.
The /opt/ws/bin/sblistpack Perl script in Sophos Web Protection Appliance, which can be reached from the web interface, is vulnerable to an OS command injection because its get_referers() function does not escape the first argument of the script before using it within a string that will be executed as a command by using backticks. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code in the affected appliance. The agent installed by this exploit runs with the privileges of the 'spiderman' user. After successfully installing an agent, by default this module will automatically run another module (Sophos Web Protection Appliance clear_keys.pl Privilege Escalation Exploit), which will try to exploit a privilege escalation vulnerability that is also present in the Sophos appliance in order to install another agent with root permissions.