This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.
2fd37f85b3b97b8f8c3c3028dc3ce694832b09af2ec361d954d869e453380a88
This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.
0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Symantec Web Gateway version 5.0.3.18 local file inclusion remote root command execution exploit.
88327d0f7cbaac39c6aad31a8ef7f4b43b8d525c4c4b964adfb91854c7a37766
Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability.
6aec98e00f8daa7f3e784b9b085136fd783f41fed252a1521762a3217af9e407
Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers.
33d2c7451eea8c45146663fa6330e2747966d6816d1ce83431c543d2238e56fd
Ipswitch WhatsUp Gold version 15.02 suffers from code execution, cross site scripting, and remote SQL injection vulnerabilities.
4811003d330d6ff9fc3ea22effd0939b589f9d1a7f2a27a858dd90d7e0988596
Dell SonicWALL Scrutinizer version 9.0.1 suffers from a remote SQL injection vulnerability.
51f8331d268be99ec1bf0765163b49d3c86e2071fd657509a74930a28343e6f9
This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.
65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63
Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit.
1f988ae10011c9e9527aa54aee6542a4e4f221f26948b02c388b89c3b9e6db66
This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.
f0082fe343289cee7851fb985c1987add9c8ebcb058523260ad6c25997867acf
Solarwinds Storage Manager version 5.1.0 remote SYSTEM SQL injection exploit.
8721ee1a12fe6d7008415fbf1a6f1b25e326924c27b9fa0e98b01fd1e473de9f
This Metasploit module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.
732f9a89390a847e9a30d1b733961bd71e76e38457ac805770011388b929d0cc
FreePBX version 2.10.0 and Elastic version 2.2.0 remote root code execution exploit.
984ef9b4d46d202068534bc7c0391749912cfe24b026e014bc264260d6e0af46
This Metasploit module exploits a stack-based buffer overflow in Ability Server 2.34. Ability Server fails to check input size when parsing STOR and APPE commands, which leads to a stack based buffer overflow. This plugin uses the STOR command. The vulnerability has been confirmed on version 2.34 and has also been reported in version 2.25 and 2.32. Other versions may also be affected.
2f42268540b9e7a1b27be7be2665ffceb81143ab10130f7b317339dcd4c523c5
This Metasploit module exploits a vulnerability found in HP Data Protector's OmniInet process. By supplying a long string of data as the file path with opcode '20', a buffer overflow can occur when this data is being written on the stack where no proper bounds checking is done beforehand, which results arbitrary code execution under the context of SYSTEM. This Metasploit module is also made against systems such as Windows Server 2003 or Windows Server 2008 that have DEP and/or ASLR enabled by default.
c300d04fb3ea4183698f9badb47bedde5230f3414ad7738a1e1ab7d7e1be8221
HP Data Protector version 6.11 remote buffer overflow exploit with DEP bypass.
9e8e5a84de486e78b0670c124724bc4754ef8447902faec7f282f582cbf86f0c
Sun Java Web Server version 7.0 u7 administrative interface denial of service exploit.
1f4ee03d2f21873fa85a546b82be9bb31a7253d7895c6df6f145c63406a95360
This is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.
4e64f2bde60479894b56b37f3ca9106dbfee008011c45a3a524a30225b19046b
This metasploit module is a stack overflow exploit for McAfee ePolicy Orchestrator 3.5.0 and ProtectionPilot 1.1.0. Tested on Windows 2000 SP4 and Windows 2003 SP1.
c5d4374afb7d02fcb71a301406cf46a7b08856e8634b8c4b455323de754bcf69
McAfee ePolicy Orchestrator 3.5.0 contains a pre-authentication buffer overflow vulnerability in NAISERV.exe. Protection Pilot 1.1.0 uses the same HTTP server, and is also vulnerable.
b10041868084225e62f4a63f86c4fb4e2f49df32ae08ccc857170b2bfe9a4c39
MDaemon Pre Authentication (USER) heap overflow exploit.
4f7b94833ece72e52aeb28060f38d879ff856d35732f73e066575bfd5ed1d323
GlobalScape Secure FTP server 3.0.2 Build 04.12.2005.1 buffer overflow exploit.
a12099d3b3073ebd5af605fee5579ffa44515664ccde164fdf6c87b1d8cf8a25
SLMail 5.x POP3 remote PASS buffer overflow exploit that binds a shell to port 4444. Tested on Windows 2000 SP4.
e52e26d43fc8281cdd86366385864d1faabe76d496cbf284434a32a5b495a1f4
MailCarrier 2.51 SMTP EHLO / HELO buffer overflow exploit written in python that spawns a shell on port 101 of the target machine.
9cdcfa966f1b52e3db88669267c30a79a0da90da60a10ee65048a42219f21e53