This Metasploit module abuses the "Command" trap in Zabbix Server to execute arbitrary commands without authentication. By default the Node ID "0" is used, if it doesn't work, the Node ID is leaked from the error message and exploitation retried. According to the vendor versions prior to 1.6.9 are vulnerable. The vulnerability has been successfully tested on Zabbix Server 1.6.7 on Ubuntu 10.04.
c4c37ca2fbeb9dc136f6ed37edc9e1410341536d23168c981616809399bccf93
Kojoney versions prior to 0.0.4.2 suffer from a remote denial of service vulnerability.
a877fb5d19fecba22603df6557ffba4026cac256b572c537cf59dc8df9a77783
Zabbix Server suffers from code execution and remote SQL injection vulnerabilities. Code execution is patched in version 1.8 and SQL injection is patched in 1.6.8. A couple of denial of service vulnerabilities were also addressed.
84a607aba724e8f8a6fdc18f1dec5e0dfc3bdde2737bca88ab0a43d3c6ce8a46
Zabbix Agent versions prior to 1.6.7 suffer from a code execution vulnerability.
e2030524e07abdd33c9e9a78db8cc442ef828f1fae7394e48ba12760686c38b1
This Metasploit module exploits a command execution vulnerability in the PGP plugin of SquirrelMail.
e9f76a373cf2b76303d467d4d1a6fc540c5d667126b63377a38fb49df378c89c
Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. Details are provided.
eeea4524358956b07a0e7eeded52faf98ec81fc4f410f5baddfeed09f6a64217
Novell eDirectory versions 8.7.x through 8.8.1 suffer from an arbitrary access vulnerability due to client-side access control when using the SOAP interface.
d8c1e0d178bbdf6fe231b6d7a8501982ac654b9dcb8aa71c053c93e60e6ed971
Metasploit module for the buffer overflow vulnerability in Apache mod_jk version 1.2.20. Written to work on Win23.
efe145dee4b7080b59ab059e6c8b9dd4a32fc76e8f62346dc54be9192176437f
phpMyVisites versions prior to 2.2 stable suffer from cross site scripting, HTTP response splitting, and local file inclusion flaws.
34f74cdcafeaf7a2c88c13c040bac637888b5cbfab8d3963056479c384f38e34
Kiwi CatTools versions below 3.2.0 Beta suffer from a tftp directory traversal flaw.
f24b397c3a60f7cac26cc72cf4d151f5a77f52aa1cf369d990ece2310ac3b320
SAP Web AS version 6.40 enserver.exe file downloader exploit.
6fc6be7f8634a3f1767a2c1d7f800816395514d2a9e81ed5454ab706e121fcd3
Multiple vulnerabilities exist in SAP Web AS version 6.40 below patch 136 and 7.00 below patch 66. These flaws allow for remote file disclosure, remote denial of service attacks, and local privilege escalation.
6d8c1611200e2a882c87da2d5ee436861cc00c8981f1be917241380181404cdd
Linux port of the exploit for the gwrd bug in SAP versions below 4.6D patch 1767 and versions below 6.40 patch 4. Allows for remote command execution. Shell script version.
a55846c9b05cc9ff91e04c28793f07962b4beb73e490fe87b6e190bb5bb7e3fe
Linux port of the exploit for the gwrd bug in SAP versions below 4.6D patch 1767 and versions below 6.40 patch 4. Allows for remote command execution. Perl version.
df146978b0f9a1b8ac7a1f5975813e0c7bf897e1d0e696c46d6776c344a2cb75
Utility to test users and passwords with RfcOpenEx on SAP systems. Now deprecated in favor of THC Hydra.
1946d7911a05a58e4cf9b1d70b1079af14fb8417e1bdb2b35075b7435c397425
SAP RFC_SYSTEM_INFO information disclosure exploit that leaks OS type, real IP address, SAP version, and more.
ca1725ccfc90166e4942d16984052e553aa51c664b897e451b960846453bdb8d
Two byte UDP denial of service exploit for SAP version below 6.40 patch 6.
e42dd9d291b31a04e667954b494c51fa65832c345991b7336dd4ea1b98caf196
The SAP Web Application Server suffers from denial of service, remote file disclosure, and local privilege escalation vulnerabilities.
de3975dce143466971026afe72001d10efca62500cacd7004d823edece217251
Ethereal versions 0.10.10 and below SMB dissector remote denial of service exploit. Tested on 0.9.4 and 0.10.10.
4bfdc3de77cde29503fcc4e4486eb5b7f814eb9ba623b7c983982dfc0e0ee4fa