ZABBIX allows an administrator to create scripts that will be run on hosts. An authenticated attacker can create a script containing a payload, then a host with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host. This Metasploit module was tested against Zabbix version 2.0.9.
337aba7aa6c0548a701c9d962e9e56e4ac6edce3bbb5c5f7b68fef1361fd8f09
ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. This Metasploit module was tested against version 3.0.5.2.
500ad81c08959d6a17fb323607222ca4f12a1b9a2e830df3bd4af01d85b6423e
OpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system (including root).
94cc0202bafd6d8e09dab8de5983f2f26db28f5d5e4ab61e3830ec9bd40f3b41
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This Metasploit module was tested against Moodle version 2.5.2 and 2.2.3.
c4365fd3140a745d4484ea06c3aca345da8ba6b0e3a266802b6ce0150e84b884
This Metasploit module exploits a vulnerability in ActiveFax Server. The vulnerability is a stack based buffer overflow in the "Import Users from File" function, due to the insecure usage of strcpy while parsing the csv formatted file. The module creates a .exp file that must be imported with ActiveFax Server. The module has been tested successfully on ActFax Server 4.32 over Windows XP SP3 and Windows 7 SP1. In the Windows XP case, when ActFax runs as a service, it will execute as SYSTEM.
c647f83637014a447ae0a445b73bc78e1347958b1328e0f0cc2af4bc0585b90a