This Metasploit module exploits an information disclosure vulnerability found in Zpanel versions 10.1.0 and below. The vulnerability is due to a vulnerable version of pChart allowing remote, unauthenticated, users to read arbitrary files found on the filesystem. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.
e2a78006f6a2c8dd9641e9a3343f7060a143d27b5463d94361969f139f4f5d48
This Metasploit module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This Metasploit module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.
3e993a7e854efa86fb910cf5ae6005aed96bf8fef7a6b5ff28fe00ff12003031