This Metasploit module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashes (../) to the vulnerable NOME parameter found on the listagem.laquis file. This Metasploit module was tested against version 4.1.0.2385.
ae0975440fb126f19c5ccc25be557789a6e620a677ff401fc17497d5b023dd68This Metasploit module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context 'SYSTEM'.
0aa023366398e0b5fe67252f1cd7499e46c8e4acd3c9b630308fd8668c7e3664This Metasploit module exploits a command injection vulnerability found within the sync_rserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist during the parsing of the $uuid parameter. This allows for the escaping of a system command allowing for arbitrary command execution as root.
c5d3cc878780fde621fb0eaa9cf72d1a173e80bb8af8c96151703f11d0f99f4dThis Metasploit module exploits a file upload vulnerability found within Cloudview NMS versions prior to 2.00b. The vulnerability is triggered by sending specialized packets to the server with directory traversal sequences to browse outside of the web root.
e1827b120d87b6594f212dd5b8a68e00064254f33d0e8e0ade054b8ab686c009This Metasploit module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.
2ed851c0d5344e61f6b11707f88d95f097e974d5f1349cbebf251d2984413149Carel PlantVisor version 2.4.4 suffers from a directory traversal vulnerability.
24843727412d5938ac625ddc4bb6aab5f7d5861d0d325fc6c554bc97ae658cadThis Metasploit module exploits a flaw found in Indusoft Web Studio versions 7.1 and below before SP2 Patch 4. This specific flaw allows users to browse outside of the webroot to download files found on the underlying system.
69837ade3b0e068ebe61226b3a690e4667a8c0997588612954ef1a13ff2efc5eThis Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested
4bbb870204cb160404324362d5f655c2e6ad6e3dcfa95efd62ae7ff34223ceddThis Metasploit module exploits a stack based buffer overflow found in KingScada versions prior to 3.1.2.13. The vulnerability is triggered when sending a specially crafted packet to the 'AlarmServer' (AEserver.exe) service listening on port 12401. During the parsing of the packet the 3rd dword is used as a size value for a memcpy operation which leads to an overflown stack buffer.
372002f341dbcef63350dadde1e01f17c8f3958551e72cc9370cf9d47ca6fe34This Metasploit module exploits a buffer overflow vulnerability found in haneWIN DNS Server versions 1.5.3 and below. The vulnerability is triggered by sending an overly long packet to the victim server. A memcpy function blindly copies user supplied data to a fixed size buffer leading to remote code execution. This Metasploit module was tested against haneWIN DNS 1.5.3.
69375272f6b85af018f67e431cd2eee59a7193612cbbd63b5056a57a70383cd9This Metasploit module exploits a buffer overflow vulnerability found in libpal.dll of Disk Pulse Server version 2.2.34. The overflow is triggered when sending an overly long 'GetServerInfo' request to the service listening on port 9120.
89e1fbaa5faa9d128da8744ffe8a79c7dc9dbc91064e2e5d365a74516ab37fc9This Metasploit module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 versions 5.0.45.5921 and below. The overflow is triggered when WinPLC7 connects to a remote server and accepts a malicious packet. The first 2 bytes of this packet are read in and used as the size value for a later recv function. If a size value of sufficiently large size is supplied a stack buffer overflow will occur
257f496d5a691e764607b32eaae937eb56dfb812ba9f2eaf3af43286daab4e04This Metasploit module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation versions 2.5.0 through 2.6.0 beta (builds prior to 430).
fb92778bf7cda183a3a910fce3a36043c3d1f3d8be5c5e940f23dc69bc468f83This Metasploit module exploits a command injection flaw found in the get_log_line function found within Util.pm. The vulnerability is triggered due to an unsanitized $r_file parameter passed to a string which is then executed by the system
14ebb7003ddd92d32096f32666e2bc54c1e1aace1fdf8a426fd5d68b7e981878This Metasploit module exploits a stack based buffer overflow found in Sielco Sistemi Winlog versions 2.07.16 and below. The overflow is triggered during the parsing of a maliciously crafted packet
b7800da35175855406221f63922413c3f00345939383e69eea5f9f84153c8730This Metasploit module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer.
7fa33e91d816df5d477c2e8b7d0d36b10a92882d363ab5e703d2da1e002dfcf1This Metasploit module exploits a stack buffer overflow found in Lockstep Backup for Workgroups versions 4.0.3 and below. The vulnerability is triggered when sending a specially crafted packet that will cause a login failure.
613182e151de70de17f950e560dafa0845ff260e64016fcceddf19108d53136cThis Metasploit module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe service listening on port 3000. During the copying of strings to the stack an unbounded sprintf() function overwrites the return pointer leading to remote code execution.
2879d01f8913ead6a90cab85b336de984e013e193a30e5d1247f6989b0fa4674This Metasploit module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.
b127f7dc2ea89cebfead7d38c3b78d175b3375c0034def2f4e3b3e6395d6d22aThis Metasploit module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder version 3.11 Build 14701. The vulnerability is triggered when a client connects to a listening server. The client does not properly sanitize the length of the received input prior to placing it on the stack.
3f6a8bfbce639093ae67dd696b79c8bcb1d78b6454f530630255e7b1576b6ad6This Metasploit module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition <= 11.2.1. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet found within the Inmservlets.war archive. This allows the attacker to upload a specially crafted file which leads to remote code execution in the context of the server user.
6bb5591eafa616f5e36341752eb9b1509345a01bc873e86d440ac1a861dcf3a4This Metasploit module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition versions 11.2.1 and below. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet. This allows the attacker to upload a malicious jsp file to anywhere on the remote file system.
3c72a6b492a3a241415f122e7dda5e8764651e326570e7896eb20d1507455311Advantech SUSIAccess versions 3.0 and below suffers from a RecoveryMgmt file upload vulnerability.
7afddd81c9bc2a2655ff371abde673b9ce3d5c9f80dd813d96f9a3659935c76dThis Metasploit module exploits an information disclosure vulnerability found in Advantech SUSIAccess versions 3.0 and below. The vulnerability is triggered when sending a GET request to the server with a series of dot dot slashes (../) in the file parameter.
987feed6e20b7d8688f866350e62c7ccd8559ac0d7a669fdd86a82be99cf233cThis Metasploit module exploits an information disclosure vulnerability found in Zpanel versions 10.1.0 and below. The vulnerability is due to a vulnerable version of pChart allowing remote, unauthenticated, users to read arbitrary files found on the filesystem. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.
e2a78006f6a2c8dd9641e9a3343f7060a143d27b5463d94361969f139f4f5d48
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed