This Metasploit module exploits an overflow in the Windows Routing and Remote Access Service (RRAS) to execute code as SYSTEM. The RRAS DCERPC endpoint is accessible to unauthenticated users via SMBv1 browser named pipe on Windows Server 2003 and Windows XP hosts; however, this module targets Windows Server 2003 only. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well.
69298bf9729abb1a86bafda578c9aa2f
Fluig versions 1.7.0-210217 and below suffer from a path traversal vulnerability.
360e2f6a2b7d7edb421a3de50030196a
CatDV version 9.2 RMI authentication bypass exploit.
0a1d872d931080ef35d755340ddd6d1e
Textpattern CMS version 4.8.3 remote code execution exploit.
fac6738a3f1d34e4a08ae1f349de43dc
Textpattern CMS version 4.9.0-dev suffers from a persistent cross site scripting vulnerability.
16e27064a02c0928aa52bc17265dde0d
Textpattern CMS version 4.8.4 suffers from a persistent cross site scripting vulnerability.
5e3afc6e81c2784563be17ff2b27afc0
Online Ordering System version 1.0 suffers from an unauthenticated remote blind SQL injection vulnerability.
ae0c87eb9112bb1d4f7b47369ebf0038
Online Ordering System version 1.0 suffers from a remote shell upload vulnerability.
05f808849bc20a2901c3aeb914582758
Web Based Quiz System version 1.0 suffers from a remote SQL injection vulnerability.
32e85137f45169204f063d1f69337b0b
e107 CMS version 2.3.0 suffers from a cross site request forgery vulnerability.
759c0681369dd6ed1719e04622c8167d
Doctor Appointment System version 1.0 suffers from remote blind SQL injection vulnerabilities in the firstname and email parameters.
e4344ef4ddc184744e8cd527b2d66da5
Doctor Appointment System version 1.0 suffers from remote SQL injection vulnerabilities in the username, comment, and lastname parameters.
6f1b18409918b0c8bb487afb82955590
Backdoor.Win32.BO2K.09.b malware suffers from a code execution vulnerability.
9183899ace584612151fd4053cf1839c
Backdoor.Win32.BO2K.ab malware suffers from a buffer overflow vulnerability.
5841f3755afe2d24405abcde392b1f87
Local Services Search Engine Management System (LSSMES) version 1.0 suffers from a persistent cross site scripting vulnerability.
46876b9312a0d7f98c43a6325f026855
Local Services Search Engine Management System (LSSMES) version 1.0 suffers from blind and error-based authenticated remote SQL injection vulnerabilities.
6051bc313dd2683b38e4b7e7256fd08a
AnyDesk version 5.5.2 suffers from a remote code execution vulnerability.
4ed562c5421237da0626f1f62a26ff48
Backdoor.Win32.DarkKomet.irv malware suffers from an insecure permissions vulnerability.
a4a25186b44b304f17b0275fe121d4c5
Web Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability related to MCQ options.
33d7b64ac2b9aead162afda02fdb40a1
CASAP Automated Enrollment System version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
f14a5fa36f519bbb6ec4f2ba3a6c5e79
This Metasploit module exploits a remote code execution vulnerability in Zen Cart version 1.5.7b.
a50e2ef38a3a7c65933f892f83d8693d
Profiling System For Human Resource Management version 1.0 suffers from a persistent cross site scripting vulnerability.
8880e83723b9ae2d6ad66acbdb8c253c
Web Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability in the name field.
1db1bfe9e6bec3cc8f5d41b082884456
TinyTinyRSS remote code execution exploit. Versions prior to 2020-09-16 are affected.
79de8a89a9854c71810d28d7c897d82a
This archive contains all of the 189 exploits added to Packet Storm in February, 2021.
8f655667c2910dd23d0a8074a7e21dfd