This Metasploit module exploits an overflow in the Windows Routing and Remote Access Service (RRAS) to execute code as SYSTEM. The RRAS DCERPC endpoint is accessible to unauthenticated users via SMBv1 browser named pipe on Windows Server 2003 and Windows XP hosts; however, this module targets Windows Server 2003 only. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well.
69298bf9729abb1a86bafda578c9aa2fFluig versions 1.7.0-210217 and below suffer from a path traversal vulnerability.
360e2f6a2b7d7edb421a3de50030196aCatDV version 9.2 RMI authentication bypass exploit.
0a1d872d931080ef35d755340ddd6d1eTextpattern CMS version 4.8.3 remote code execution exploit.
fac6738a3f1d34e4a08ae1f349de43dcTextpattern CMS version 4.9.0-dev suffers from a persistent cross site scripting vulnerability.
16e27064a02c0928aa52bc17265dde0dTextpattern CMS version 4.8.4 suffers from a persistent cross site scripting vulnerability.
5e3afc6e81c2784563be17ff2b27afc0Online Ordering System version 1.0 suffers from an unauthenticated remote blind SQL injection vulnerability.
ae0c87eb9112bb1d4f7b47369ebf0038Online Ordering System version 1.0 suffers from a remote shell upload vulnerability.
05f808849bc20a2901c3aeb914582758Web Based Quiz System version 1.0 suffers from a remote SQL injection vulnerability.
32e85137f45169204f063d1f69337b0be107 CMS version 2.3.0 suffers from a cross site request forgery vulnerability.
759c0681369dd6ed1719e04622c8167dDoctor Appointment System version 1.0 suffers from remote blind SQL injection vulnerabilities in the firstname and email parameters.
e4344ef4ddc184744e8cd527b2d66da5Doctor Appointment System version 1.0 suffers from remote SQL injection vulnerabilities in the username, comment, and lastname parameters.
6f1b18409918b0c8bb487afb82955590Backdoor.Win32.BO2K.09.b malware suffers from a code execution vulnerability.
9183899ace584612151fd4053cf1839cBackdoor.Win32.BO2K.ab malware suffers from a buffer overflow vulnerability.
5841f3755afe2d24405abcde392b1f87Local Services Search Engine Management System (LSSMES) version 1.0 suffers from a persistent cross site scripting vulnerability.
46876b9312a0d7f98c43a6325f026855Local Services Search Engine Management System (LSSMES) version 1.0 suffers from blind and error-based authenticated remote SQL injection vulnerabilities.
6051bc313dd2683b38e4b7e7256fd08aAnyDesk version 5.5.2 suffers from a remote code execution vulnerability.
4ed562c5421237da0626f1f62a26ff48Backdoor.Win32.DarkKomet.irv malware suffers from an insecure permissions vulnerability.
a4a25186b44b304f17b0275fe121d4c5Web Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability related to MCQ options.
33d7b64ac2b9aead162afda02fdb40a1CASAP Automated Enrollment System version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
f14a5fa36f519bbb6ec4f2ba3a6c5e79This Metasploit module exploits a remote code execution vulnerability in Zen Cart version 1.5.7b.
a50e2ef38a3a7c65933f892f83d8693dProfiling System For Human Resource Management version 1.0 suffers from a persistent cross site scripting vulnerability.
8880e83723b9ae2d6ad66acbdb8c253cWeb Based Quiz System version 1.0 suffers from a persistent cross site scripting vulnerability in the name field.
1db1bfe9e6bec3cc8f5d41b082884456TinyTinyRSS remote code execution exploit. Versions prior to 2020-09-16 are affected.
79de8a89a9854c71810d28d7c897d82aThis archive contains all of the 189 exploits added to Packet Storm in February, 2021.
8f655667c2910dd23d0a8074a7e21dfd
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed