This Metasploit module exploits a directory traversal vulnerability found in BisonWare BisonFTP server version 3.5. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command including file system traversal strings such as ..//.
b4ba3d3fca35e9bfa3099972c1c3714477a03d3f8ad4111938ee37e4d9b450a8
This Metasploit module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as ..//.
d72624ea7496900a5c29840fa3d505441427c6e9334e04c00e89ad2b227b11d4
This Metasploit module exploits a directory traversal vulnerability found in PCMan FTP Server 2.0.7. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as ..//.
6e1733341126894c9908c414fb18706d2d746634c72abdeba3b946005202f185
This Metasploit module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashes (../) to the vulnerable NOME parameter found on the listagem.laquis file. This Metasploit module was tested against version 4.1.0.2385.
ae0975440fb126f19c5ccc25be557789a6e620a677ff401fc17497d5b023dd68
This Metasploit module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context 'SYSTEM'.
0aa023366398e0b5fe67252f1cd7499e46c8e4acd3c9b630308fd8668c7e3664
This Metasploit module exploits a command injection vulnerability found within the sync_rserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist during the parsing of the $uuid parameter. This allows for the escaping of a system command allowing for arbitrary command execution as root.
c5d3cc878780fde621fb0eaa9cf72d1a173e80bb8af8c96151703f11d0f99f4d
This Metasploit module exploits a file upload vulnerability found within Cloudview NMS versions prior to 2.00b. The vulnerability is triggered by sending specialized packets to the server with directory traversal sequences to browse outside of the web root.
e1827b120d87b6594f212dd5b8a68e00064254f33d0e8e0ade054b8ab686c009
This Metasploit module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.
2ed851c0d5344e61f6b11707f88d95f097e974d5f1349cbebf251d2984413149
Carel PlantVisor version 2.4.4 suffers from a directory traversal vulnerability.
24843727412d5938ac625ddc4bb6aab5f7d5861d0d325fc6c554bc97ae658cad
This Metasploit module exploits a flaw found in Indusoft Web Studio versions 7.1 and below before SP2 Patch 4. This specific flaw allows users to browse outside of the webroot to download files found on the underlying system.
69837ade3b0e068ebe61226b3a690e4667a8c0997588612954ef1a13ff2efc5e
This Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested
4bbb870204cb160404324362d5f655c2e6ad6e3dcfa95efd62ae7ff34223cedd
This Metasploit module exploits a stack based buffer overflow found in KingScada versions prior to 3.1.2.13. The vulnerability is triggered when sending a specially crafted packet to the 'AlarmServer' (AEserver.exe) service listening on port 12401. During the parsing of the packet the 3rd dword is used as a size value for a memcpy operation which leads to an overflown stack buffer.
372002f341dbcef63350dadde1e01f17c8f3958551e72cc9370cf9d47ca6fe34
This Metasploit module exploits a buffer overflow vulnerability found in haneWIN DNS Server versions 1.5.3 and below. The vulnerability is triggered by sending an overly long packet to the victim server. A memcpy function blindly copies user supplied data to a fixed size buffer leading to remote code execution. This Metasploit module was tested against haneWIN DNS 1.5.3.
69375272f6b85af018f67e431cd2eee59a7193612cbbd63b5056a57a70383cd9
This Metasploit module exploits a buffer overflow vulnerability found in libpal.dll of Disk Pulse Server version 2.2.34. The overflow is triggered when sending an overly long 'GetServerInfo' request to the service listening on port 9120.
89e1fbaa5faa9d128da8744ffe8a79c7dc9dbc91064e2e5d365a74516ab37fc9
This Metasploit module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 versions 5.0.45.5921 and below. The overflow is triggered when WinPLC7 connects to a remote server and accepts a malicious packet. The first 2 bytes of this packet are read in and used as the size value for a later recv function. If a size value of sufficiently large size is supplied a stack buffer overflow will occur
257f496d5a691e764607b32eaae937eb56dfb812ba9f2eaf3af43286daab4e04
This Metasploit module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation versions 2.5.0 through 2.6.0 beta (builds prior to 430).
fb92778bf7cda183a3a910fce3a36043c3d1f3d8be5c5e940f23dc69bc468f83
This Metasploit module exploits a command injection flaw found in the get_log_line function found within Util.pm. The vulnerability is triggered due to an unsanitized $r_file parameter passed to a string which is then executed by the system
14ebb7003ddd92d32096f32666e2bc54c1e1aace1fdf8a426fd5d68b7e981878
This Metasploit module exploits a stack based buffer overflow found in Sielco Sistemi Winlog versions 2.07.16 and below. The overflow is triggered during the parsing of a maliciously crafted packet
b7800da35175855406221f63922413c3f00345939383e69eea5f9f84153c8730
This Metasploit module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer.
7fa33e91d816df5d477c2e8b7d0d36b10a92882d363ab5e703d2da1e002dfcf1
This Metasploit module exploits a stack buffer overflow found in Lockstep Backup for Workgroups versions 4.0.3 and below. The vulnerability is triggered when sending a specially crafted packet that will cause a login failure.
613182e151de70de17f950e560dafa0845ff260e64016fcceddf19108d53136c
This Metasploit module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe service listening on port 3000. During the copying of strings to the stack an unbounded sprintf() function overwrites the return pointer leading to remote code execution.
2879d01f8913ead6a90cab85b336de984e013e193a30e5d1247f6989b0fa4674
This Metasploit module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.
b127f7dc2ea89cebfead7d38c3b78d175b3375c0034def2f4e3b3e6395d6d22a
This Metasploit module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder version 3.11 Build 14701. The vulnerability is triggered when a client connects to a listening server. The client does not properly sanitize the length of the received input prior to placing it on the stack.
3f6a8bfbce639093ae67dd696b79c8bcb1d78b6454f530630255e7b1576b6ad6
This Metasploit module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition <= 11.2.1. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet found within the Inmservlets.war archive. This allows the attacker to upload a specially crafted file which leads to remote code execution in the context of the server user.
6bb5591eafa616f5e36341752eb9b1509345a01bc873e86d440ac1a861dcf3a4
This Metasploit module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition versions 11.2.1 and below. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet. This allows the attacker to upload a malicious jsp file to anywhere on the remote file system.
3c72a6b492a3a241415f122e7dda5e8764651e326570e7896eb20d1507455311