Section: .. / 0910-exploits /

Page 5 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 100 - 125 of 210

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	ONSEC-09-020.txt
Description:	Mura CMS versions 5.1 and below suffer from a remote root folder disclosure vulnerability.
Author:	Vladimir Vorontsov
File Size:	2745
Last Modified:	Oct 29 19:10:05 2009
MD5 Checksum:	c704de36c333d5d41d1a7322de40af60

/// File Name:	alleycodehe-overflow.txt
Description:	Alleycode HTML Editor version 2.2.1 local overflow exploit that creates a malicious .html file.
Author:	Dr_IDE
File Size:	2739
Last Modified:	Oct 21 12:30:42 2009
MD5 Checksum:	fc1ec70f858591e844054860facbaca4

/// File Name:	ntp_overflow.rb.txt
Description:	This Metasploit module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2730
Related OSVDB(s):	805
Related CVE(s):	CVE-2001-0414
Last Modified:	Oct 27 17:30:47 2009
MD5 Checksum:	5e227b8fec1a9ac01b1964aa5e77f258

/// File Name:	php_wordpress_lastpost.rb.txt
Description:	This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affected.
Author:	str0ke
File Size:	2704
Related OSVDB(s):	18672
Related CVE(s):	CVE-2005-2612
Last Modified:	Oct 30 14:47:48 2009
MD5 Checksum:	f0c5a85b146ef22ce67312366495cb42

/// File Name:	trans2open.rc.txt
Description:	This Metasploit module exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2660
Related OSVDB(s):	4469
Related CVE(s):	CVE-2003-0201
Last Modified:	Oct 28 16:03:53 2009
MD5 Checksum:	106a9258f6f5ff6fa77fc7c7c272ea31

/// File Name:	awstats_configdir_exec.rb.txt
Description:	This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.
Author:	Matteo Cantoni
File Size:	2657
Related OSVDB(s):	13002
Related CVE(s):	CVE-2005-0116
Last Modified:	Oct 30 13:56:51 2009
MD5 Checksum:	02483e787ea513ae301a4e1cbd1ad9b4

/// File Name:	distcc_exec.rb.txt
Description:	This Metasploit module uses a documented security weakness to execute arbitrary commands on any system running distccd.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2643
Related OSVDB(s):	13378
Related CVE(s):	CVE-2004-2687
Last Modified:	Oct 28 19:37:04 2009
MD5 Checksum:	07af102ab61b4945263c0c9f76b12255

/// File Name:	cleanup_exec.rb.txt
Description:	This exploit abuses an unpublished vulnerability in the HP-UX LPD service. This flaw allows an unauthenticated attacker to execute arbitrary commands with the privileges of the root user. The LPD service is only exploitable when the address of the attacking system can be resolved by the target. This vulnerability was silently patched with the buffer overflow flaws addressed in HP Security Bulletin HPSBUX0208-213.
Author:	H D Moore
File Size:	2641
Related OSVDB(s):	9638
Related CVE(s):	CVE-2002-1472
Last Modified:	Oct 27 11:56:03 2009
MD5 Checksum:	b31be42182fecda91b552ea1d4d7343d

/// File Name:	boxalino-traversal.txt
Description:	Boxalino suffers from a directory traversal vulnerability.
Author:	Axel Neumann
Homepage:	http://www.csnc.ch/
File Size:	2613
Related CVE(s):	CVE-2009-1479
Last Modified:	Oct 20 23:12:34 2009
MD5 Checksum:	366da064432d058a1a415fb3f17ba27e

/// File Name:	contentkeeperweb_mimencode.rb.txt
Description:	This Metasploit module exploits the ContentKeeper Web Appliance. Versions prior to 125.10 are affected. This module exploits a combination of weaknesses to enable remote command execution as the Apache user. Following exploitation it is possible to abuse an insecure PATH call to 'ps' etc in setuid 'benetool' to escalate to root.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2578
Related OSVDB(s):	54551,54552
Last Modified:	Oct 28 19:35:16 2009
MD5 Checksum:	d9d583b51da3ea97779cd2b73646e602

/// File Name:	cacti_graphimage_exec.rb.txt
Description:	This Metasploit module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graph_view.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable.
Author:	David Maciejak
File Size:	2572
Related OSVDB(s):	17539
Last Modified:	Oct 30 14:03:33 2009
MD5 Checksum:	a01ab56d13daa20513d8cad08ab4cadf

/// File Name:	loginext.rb.txt
Description:	This Metasploit module exploits a stack overflow in the AppleFileServer service on MacOS X. This vulnerability was originally reported by Atstake and was actually one of the few useful advisories ever published by that company. You only have one chance to exploit this bug. This particular exploit uses a stack-based return address that will only work under optimal conditions.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2545
Related OSVDB(s):	5762
Related CVE(s):	CVE-2004-0430
Last Modified:	Oct 28 14:53:39 2009
MD5 Checksum:	c5d220500644b606493b5cdc461b5bbd

/// File Name:	guestbook_ssi_exec.rb.txt
Description:	The Matt Wright guestbook.pl versions 2.3.1 and below CGI script contains a flaw that may allow arbitrary command execution. The vulnerability requires that HTML posting is enabled in the guestbook.pl script, and that the web server must have the Server-Side Include (SSI) script handler enabled for the '.html' file type. By combining the script weakness with non-default server configuration, it is possible to exploit this vulnerability successfully.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2532
Related OSVDB(s):	84
Related CVE(s):	CVE-1999-1053
Last Modified:	Oct 30 14:12:30 2009
MD5 Checksum:	268d892de6ce7926d9ad13cc61ac426e

/// File Name:	barracuda_img_exec.rb.txt
Description:	This Metasploit module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable.
Author:	Nicolas Gregoire
File Size:	2507
Related OSVDB(s):	19279
Related CVE(s):	CVE-2005-2847
Last Modified:	Oct 30 14:00:12 2009
MD5 Checksum:	e19faa53d1b2d356c59201c2cddaf94a

/// File Name:	httpdx_handlepeer.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow vulnerability in HTTPDX HTTP server 1.4. The vulnerability is caused due to a boundary error within the "h_handlepeer()" function in http.cpp. By sending an overly long HTTP request, an attacker can overrun a buffer and execute arbitrary code.
Author:	Pankaj Kohli,Trancer
Homepage:	http://www.rec-sec.com/
File Size:	2488
Related OSVDB(s):	58714
Last Modified:	Oct 16 19:30:27 2009
MD5 Checksum:	8f618cb9fb2dae93b8a74aa7b8a6060c

/// File Name:	alleycode-overflow.txt
Description:	AlleyCode version 2.21 suffers from a buffer overflow vulnerability.
Author:	Rafael Sousa
File Size:	2485
Last Modified:	Oct 6 19:27:50 2009
MD5 Checksum:	e35383ed4fde059121853b9d2a6b3b51

/// File Name:	dogfood_spell_exec.rb.txt
Description:	This Metasploit module exploits a previously unpublished vulnerability in the Dogfood CRM mail function which is vulnerable to command injection in the spell check feature. Because of character restrictions, this exploit works best with the double-reverse telnet payload. This vulnerability was discovered by LSO and affects version 2.0.10.
Author:	LSO
File Size:	2444
Related OSVDB(s):	54707
Last Modified:	Oct 30 14:06:37 2009
MD5 Checksum:	681a3fad02a7853735d87a2231ee793c

/// File Name:	xtacacsd_report.rb.txt
Description:	This Metasploit module exploits a stack overflow in XTACACSD versions 4.1.2 and below. By sending a specially crafted XTACACS packet with an overly long username, an attacker may be able to execute arbitrary code.
Author:	MC
File Size:	2421
Related OSVDB(s):	58140
Related CVE(s):	CVE-2008-7232
Last Modified:	Oct 27 11:43:47 2009
MD5 Checksum:	0dd40e3202619f4add892cc5cef93a44

/// File Name:	riorey-passwd.txt
Description:	Riorey DDoS mitigation appliances suffer from a very poor design vulnerability where they have a hardcoded root login and password for automation. Fail!
Author:	Marek Kroemeke
File Size:	2402
Last Modified:	Oct 7 22:04:44 2009
MD5 Checksum:	e5537fe045b3a9e6407e302e8380e079

/// File Name:	snortbopre.rb.txt
Description:	This Metasploit module exploits a stack overflow in the Back Orifice pre-processor module included with Snort versions 2.4.0, 2.4.1, 2.4.2, and 2.4.3. This vulnerability could be used to completely compromise a Snort sensor, and would typically gain an attacker full root or administrative privileges.
Author:	Lau KaiJern
File Size:	2402
Related OSVDB(s):	20034
Related CVE(s):	CVE-2005-3252
Last Modified:	Oct 27 13:43:05 2009
MD5 Checksum:	2380abc1b12bb852042aa564e3e1b09f

/// File Name:	alcatel_omnipcx_mastercgi_exec.rb.t..>
Description:	This Metasploit module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary commands by specifying shell metacharacters as the 'user' within the 'ping' action to obtain 'httpd' user access. This module only supports command line payloads, as the httpd process kills the reverse/bind shell spawn after the HTTP 200 OK response.
Author:	patrick
File Size:	2386
Related OSVDB(s):	40521
Related CVE(s):	CVE-2007-3010
Last Modified:	Oct 27 13:25:59 2009
MD5 Checksum:	e35d8f41ae5ff6a9548b0feef3d49d72

/// File Name:	fuser.rb.txt
Description:	This Metasploit module exploits the argument injection vulnerability in the telnet daemon (in.telnetd) of Solaris 10 and 11.
Author:	MC
File Size:	2368
Related OSVDB(s):	31881
Related CVE(s):	CVE-2007-0882
Last Modified:	Oct 28 19:30:37 2009
MD5 Checksum:	5c9d0310bed692855ab74a2227508cc0

/// File Name:	mercantec_softcart.rb.txt
Description:	This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.
Author:	trew,skape
File Size:	2336
Related OSVDB(s):	9011
Related CVE(s):	CVE-2004-2221
Last Modified:	Oct 27 11:35:26 2009
MD5 Checksum:	d90c8be4dea2e6e590bf5767c2ab4e57

/// File Name:	vmware86.tar.gz
Description:	VMWare Workstation Virtual 8086 Linux Local ring0 exploit.
Author:	Julien Tinnes,Tavis Ormandy
File Size:	2320
Related CVE(s):	CVE-2009-2267
Last Modified:	Oct 27 17:56:54 2009
MD5 Checksum:	f0fbf0b88d488847d728b1c5ed6154de

/// File Name:	joomlacbrb-sql.txt
Description:	The Joomla CB Resume Builder component suffers from a remote SQL injection vulnerability.
Author:	kaMtiEz
Homepage:	http://www.indonesiancoder.com/
File Size:	2268
Last Modified:	Oct 5 20:45:10 2009
MD5 Checksum:	0493deded6e53a09de3b4bf049573ba9