Section: .. / 0911-exploits /

Page 14 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 325 - 350 of 449

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	realwin.rb.txt
Description:	This Metasploit module exploits a stack overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.0.10.37). By sending a specially crafted FC_INFOTAG/SET_CONTROL packet, an attacker may be able to execute arbitrary code.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1945
Related OSVDB(s):	48606
Related CVE(s):	CVE-2008-4322
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	7f59e4c978df5b696017cc5bc744f09e

/// File Name:	remote_agent.rb.txt
Description:	This Metasploit module exploits a stack overflow in the Veritas BackupExec Windows Agent software. This vulnerability occurs when a client authentication request is received with type '3' and a long password argument. Reliable execution is obtained by abusing the stack overflow to smash a SEH pointer.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	3587
Related OSVDB(s):	17624
Related CVE(s):	CVE-2005-0773
Last Modified:	Oct 30 17:01:09 2009
MD5 Checksum:	4557d9e2aa7bd8179563c3a1b6a4abaa

/// File Name:	roxio_cineplayer.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow in SonicPlayer ActiveX control (SonicMediaPlayer.dll) 3.0.0.1 installed by Roxio CinePlayer 3.2. By setting an overly long value to 'DiskType', an attacker can overrun a buffer and execute arbitrary code.
Author:	Trancer
Homepage:	http://www.metasploit.com
File Size:	3510
Related OSVDB(s):	34779
Related CVE(s):	CVE-2007-1559
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d702dd32e39d1ef28a59dd49e3fb415b

/// File Name:	rsa_webagent_redirect.rb.txt
Description:	This Metasploit module exploits a stack overflow in the SecurID Web Agent for IIS. This ISAPI filter runs in-process with inetinfo.exe, any attempt to exploit this flaw will result in the termination and potential restart of the IIS service.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	3030
Related OSVDB(s):	20151
Related CVE(s):	CVE-2005-4734
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	11717250820087d585d235ad373f2a29

/// File Name:	rzphp-bypass.txt
Description:	Robert Zimmerman PHP / MYSQL scripts suffer from an administrative bypass vulnerability.
Author:	nojacipka4
File Size:	449
Last Modified:	Nov 30 21:04:48 2009
MD5 Checksum:	1937c292c642910c45fb2ef2c10a7985

/// File Name:	safenet_ike_11.rb.txt
Description:	This Metasploit module exploits a stack overflow in Safenet SoftRemote IKE IreIKE.exe service. When sending a specially crafted udp packet to port 62514 an attacker may be able to execute arbitrary code. This Metasploit module has been tested with Juniper NetScreen-Remote 10.8.0 (Build 20) using windows/meterpreter/reverse_ord_tcp payloads.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	4200
Related OSVDB(s):	54831
Related CVE(s):	CVE-2009-1943
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	693347c05eeaf84f2c8e0f1db86d4c61

/// File Name:	sami_ftpd_user.rb.txt
Description:	This Metasploit module exploits the KarjaSoft Sami FTP Server version 2.02 by sending an excessively long USER string. The stack is overwritten when the administrator attempts to view the FTP logs. Therefore, this exploit is passive and requires end-user interaction. Keep this in mind when selecting payloads. When the server is restarted, it will re-execute the exploit until the logfile is manually deleted via the file system.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2878
Related OSVDB(s):	25670
Related CVE(s):	CVE-2006-0441, CVE-2006-2212
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	cdd873f272de57650477e7e4afc1c838

/// File Name:	sap_2005_license.rb.txt
Description:	This Metasploit module exploits a stack overflow in the SAP Business One 2005 License Manager 'NT Naming Service' A and B releases. By sending an excessively long string the stack is overwritten enabling arbitrary code execution.
Author:	Jacopo Cervini
Homepage:	http://www.metasploit.com
File Size:	2051
Related OSVDB(s):	56837
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	72c7933317e0d71a135cbb16c84c33e7

/// File Name:	sapdb_webtools.rb.txt
Description:	This Metasploit module exploits a stack overflow in SAP DB 7.4 WebTools. By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code. Using the PAYLOAD of windows/shell_bind_tcp or windows/shell_reverse_tcp allows for the most reliable results.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2126
Related OSVDB(s):	37838
Related CVE(s):	CVE-2007-3614
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	f7aad34dc11523f1e10b33fad8d02fe1

/// File Name:	sapgui_saveviewtosessionfile.rb.txt
Description:	This Metasploit module exploits a stack overflow in Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control that is bundled with SAPgui. When passing an overly long string the SaveViewToSessionFile() method, arbitrary code may be executed.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	3670
Related OSVDB(s):	53066
Related CVE(s):	CVE-2007-4475
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	540d7200ed86f4aaabfcac7cf9890aab

/// File Name:	saplpd.rb.txt
Description:	This Metasploit module exploits a stack overflow in SAPlpd 6.28 (SAP Release 6.40). By sending an overly long argument, an attacker may be able to execute arbitrary code.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1778
Related OSVDB(s):	41127
Related CVE(s):	CVE-2008-0621
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	68b773c28b5671d16f23589113be97d7

/// File Name:	sascam_get.rb.txt
Description:	The SasCam Webcam Server ActiveX control is vulnerable to a buffer overflow. By passing an overly long argument via the Get method, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user. This control is not marked safe for scripting, please choose your attack vector carefully.
Author:	dean
Homepage:	http://www.metasploit.com
File Size:	3429
Related OSVDB(s):	55945
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	520a186c72bdfda7485ac2d0b0ec7c01

/// File Name:	sasser_ftpd_port.rb.txt
Description:	This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.
Author:	Val Smith,chamuco,patrick
Homepage:	http://www.metasploit.com
File Size:	1797
Related OSVDB(s):	6197
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d43c04ad521b75f49917fecff05e6333

/// File Name:	savant_31_overflow.rb.txt
Description:	This Metasploit module exploits a stack overflow in Savant 3.1 Web Server. The service supports a maximum of 10 threads (for a default install). Each exploit attempt generally causes a thread to die whether successful or not. Therefore you only have 10 chances (unless non-default).
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	3351
Related OSVDB(s):	9829
Related CVE(s):	CVE-2002-1120
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	14110dcd7eb8eac8e82254d45c0f87fe

/// File Name:	seamonkey-overrun.txt
Description:	SeaMonkey version 1.1.8 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
Author:	Maksymilian Arciemowicz
Homepage:	http://securityreason.com/
File Size:	8123
Related CVE(s):	CVE-2009-0689
Last Modified:	Nov 19 23:16:45 2009
MD5 Checksum:	156481702d578f1584e4a62d4ac6662c

/// File Name:	seattlelab_pass.rb.txt
Description:	There exists an unauthenticated buffer overflow vulnerability in the POP3 server of Seattle Lab Mail 5.5 when sending a password with excessive length. Successful exploitation should not crash either the service or the server; however, after initial use the port cannot be reused for successive exploitation until the service has been restarted. Consider using a command execution payload following the bind shell to restart the service if you need to reuse the same port. The overflow appears to occur in the debugging/error reporting section of the slmail.exe executable, and there are multiple offsets that will lead to successful exploitation. This exploit uses 2606, the offset that creates the smallest overall payload. The other offset is 4654. The return address is overwritten with a "jmp esp" call from the application library SLMFC.DLL found in %SYSTEM%\\\\system32\\\\. This return address works against all version of Windows and service packs. The last modification date on the library is dated 06/02/99. Assuming that the code where the overflow occurs has not changed in some time, prior version of SLMail may also be vulnerable with this exploit. The author has not been able to acquire older versions of SLMail for testing purposes. Please let us know if you were able to get this exploit working against other SLMail versions.
Author:	stinko
Homepage:	http://www.metasploit.com
File Size:	3607
Related OSVDB(s):	12002
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	31727f3f716d9e66cb4a7a16fce801c3

/// File Name:	securecrt_ssh1.rb.txt
Description:	This Metasploit module exploits a buffer overflow in SecureCRT <= 4.0 Beta 2. By sending a vulnerable client an overly long SSH1 protocol identifier string, it is possible to execute arbitrary code. This Metasploit module has only been tested on SecureCRT 3.4.4.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1946
Related OSVDB(s):	4991
Related CVE(s):	CVE-2002-1059
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	75a7ffeea7fe910cfa88ec1979cbec61

/// File Name:	sentinel_lm7_udp.rb.txt
Description:	This Metasploit module exploits a simple stack overflow in the Sentinel License Manager. The SentinelLM service is installed with a wide selection of products and seems particular popular with academic products. If the wrong target value is selected, the service will crash and not restart.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2621
Related OSVDB(s):	14605
Related CVE(s):	CVE-2005-0353
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	0bfef000329c917fbe457948c9038027

/// File Name:	serenityaudio-overflow.txt
Description:	Serenity Audio Player playlist buffer overflow exploit that creates a malicious .m3u file. Versions 3.2.3 and below are affected.
Author:	mr_me
File Size:	3901
Last Modified:	Nov 27 16:23:11 2009
MD5 Checksum:	0d5ccd038d4d630629baef93f693c5e1

/// File Name:	servu-overflow.txt
Description:	Rhinosoft.com Serv-U web client version 9.0.0.5 suffers from a remote buffer overflow vulnerability. Proof of concept code included.
Author:	Nikolaos Rangos
File Size:	2224
Last Modified:	Nov 2 23:47:04 2009
MD5 Checksum:	3be5afefa6fef4916df79eb5c41a0972

/// File Name:	servu_mdtm.rb.txt
Description:	This is an exploit for the Serv-U's MDTM command timezone overflow. It has been heavily tested against versions 4.0.0.4/4.1.0.0/4.1.0.3/5.0.0.0 with success against nt4/2k/xp/2k3. I have also had success against version 3, but only tested 1 version/os. The bug is in all versions prior to 5.0.0.4, but this exploit will not work against versions not listed above. You only get one shot, but it should be OS/SP independent. This exploit is a single hit, the service dies after the shellcode finishes execution.
Author:	spoonm
Homepage:	http://www.metasploit.com
File Size:	5677
Related OSVDB(s):	4073
Related CVE(s):	CVE-2004-0330
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	3c3e798367f555e4fb0346813c33a307

/// File Name:	shixxnote_font.rb.txt
Description:	This Metasploit module exploits a buffer overflow in ShixxNOTE 6.net. The vulnerability is caused due to boundary errors in the handling of font fields.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1907
Related OSVDB(s):	10721
Related CVE(s):	CVE-2004-1595
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	892334061ff66af3ed77a6a6cb4620b5

/// File Name:	shoutbox10-xss.txt
Description:	Shoutbox version 1.0 suffers from a cross site scripting vulnerability.
Author:	SkuLL-HacKeR
File Size:	624
Last Modified:	Nov 18 08:47:37 2009
MD5 Checksum:	8ce567b2da0a1e43c914956d462dc67a

/// File Name:	shoutcast_format.rb.txt
Description:	This Metasploit module exploits a format string vulnerability in the Nullsoft SHOUTcast server for Windows. The vulnerability is triggered by requesting a file path that contains format string specifiers. This vulnerability was discovered by Tomasz Trojanowski and Damian Put.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2864
Related OSVDB(s):	12585
Related CVE(s):	CVE-2004-1373
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	701edb6431e0df222813fa3a50ede484

/// File Name:	shttpd_post.rb.txt
Description:	This Metasploit module exploits a stack overflow in SHTTPD <= 1.34. The vulnerability is caused due to a boundary error within the handling of POST requests. Based on an original exploit by skOd but using a different method found by hdm.
Author:	H D Moore,LMH,skOd
Homepage:	http://www.metasploit.com
File Size:	2486
Related OSVDB(s):	29565
Related CVE(s):	CVE-2006-5216
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	b21fb21fbf2bc5aea9b40ebb37bd6696