Section: .. / 0911-exploits /

Page 1 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 1 - 25 of 449

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	0911-exploits.tgz
Description:	This archive contains all of the 448 exploits added to Packet Storm in November, 2009.
Homepage:	http://packetstormsecurity.org/
File Size:	719858
Last Modified:	Dec 1 15:54:32 2009
MD5 Checksum:	3a2d0b09f8a74b536ed490a5c5591810

/// File Name:	altap_salamander_pdb.rb.txt
Description:	This Metasploit module exploits a buffer overflow in Altap Salamander <= v2.5. By creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander, the PDB file string is copied onto the stack and the SEH can be overwritten.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	75190
Related OSVDB(s):	37579
Related CVE(s):	CVE-2007-3314
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	8b0b10257bd6ddb25ec195a14935643f

/// File Name:	MORNINGSTAR-2009-02-CuteNews.txt
Description:	Cute News version 1.4.6 and UTF-8 Cute News suffer from cross site request forgery, cross site scripting, file path disclosure, local file inclusion, authentication bypass, and php command injection vulnerabilities.
Author:	Andrew Horton (urbanadventurer)
File Size:	19037
Last Modified:	Nov 16 20:37:23 2009
MD5 Checksum:	5dcec16d5b818f21db12e4efcd7d78a0

/// File Name:	PDFU3DExploitJS_CVE_2009_2990.py.tx..>
Description:	When a U3D CLODProgressiveMeshContinuation (blocktype: 0xFFFFFF3C) is parsed by Adobe Acrobat Reader U3D plugin the split position index is read from the input without any validation. That index is then used for getting an object out of the limits of the array, object from which a function pointer is dereferenced and called. Adobe Acrobat Reader version 8.1.6 and below and 9.1.3 and below are affected.
Author:	Felipe Andres Manzano
File Size:	18487
Related CVE(s):	CVE-2009-2990
Last Modified:	Nov 16 20:18:20 2009
MD5 Checksum:	40034ae18c2f05f734950b74bb35ae53

/// File Name:	CORE-2009-0814.txt
Description:	Core Security Technologies Advisory - HP Openview Network Node Manager is one of the most widely-deployed network monitoring and management platforms used throughout enterprise organizations today. The platform includes many server and client-side core components with a long list of previously disclosed security bugs. In this case, a remotely exploitable vulnerability was found in the database server core component used by NNM. Exploitation of the bug does not require authentication and will lead to a remotely triggered denial of service of the internal database service. HP Openview NNM version 7.53 is affected.
Homepage:	http://www.coresecurity.com/corelabs/
File Size:	17244
Related CVE(s):	CVE-2009-3840
Last Modified:	Nov 18 11:05:50 2009
MD5 Checksum:	478db223a44f2e0af69ed0e378911abb

/// File Name:	ImpelDown.c
Description:	Linux 2.6.x fs/pipe.c local kernel root exploit.
Author:	teach,xipe
Homepage:	http://www.vxhell.org/
File Size:	15088
Related CVE(s):	CVE-2009-3547
Last Modified:	Nov 16 20:03:13 2009
MD5 Checksum:	ee73ecf7a158f81ad0c97733841710ba

/// File Name:	smb_relay.rb.txt
Description:	This Metasploit module will relay SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. To exploit this, the target system must try to authenticate to this module. The easiest way to force a SMB authentication attempt is by embedding a UNC path (\\\\\\\\SERVER\\\\SHARE) into a web page or email message. When the victim views the web page or email, their system will automatically connect to the server specified in the UNC share (the IP address of the system running this module) and attempt to authenticate. Unfortunately, this module is not able to clean up after itself. The service and payload file listed in the output will need to be manually removed after access has been gained. The service created by this tool uses a randomly chosen name and description, so the services list can become cluttered after repeated exploitation. The SMB authentication relay attack was first reported by Sir Dystic on March 31st, 2001 at @lanta.con in Atlanta, Georgia. On November 11th 2008 Microsoft released bulletin MS08-068. This bulletin includes a patch which prevents the relaying of challenge keys back to the host which issued them, preventing this exploit from working in the default configuration. It is still possible to set the SMBHOST parameter to a third-party host that the victim is authorized to access, but the "reflection" attack has been effectively broken.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	14556
Related OSVDB(s):	49736
Related CVE(s):	CVE-2008-4037
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d205c4ca89f0c3ebef2501ee6f238df5

/// File Name:	osicodes-rfi.txt
Description:	OSI Codes PHP Live! Support version 3.1 suffers from a remote file inclusion vulnerability.
Author:	Don Tukulesto
Homepage:	http://www.indonesiancoder.com/
File Size:	14153
Last Modified:	Nov 23 18:02:37 2009
MD5 Checksum:	58a490ad8068bce4e00dc0550a3f2334

/// File Name:	ursoft_w32dasm.rb.txt
Description:	This Metasploit module exploits a buffer overflow in W32Dasm <= v8.93. By creating a malicious file and convincing a user to disassemble the file with a vulnerable version of W32Dasm, the Imports/Exports function is copied to the stack and arbitrary code may be executed locally as the user.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	14059
Related OSVDB(s):	13169
Related CVE(s):	CVE-2005-0308
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	8bb330dbe39f9d0d3d68d6036fe39c7c

/// File Name:	adobe_pdf_embedded_exe.rb.txt
Description:	This Metasploit module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.
Author:	Colin Ames
Homepage:	http://www.metasploit.com
File Size:	11869
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	9d5bf734432f0c2bcea426977e592d45

/// File Name:	wordpress285-exec.txt
Description:	WordPress versions 2.8.5 and below suffer from an unrestricted file upload vulnerability that allows for PHP code execution.
Author:	Dawid Golunski
File Size:	11201
Last Modified:	Nov 16 21:31:54 2009
MD5 Checksum:	4f86da13ceab3eacd225d5b53166a6b7

/// File Name:	ani_loadimage_chunksize.rb.txt
Description:	This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
Author:	H D Moore,skape
Homepage:	http://www.metasploit.com
File Size:	9857
Related OSVDB(s):	33629
Related CVE(s):	CVE-2007-0038, CVE-2007-1765
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	894c8dd4988bc61b523bf1b4fe614257

/// File Name:	CORE-2009-1027.txt
Description:	Core Security Technologies Advisory - A remotely exploitable vulnerability was found in the database server core component of IBM SolidDB. Exploitation of this bug does not require authentication and will lead to a remotely triggered denial of service of the database service.
Homepage:	http://www.coresecurity.com/corelabs/
File Size:	9157
Related CVE(s):	CVE-2009-3840
Last Modified:	Nov 18 19:03:18 2009
MD5 Checksum:	9820dbf2ebbf27080352d447cbbac752

/// File Name:	ie_xml_corruption.rb.txt
Description:	This Metasploit module exploits a vulnerability in the data binding feature of Internet Explorer. In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create a fake vtable at a known location with all methods pointing to our payload. Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	8970
Related OSVDB(s):	50622
Related CVE(s):	CVE-2008-4844
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	4098681f9e0ebbb4013f153e64cb4eea

/// File Name:	ssl-mitm.c
Description:	This is a proof of concept exploit for the man-in-the-middle vulnerability related to SSL/TLS.
Author:	Pavel Kankovsky
Related File:	Renegotiating_TLS.pdf
File Size:	8819
Last Modified:	Nov 5 20:19:39 2009
MD5 Checksum:	7c6436c06bcd90517f2546bb095b48b3

/// File Name:	opera-overrun.txt
Description:	Opera version 10.01 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
Author:	Maksymilian Arciemowicz
Homepage:	http://securityreason.com/
File Size:	8779
Related CVE(s):	CVE-2009-0689
Last Modified:	Nov 19 23:20:00 2009
MD5 Checksum:	4eed1f91da8b894812e6e7aa1fbcbc00

/// File Name:	msvidctl_mpeg2.rb.txt
Description:	This Metasploit module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow (BDATuner.MPEG2TuneRequest). By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option (otherwise randomized) - I)ruid
Author:	Trancer
Homepage:	http://www.metasploit.com
File Size:	8579
Related OSVDB(s):	55651
Related CVE(s):	CVE-2008-0015
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	9b9d26e9a03bbef70db82e706671e334

/// File Name:	ms06_040_netapi.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	8354
Related OSVDB(s):	27845
Related CVE(s):	CVE-2006-3439
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	09ce9abfa6366a47d09be140af9affef

/// File Name:	seamonkey-overrun.txt
Description:	SeaMonkey version 1.1.8 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
Author:	Maksymilian Arciemowicz
Homepage:	http://securityreason.com/
File Size:	8123
Related CVE(s):	CVE-2009-0689
Last Modified:	Nov 19 23:16:45 2009
MD5 Checksum:	156481702d578f1584e4a62d4ac6662c

/// File Name:	kdelibs-overrun.txt
Description:	KDE KDELibs version 4.3.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
Author:	Maksymilian Arciemowicz
Homepage:	http://securityreason.com/
File Size:	8009
Related CVE(s):	CVE-2009-0689
Last Modified:	Nov 19 23:21:14 2009
MD5 Checksum:	c9c854c631cfdcf40fb3ef8478b4792a

/// File Name:	ms04_007_killbill.rb.txt
Description:	This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.
Author:	Solar Eclipse
Homepage:	http://www.metasploit.com
File Size:	7825
Related OSVDB(s):	3902
Related CVE(s):	CVE-2003-0818
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	4e417beb7a5d0d2ab86d8e944de79bf6

/// File Name:	adobe_jbig2decode.rb.txt
Description:	This Metasploit module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This Metasploit module relies upon javascript for the heap spray.
Author:	Didier Stevens,MC,Russell Sanford,natron,redsand
Homepage:	http://www.metasploit.com
File Size:	7821
Related OSVDB(s):	52073
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	19c89751bf0373e4af9b9aa3630c9a20

/// File Name:	cve-2009-0692.c
Description:	ISC DHCP dhclient scripts_write_params() stack buffer overflow exploit.
Author:	Jon Oberheide
File Size:	7716
Related CVE(s):	CVE-2009-0692
Last Modified:	Nov 16 22:03:22 2009
MD5 Checksum:	0ec16a6f3d31b4088eedff4643bf281b

/// File Name:	CORE-2009-0908.txt
Description:	Core Security Technologies Advisory - Autodesk SoftImage Scene TOC suffers from an arbitrary command execution vulnerability.
Homepage:	http://www.coresecurity.com/corelabs/
File Size:	7609
Related CVE(s):	CVE-2009-3576
Last Modified:	Nov 23 18:26:12 2009
MD5 Checksum:	b209c96ce0b7ed762f088f1d97120089

/// File Name:	SWRX-2009-002.txt
Description:	The McAfee Network Security Manager suffers from authentication bypass and session hijacking vulnerabilities.
Author:	Daniel King
File Size:	7472
Related CVE(s):	CVE-2009-3566
Last Modified:	Nov 17 13:59:58 2009
MD5 Checksum:	4052cbc602f4bcb69136a5643ac19e2e