Section:  .. / 0912-exploits  /

Page 3 of 25
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 >> Files 50 - 75 of 600
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: oracle_dc_submittoexpress.rb.txt
Description:
 This Metasploit module exploits a stack overflow in Oracle Document Capture 10g (10.1.3.5.0). Oracle Document Capture 10g comes bundled with a third party ActiveX control emsmtp.dll (6.0.1.0). When passing a overly long string to the method "SubmitToExpress" an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3101
Related OSVDB(s):38335
Related CVE(s):CVE-2007-4607
Last Modified:Dec 30 22:16:30 2009
MD5 Checksum:90f704e94ac7935091f0e66cc3347471

 ///  File Name: symantec_altirisdeployment_runcmd.r..>
Description:
 This Metasploit module exploits a stack overflow in Symantec Altiris Deployment Solution. When sending an overly long string to RunCmd() method of AeXNSConsoleUtilities.dll (6.0.0.1426) an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2960
Related OSVDB(s):60496
Related CVE(s):CVE-2009-3033
Last Modified:Dec 30 22:15:54 2009
MD5 Checksum:e7bee240433f48b851a862df8e50ce02

 ///  File Name: awingsoft_web3d_bof.rb.txt
Description:
 This Metasploit module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x (WindsPly.ocx v3.6.0.0). This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code.
Author:Trancer,jduck,shinnai
Homepage:http://www.metasploit.com
File Size:4604
Related OSVDB(s):60017
Last Modified:Dec 30 22:15:08 2009
MD5 Checksum:6977698db9b53be800c84623cf31a3e0

 ///  File Name: ms09_072_style_object.rb.txt
Description:
 This Metasploit module exploits a vulnerability in the getElementsByTagName function as implemented within Internet Explorer.
Author:K4mr4n_st,jduck
Homepage:http://www.metasploit.com
File Size:4199
Related OSVDB(s):50622
Related CVE(s):CVE-2009-3672
Last Modified:Dec 30 22:14:37 2009
MD5 Checksum:97786207b093600b1d3b2d327858e77a

 ///  File Name: nctaudiofile2_setformatlikesample.r..>
Description:
 This Metasploit module exploits a stack overflow in the NCTAudioFile2.Audio ActiveX Control provided by various audio applications. By sending a overly long string to the "SetFormatLikeSample()" method, an attacker may be able to execute arbitrary code.
Author:MC,dookie,jduck
Homepage:http://www.metasploit.com
File Size:3585
Related OSVDB(s):32032
Related CVE(s):CVE-2007-0018
Last Modified:Dec 30 22:13:50 2009
MD5 Checksum:14e3c6dc8363e6a58fe53cc396099750

 ///  File Name: hp_loadrunner_addfolder.rb.txt
Description:
 This Metasploit module exploits a stack overflow in Persits Software Inc's XUpload ActiveX control(version 2.1.0.1) thats included in HP LoadRunner 9.0. By passing an overly long string to the AddFolder method, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2649
Related OSVDB(s):39901
Related CVE(s):CVE-2007-6530
Last Modified:Dec 30 22:13:19 2009
MD5 Checksum:13d41bbb2f7ab64df97deb75542c9756

 ///  File Name: awingsoft_winds3d_sceneurl.rb.txt
Description:
 This Metasploit module exploits an untrusted program execution vulnerability within the Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for IE (ActiveX), Opera (DLL) and Firefox (XPI). By setting the 'SceneURL' parameter to the URL to an executable, an attacker can execute arbitrary code. Testing was conducted using plugin version 3.5.0.9 for Firefox 3.5 and IE 8 on Windows XP SP3.
Author:jduck
Homepage:http://www.metasploit.com
File Size:2657
Related OSVDB(s):60049
Last Modified:Dec 30 22:12:30 2009
MD5 Checksum:30f77ed017089a5c3525f535c26b4c69

 ///  File Name: hp_loadrunner_addfile.rb.txt
Description:
 This Metasploit module exploits a stack overflow in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) thats included in HP LoadRunner 9.5. By passing an overly long string to the AddFile method, an attacker may be able to execute arbitrary code.
Author:jduck
Homepage:http://www.metasploit.com
File Size:2814
Related OSVDB(s):40762
Related CVE(s):CVE-2008-0492
Last Modified:Dec 30 22:11:33 2009
MD5 Checksum:2bc076f50063d771eb3c9d51361b66d5

 ///  File Name: altn_securitygateway.rb.txt
Description:
 Alt-N SecurityGateway is prone to a buffer overflow condition. This is due to insufficient bounds checking on the "username" parameter. Successful exploitation could result in code execution with SYSTEM level privileges. NOTE: This service doesn't restart, you'll only get one shot. However, it often survives a successful exploitation attempt.
Author:jduck
Homepage:http://www.metasploit.com
File Size:3634
Related OSVDB(s):45854
Related CVE(s):CVE-2008-4193
Last Modified:Dec 30 22:10:58 2009
MD5 Checksum:ddc08f6e706c6e3e358cd1bf8d367ec0

 ///  File Name: ibm_tsm_cad_header.rb.txt
Description:
 This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express CAD Service (5.3.3). By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:1926
Related OSVDB(s):38161
Related CVE(s):CVE-2007-4880
Last Modified:Dec 30 22:10:29 2009
MD5 Checksum:03d89e7b6bcbae05ee19902dea641c62

 ///  File Name: hp_nnm_snmp.rb.txt
Description:
 This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Snmp.exe, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:4388
Related OSVDB(s):60933
Related CVE(s):CVE-2009-3849
Last Modified:Dec 30 22:09:52 2009
MD5 Checksum:f3dff592142733af98e1a10e483aa4f2

 ///  File Name: servu_session_cookie.rb.txt
Description:
 This Metasploit module exploits a buffer overflow in Rhinosoft Serv-U 9.0.0.5. Sending a specially crafted POST request with an overly long session cookie string, an attacker may be able to execute arbitrary code.
Author:Megumi Yanagishita,Nikolas Rangos,jduck
Homepage:http://www.metasploit.com
File Size:3743
Related OSVDB(s):59772
Last Modified:Dec 30 22:09:18 2009
MD5 Checksum:931db12c36feeb70bd316fc1a6bf706d

 ///  File Name: hp_nnm_ovas.rb.txt
Description:
 This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager versions 7.53 and earlier. Specifically this vulnerability is caused by a failure to properly handle user supplied input within the HTTP request including headers and the actual URL GET request. Exploitation is tricky due to character restrictions. It was necessary to utilize a egghunter shellcode which was alphanumeric encoded by muts in the original exploit. If you plan on using exploit this for a remote shell, you will likely want to migrate to a different process as soon as possible. Any connections get reset after a short period of time. This is probably some timeout handling code that causes this.
Author:Mati Aharoni,bannedit
Homepage:http://www.metasploit.com
File Size:6240
Related OSVDB(s):43992
Related CVE(s):CVE-2008-1697
Last Modified:Dec 30 22:08:41 2009
MD5 Checksum:bb54d696766c058bd0726f076ef8a3a5

 ///  File Name: hp_power_manager_login.rb.txt
Description:
 This Metasploit module exploits a stack overflow in Hewlett-Packard Power Manager 4.2. Sending a specially crafted POST request with an overly long Login string, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2158
Related CVE(s):CVE-2009-2685
Last Modified:Dec 30 22:08:13 2009
MD5 Checksum:d083a669a38de915f56f08ca63add5be

 ///  File Name: windows-ftp-httpdx_tolog_format.rb...>
Description:
 This Metasploit module exploits a format string vulnerability in HTTPDX FTP server. By sending an specially crafted FTP command containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'moderator' user via FTP.
Author:jduck
Homepage:http://www.metasploit.com
File Size:6538
Related OSVDB(s):60181
Last Modified:Dec 30 22:06:39 2009
MD5 Checksum:7dd7f143f9f3899006734975639cc259

 ///  File Name: windows-http-httpdx_tolog_format.rb..>
Description:
 This Metasploit module exploits a format string vulnerability in HTTPDX HTTP server. By sending an specially crafted HTTP request containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'moderator' user via FTP.
Author:jduck
Homepage:http://www.metasploit.com
File Size:7262
Related OSVDB(s):60182
Last Modified:Dec 30 22:05:00 2009
MD5 Checksum:2ef6438aabb882fbfc39ba6f6434a25c

 ///  File Name: intersystems_cache.rb.txt
Description:
 This Metasploit module exploits a stack overflow in InterSystems Cache 2009.1. By sending a specially crafted GET request, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2193
Related OSVDB(s):60549
Last Modified:Dec 30 22:04:30 2009
MD5 Checksum:a5ea5541476b6ecd8f558a5413ac01f1

 ///  File Name: hp_nnm_openview5.rb.txt
Description:
 This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:1905
Related OSVDB(s):39530
Related CVE(s):CVE-2007-6204
Last Modified:Dec 30 22:04:00 2009
MD5 Checksum:1ba65afd7bcd1c24169583ef8ec79cca

 ///  File Name: ht_mp3player_ht3_bof.rb.txt
Description:
 This Metasploit module exploits a stack buffer overflow in HT-MP3Player 1.0. Arbitrary code execution could occur when parsing a specially crafted .HT3 file. NOTE: The player installation does not register the file type to be handled. Therefore, a user must take extra steps to load this file.
Author:His0k4,hack4love,jduck
Homepage:http://www.metasploit.com
File Size:2624
Related OSVDB(s):55449
Related CVE(s):CVE-2009-2485
Last Modified:Dec 30 22:02:05 2009
MD5 Checksum:fc4b61d07be1a4f390238d5ceb036748

 ///  File Name: adobe_illustrator_v14_eps.rb.txt
Description:
 Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit
Author:Nine:Situations:Group::pyrokinesis,dookie
Homepage:http://www.metasploit.com
File Size:3186
Related OSVDB(s):60632
Related CVE(s):CVE-2009-4195
Last Modified:Dec 30 22:01:35 2009
MD5 Checksum:a29b6ba2fc45ad8d4c35fa37754da562

 ///  File Name: ideal_administration_2009_ipj.rb.tx..>
Description:
 This Metasploit module exploits a stack overflow in IDEAL Administration v9.7. By creating a specially crafted ipj file, an attacker may be able to execute arbitrary code.
Author:Dr_IDE,dookie
Homepage:http://www.metasploit.com
File Size:2029
Related OSVDB(s):60681
Last Modified:Dec 30 21:59:44 2009
MD5 Checksum:5beb077e76a696ac088dd4ec57e4ea0f

 ///  File Name: proshow_cellimage_bof.rb.txt
Description:
 This Metasploit module exploits a stack-based buffer overflow in ProShow Gold v4.0.2549. An attacker must send the file to victim and the victim must open the file.
Author:jduck
Homepage:http://www.metasploit.com
File Size:2469
Related OSVDB(s):57226
Related CVE(s):CVE-2009-3214
Last Modified:Dec 30 21:58:18 2009
MD5 Checksum:dbb47c7ac2973e94c86b9a0de7d6800d

 ///  File Name: audio_wkstn_pls.rb.txt
Description:
 This Metasploit module exploits a buffer overflow in Audio Workstation 6.4.2.4.3. When opening a malicious pls file with the Audio Workstation, a remote attacker could overflow a buffer and execute arbitrary code.
Author:dookie,germaya_x
Homepage:http://www.metasploit.com
File Size:2047
Related OSVDB(s):55424
Related CVE(s):CVE-2009-0476
Last Modified:Dec 30 21:57:48 2009
MD5 Checksum:51d0b7111b163cd3f566db67fc6c852b

 ///  File Name: hhw_hhp_contentfile_bof.rb.txt
Description:
 This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74. By creating a specially crafted hhp file, an attacker may be able to execute arbitrary code.
Author:bratax,jduck
Homepage:http://www.metasploit.com
File Size:2251
Related OSVDB(s):22941
Related CVE(s):CVE-2006-0564
Last Modified:Dec 30 21:57:22 2009
MD5 Checksum:855f0897561ce5c98df9672b2300b988

 ///  File Name: galan_fileformat_bof.rb.txt
Description:
 This Metasploit module exploits a stack overflow in gAlan 0.2.1. By creating a specially crafted galan file, an attacker may be able to execute arbitrary code.
Author:Jeremy Brown,loneferret
Homepage:http://www.metasploit.com
File Size:1773
Related OSVDB(s):60897
Last Modified:Dec 30 21:52:14 2009
MD5 Checksum:6bbdb4c3ea7234bbca3bcc671c16b6e0