Section: .. / 0912-exploits /

Page 2 of 25
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 >> Files 25 - 50 of 600

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	windows-http-httpdx_tolog_format.rb..>
Description:	This Metasploit module exploits a format string vulnerability in HTTPDX HTTP server. By sending an specially crafted HTTP request containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'moderator' user via FTP.
Author:	jduck
Homepage:	http://www.metasploit.com
File Size:	7262
Related OSVDB(s):	60182
Last Modified:	Dec 30 22:05:00 2009
MD5 Checksum:	2ef6438aabb882fbfc39ba6f6434a25c

/// File Name:	playmenowm3u-overflow.txt
Description:	PlayMeNow buffer overflow exploit that creates a malicious .m3u file that will bind a shell to port 4444.
Author:	Gr33nG0bL1n
File Size:	7210
Last Modified:	Dec 21 17:00:34 2009
MD5 Checksum:	b21f079fbde720b27adeff99f54ed140

/// File Name:	261820-exec.txt
Description:	Linux kernel 2.6.18-20 2009 local root exploit.
Author:	DigitALL
File Size:	6689
Last Modified:	Dec 23 11:37:57 2009
MD5 Checksum:	6991457c50ee04762e1f29584f34e12b

/// File Name:	CORE-2009-0911.txt
Description:	Core Security Technologies Advisory - DAZ Studio is a 3D figure illustration/animation application released by DAZ 3D Inc. DAZ Studio can be accessed via a scripting language which allows for quite a bit of diversity in tool creation. DAZ Studio does not ask for any confirmation from the user prior to executing a scripting file with any of the following extensions: .ds, .dsa, .dse, .dsb. An attacker could abuse the scripting interface by enticing an unsuspecting user to open a malicious scripting file, thus obtaining remote code execution. Proof of concept code included.
Homepage:	http://www.coresecurity.com/corelabs/
File Size:	6547
Related CVE(s):	CVE-2009-4148
Last Modified:	Dec 3 16:06:21 2009
MD5 Checksum:	d9c21d30ac2d229c35e2a6ddd7d12a5f

/// File Name:	windows-ftp-httpdx_tolog_format.rb...>
Description:	This Metasploit module exploits a format string vulnerability in HTTPDX FTP server. By sending an specially crafted FTP command containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'moderator' user via FTP.
Author:	jduck
Homepage:	http://www.metasploit.com
File Size:	6538
Related OSVDB(s):	60181
Last Modified:	Dec 30 22:06:39 2009
MD5 Checksum:	7dd7f143f9f3899006734975639cc259

/// File Name:	regetdeluxe-overflow.txt
Description:	ReGet Deluxe version 5.2 stack overflow exploit that creates a malicious .wjf file.
Author:	Encrypt3d.M!nd
File Size:	6491
Last Modified:	Dec 29 19:54:04 2009
MD5 Checksum:	724d64b9d001cce14f27b57cd6468af4

/// File Name:	windows-browser-adobe_flatedecode_p..>
Description:	This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Author:	Joshua D Abraham,jduck
Homepage:	http://www.metasploit.com
File Size:	6410
Related OSVDB(s):	58729
Related CVE(s):	CVE-2009-3459
Last Modified:	Dec 30 21:47:36 2009
MD5 Checksum:	0c17e02e00e4ecd3235b2f89100423bd

/// File Name:	windows-fileformat-adobe_flatedecod..>
Description:	This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
Author:	jduck
Homepage:	http://www.metasploit.com
File Size:	6299
Related OSVDB(s):	58729
Related CVE(s):	CVE-2009-3459
Last Modified:	Dec 30 21:45:44 2009
MD5 Checksum:	803ecd76d10f8d20f5aa9805f998eef9

/// File Name:	flock252-overrun.txt
Description:	Flock version 2.5.2 suffers from a remote array overrun that allows for arbitrary code execution.
Author:	Maksymilian Arciemowicz
Homepage:	http://securityreason.com/
File Size:	6297
Related CVE(s):	CVE-2009-0689
Last Modified:	Dec 11 22:56:55 2009
MD5 Checksum:	8bd257f5c37e7d1df795ce91e2921dc1

/// File Name:	hp_nnm_ovas.rb.txt
Description:	This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager versions 7.53 and earlier. Specifically this vulnerability is caused by a failure to properly handle user supplied input within the HTTP request including headers and the actual URL GET request. Exploitation is tricky due to character restrictions. It was necessary to utilize a egghunter shellcode which was alphanumeric encoded by muts in the original exploit. If you plan on using exploit this for a remote shell, you will likely want to migrate to a different process as soon as possible. Any connections get reset after a short period of time. This is probably some timeout handling code that causes this.
Author:	Mati Aharoni,bannedit
Homepage:	http://www.metasploit.com
File Size:	6240
Related OSVDB(s):	43992
Related CVE(s):	CVE-2008-1697
Last Modified:	Dec 30 22:08:41 2009
MD5 Checksum:	bb54d696766c058bd0726f076ef8a3a5

/// File Name:	chipmunkbs-xsrf.txt
Description:	Chipmunk Board Script 1.x suffers from multiple cross site request forgery vulnerabilities.
Author:	Milos Zivanovic
File Size:	6059
Last Modified:	Dec 13 18:30:04 2009
MD5 Checksum:	9a748d904b84c55b231d1626e5e746eb

/// File Name:	pbxps-xss.txt
Description:	PBX Business Phone Application versions 2.6.x and 2.5.2.x suffer from cross site scripting vulnerabilities.
Author:	Global-Evolution
File Size:	5931
Last Modified:	Dec 29 18:56:24 2009
MD5 Checksum:	464b80bb0ffef17901543dbe318e1956

/// File Name:	pandorafms-sql.txt
Description:	The Pandora FMS monitoring application versions 2.1.x and 3.x suffer from a remote SQL injection vulnerability.
Author:	Global-Evolution
File Size:	5705
Last Modified:	Dec 21 18:09:55 2009
MD5 Checksum:	18ca88e63f85aaad73838b1453807b6f

/// File Name:	windows-browser-adobe_media_newplay..>
Description:	This Metasploit module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
Author:	H D Moore,Joshua D Abraham,Pusscat,jduck
Homepage:	http://www.metasploit.com
File Size:	5646
Related OSVDB(s):	60980
Related CVE(s):	CVE-2009-4324
Last Modified:	Dec 30 21:48:52 2009
MD5 Checksum:	44af4761af5272cb4f818225e4db4716

/// File Name:	mybookworld-xss.txt
Description:	My Book World Edition NAS suffers from remote command execution and cross site scripting vulnerabilities.
Author:	emgent
File Size:	5633
Last Modified:	Dec 30 18:50:17 2009
MD5 Checksum:	603bb845511cbdced05e878c1fa933cc

/// File Name:	ms06_070_wkssvc.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetApi32 NetpManageIPCConnect function using the Workstation service in Windows 2000 SP4 and Windows XP SP2. In order to exploit this vulnerability, you must specify a the name of a valid Windows DOMAIN. It may be possible to satisfy this condition by using a custom dns and ldap setup, however that method is not covered here. Although Windows XP SP2 is vulnerable, Microsoft reports that Administrator credentials are required to reach the vulnerable code. Windows XP SP1 only requires valid user credentials. Also, testing shows that a machine already joined to a domain is not exploitable.
Author:	jduck
Homepage:	http://www.metasploit.com
File Size:	5623
Related OSVDB(s):	30263
Related CVE(s):	CVE-2006-4691
Last Modified:	Dec 30 22:20:56 2009
MD5 Checksum:	e76d81bd330174da3b3561db126d28f5

/// File Name:	quixplorer-lfitraversalexec.txt
Description:	QuiXplorer versions 2.4.1beta suffer from a remote code execution vulnerability due to being susceptible to local file inclusion and directory traversal issues.
Author:	Juan Galiana Lara
File Size:	5622
Last Modified:	Dec 17 20:28:55 2009
MD5 Checksum:	63c5bab747839a116022c5c232eee37a

/// File Name:	ms03_046_exchange2000_xexch50.rb.tx..>
Description:	This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This Metasploit module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes between one and 100 connection attempts to successfully obtain a shell. This exploit is very unreliable.
Author:	H D Moore,patrick
Homepage:	http://www.metasploit.com
File Size:	5600
Related OSVDB(s):	2674
Related CVE(s):	CVE-2003-0714
Last Modified:	Dec 30 21:27:04 2009
MD5 Checksum:	04b5da0fb13c72f42f0f285a8edfb33d

/// File Name:	adobe_newplayer.py.txt
Description:	Proof of concept code that generates a PDF file to be loaded by Adobe Reader or Acrobat. It demonstrates a use-after-free vulnerability by spawning calc.exe.
Author:	Ahmed Obied
File Size:	5582
Related CVE(s):	CVE-2009-4324
Last Modified:	Dec 22 12:24:00 2009
MD5 Checksum:	81173eb4bc40d9297a166b2c0e9b76c4

/// File Name:	windows-fileformat-adobe_media_newp..>
Description:	This Metasploit module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
Author:	H D Moore,Pusscat,jduck
Homepage:	http://www.metasploit.com
File Size:	5572
Related OSVDB(s):	60980
Related CVE(s):	CVE-2009-4324
Last Modified:	Dec 30 21:48:23 2009
MD5 Checksum:	bc70df3d8e5b6c647e190e6911d48d20

/// File Name:	java_setdifficm_bof.rb.txt
Description:	This Metasploit module exploits a flaw in the setDiffICM function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
Author:	jduck
Homepage:	http://www.metasploit.com
File Size:	5556
Related OSVDB(s):	59710
Related CVE(s):	CVE-2009-3869
Last Modified:	Dec 30 21:06:30 2009
MD5 Checksum:	50b1436fb0943fc3b430eb89224fdb18

/// File Name:	java_getsoundbank_bof.rb.txt
Description:	This Metasploit module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
Author:	Kevin Finisterre
Homepage:	http://www.metasploit.com
File Size:	5544
Related OSVDB(s):	59711
Related CVE(s):	CVE-2009-3867
Last Modified:	Dec 30 21:05:43 2009
MD5 Checksum:	a4f20e563a81acc21752e47601b937da

/// File Name:	SA-20091217-0.txt
Description:	Sitecore Staging Module versions 5.4.0 revision 080625 and below suffer from authentication bypass and file manipulation vulnerabilities.
Author:	Lukas Weichselbaum
Homepage:	http://www.sec-consult.com
File Size:	5434
Last Modified:	Dec 17 17:20:20 2009
MD5 Checksum:	13ce642d145a8abd47407e38eac1928e

/// File Name:	riptheministreamripper.c
Description:	Mini-Stream Ripper versions 3.0.1.1 and below local universal buffer overflow exploit that creates a malicious .pls file.
Author:	mr_me
File Size:	5389
Last Modified:	Dec 30 13:49:51 2009
MD5 Checksum:	21423858a11bb1031fc8c7cee3488c01

/// File Name:	discuz-sql.txt
Description:	Discuz version 1.0 suffers from a remote SQL injection vulnerability.
Author:	indoushka
File Size:	5383
Last Modified:	Dec 31 21:06:37 2009
MD5 Checksum:	f94a3a1b4b58c36ddd0a15e6dc2f8984