Section: .. / 0912-exploits /

Page 3 of 25
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 >> Files 50 - 75 of 600

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	tbw-intercept.txt
Description:	Trango Broadband Wireless suffers from an authentication vulnerability that allows for interception of ethernet packets.
Author:	Blair
File Size:	5381
Last Modified:	Dec 15 16:17:16 2009
MD5 Checksum:	58ca5559834609bd8de3fa7d13c38936

/// File Name:	efs50-disclose.txt
Description:	Easy File Sharing version 5.0 suffers from a remote file disclosure vulnerability.
Author:	Thor
File Size:	5327
Last Modified:	Dec 15 19:36:13 2009
MD5 Checksum:	98f30a936f09244b058dab3e2ef7bd3c

/// File Name:	awingsoft_web3d_bof.rb.txt
Description:	This Metasploit module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x (WindsPly.ocx v3.6.0.0). This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code.
Author:	Trancer,jduck,shinnai
Homepage:	http://www.metasploit.com
File Size:	4604
Related OSVDB(s):	60017
Last Modified:	Dec 30 22:15:08 2009
MD5 Checksum:	6977698db9b53be800c84623cf31a3e0

/// File Name:	tftpd19-dos.txt
Description:	TFTP Daemon version 1.9 remote denial of service exploit.
Author:	Socket_0x03
Homepage:	http://www.teraexe.com/
File Size:	4560
Last Modified:	Dec 29 19:13:20 2009
MD5 Checksum:	af33b3ece8c06179fca1fcf4d2bdbecf

/// File Name:	sapgui-overflow.txt
Description:	SAP GUI for Windows sapirrfc.dll Active-X overflow exploit.
Author:	Abysssec
Homepage:	http://abysssec.com/
File Size:	4533
Last Modified:	Dec 13 18:45:35 2009
MD5 Checksum:	d8e30ef6c4f62df35c6e715944fd2807

/// File Name:	exploit-nnm-ovalarm.py.txt
Description:	HP NNM version 7.53 ovalarm.exe CGI pre-authentication remote buffer overflow exploit.
Author:	Mati Aharoni,sinn3r
File Size:	4522
Last Modified:	Dec 13 18:42:07 2009
MD5 Checksum:	12d84790901fbfc659d937b390d8de71

/// File Name:	software_update.rb.txt
Description:	This Metasploit module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means for this exploit to work.
Author:	Moritz Jodeit
Homepage:	http://www.metasploit.com
File Size:	4521
Related OSVDB(s):	40722
Related CVE(s):	CVE-2007-5863
Last Modified:	Dec 30 20:18:16 2009
MD5 Checksum:	7b879a04778ae379b817963bf3b384d3

/// File Name:	dieselpay-xsstraversal.txt
Description:	Diesel version 1.6 suffers from cross site scripting, directory traversal, and backup related vulnerabilities.
Author:	indoushka
File Size:	4439
Last Modified:	Dec 31 21:08:44 2009
MD5 Checksum:	8bb49232531cf4f53a52d5c18cfd649b

/// File Name:	itms_overflow.rb.txt
Description:	This Metasploit modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because iTunes is multithreaded, only vfork-based payloads should be used.
Author:	Will Drewry
Homepage:	http://www.metasploit.com
File Size:	4404
Related OSVDB(s):	54833
Related CVE(s):	CVE-2009-0950
Last Modified:	Dec 30 21:03:13 2009
MD5 Checksum:	d663452fc085b9aad37f4ca6a390a754

/// File Name:	hp_nnm_snmp.rb.txt
Description:	This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Snmp.exe, an attacker may be able to execute arbitrary code.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	4388
Related OSVDB(s):	60933
Related CVE(s):	CVE-2009-3849
Last Modified:	Dec 30 22:09:52 2009
MD5 Checksum:	f3dff592142733af98e1a10e483aa4f2

/// File Name:	solaris-samba-trans2open.rb.txt
Description:	This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on Solaris SPARC systems that do not have the noexec stack option set. Big thanks to MC and valsmith for resolving a problem with the beta version of this module.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4348
Related OSVDB(s):	4469
Related CVE(s):	CVE-2003-0201
Last Modified:	Dec 30 21:45:15 2009
MD5 Checksum:	5977afd803b48cf86e1c92220d95e3fb

/// File Name:	phpmyadmin_config.rb.txt
Description:	This Metasploit module exploits a vulnerability in PhpMyAdmin's setup feature which allows an attacker to inject arbitrary PHP code into a configuration file. The original advisory says the vulnerability is present in phpMyAdmin versions 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1; this module was tested on 3.0.1.1. The file where our payload is written (phpMyAdmin/config/config.inc.php) is not directly used by the system, so it may be a good idea to either delete it or copy the running config (phpMyAdmin/config.inc.php) over it after successful exploitation.
Author:	Greg Ose,PAgVac
Homepage:	http://www.metasploit.com
File Size:	4233
Related OSVDB(s):	53076
Related CVE(s):	CVE-2009-1151
Last Modified:	Dec 30 20:13:51 2009
MD5 Checksum:	daa773a35dac8ed474de87c4c695b7ea

/// File Name:	ms09_072_style_object.rb.txt
Description:	This Metasploit module exploits a vulnerability in the getElementsByTagName function as implemented within Internet Explorer.
Author:	K4mr4n_st,jduck
Homepage:	http://www.metasploit.com
File Size:	4199
Related OSVDB(s):	50622
Related CVE(s):	CVE-2009-3672
Last Modified:	Dec 30 22:14:37 2009
MD5 Checksum:	97786207b093600b1d3b2d327858e77a

/// File Name:	timbuktu_plughntcommand_bof.rb.txt
Description:	This Metasploit module exploits a stack based buffer overflow in Timbuktu Pro version <= 8.6.6 in a pretty novel way. This exploit requires two connections. The first connection is used to leak stack data using the buffer overflow to overwrite the nNumberOfBytesToWrite argument. By supplying a large value for this argument it is possible to cause Timbuktu to reply to the initial request with leaked stack data. Using this data allows for reliable exploitation of the buffer overflow vulnerability. Props to Infamous41d for helping in finding this exploitation path. The second connection utilizes the data from the data leak to accurately exploit the stack based buffer overflow vulnerability. TODO: hdm suggested using meterpreter's migration capability and restarting the process for multishot exploitation.
Author:	bannedit
Homepage:	http://www.metasploit.com
File Size:	4156
Related OSVDB(s):	55436
Related CVE(s):	CVE-2009-1394
Last Modified:	Dec 30 22:21:57 2009
MD5 Checksum:	df028563116486eee817e5533ceb5895

/// File Name:	chipmunknl-xsrf.txt
Description:	Chipmunk Newsletter suffers from cross site request forgery vulnerabilities.
Author:	Milos Zivanovic
File Size:	4097
Last Modified:	Dec 13 18:26:55 2009
MD5 Checksum:	5bc5bd46a5b49b35cd9974258bfb75c7

/// File Name:	kpasa.pl.txt
Description:	gAlan buffer overflow 0-day exploit. Spawns a shell on port 4444.
Author:	Jeremy Brown
Homepage:	http://jbrownsec.blogspot.com/
File Size:	4097
Last Modified:	Dec 7 18:30:09 2009
MD5 Checksum:	264cb70a25bbfdc3b2131463f247cad2

/// File Name:	ibm_tsm_rca_dicugetidentify.rb.txt
Description:	This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express Remote Client Agent service. By sending a "dicuGetIdentify" request packet containing a long NodeName parameter, an attacker can execute arbitrary code. NOTE: this exploit first connects to the CAD service to start the RCA service and obtain the port number on which it runs. This service does not restart.
Author:	jduck
Homepage:	http://www.metasploit.com
File Size:	4082
Related OSVDB(s):	54232
Related CVE(s):	CVE-2008-4828
Last Modified:	Dec 30 22:26:24 2009
MD5 Checksum:	fa051c0f07469d1a334bfa7b17bae821

/// File Name:	bosdirectory-xss.txt
Description:	BosDirectory version 2.50 suffers from a cross site scripting vulnerability.
Author:	indoushka
File Size:	4072
Last Modified:	Dec 31 21:24:27 2009
MD5 Checksum:	180d03c8257d84f0f031f3632638791f

/// File Name:	idealadmin-overflow.txt
Description:	Local buffer overflow exploit for IDEAL Administration 2009 version 9.7 that creates a malicious .ipj file that binds a shell to port 4444.
Author:	Dr_IDE
File Size:	4017
Last Modified:	Dec 7 17:45:30 2009
MD5 Checksum:	42da86b422df3846575f640087501464

/// File Name:	bigant252-overflow.txt
Description:	BigAnt Server version 2.52 SEH overflow exploit that binds a shell to port 4444.
Author:	Lincoln
File Size:	4005
Last Modified:	Dec 30 14:01:59 2009
MD5 Checksum:	58660742ab797a03d7ba1865a9d87392

/// File Name:	pdqscript-sql.txt
Description:	PDQ Script version 1.0 suffers from a remote SQL injection vulnerability.
Author:	R3d-D3v!L
File Size:	3969
Last Modified:	Dec 21 18:25:23 2009
MD5 Checksum:	1c1a630d004111d59d32089e587fcc68

/// File Name:	phpcalendar-rfilfi.txt
Description:	PHP-Calendar version 1.1 suffers from remote and local file inclusion vulnerabilities.
Author:	Juan Galiana Lara
File Size:	3933
Related CVE(s):	CVE-2009-3702
Last Modified:	Dec 18 16:46:26 2009
MD5 Checksum:	d27ff5654ae7b210abaffbd7bbcb907f

/// File Name:	ss-16122009-15.txt
Description:	Multiple products from Kaspersky suffer from a local privilege escalation vulnerability. Details are provided.
Author:	ShineShadow
File Size:	3924
Last Modified:	Dec 16 18:30:55 2009
MD5 Checksum:	322c32501cdd54deace25a1ca18a7cfa

/// File Name:	persits_xupload_traversal.rb.txt
Description:	This Metasploit module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing "..\\\\" sequences to the MakeHttpRequest method, an attacker is able to write arbitrary files to arbitrary locations on disk. Code execution occurs by writing to the All Users Startup Programs directory. You may want to combine this module with the use of multi/handler since a user would have to log for the payload to execute.
Author:	jduck
Homepage:	http://www.metasploit.com
File Size:	3876
Related OSVDB(s):	60001
Related CVE(s):	CVE-2009-3693
Last Modified:	Dec 30 22:20:24 2009
MD5 Checksum:	21253126f433fcd26e510a6f0bb90732

/// File Name:	drupal56core-xss.txt
Description:	Drupal versions 5.x and 6.x suffer from a cross site scripting vulnerability.
Author:	Justin C. Klein Keane
File Size:	3859
Last Modified:	Dec 16 19:12:41 2009
MD5 Checksum:	5f09bf24f5f37d02bbed40f9fb53e661