Section: .. / 0910-exploits /

Page 3 of 9
<< 1 2 3 4 5 6 7 8 9 >> Files 50 - 75 of 210

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	lsass_cifs.rb.txt
Description:	This Metasploit module exploits a stack overflow in the NetWare CIFS.NLM driver. Since the driver runs in the kernel space, a failed exploit attempt can cause the OS to reboot.
Author:	toto
File Size:	3138
Related OSVDB(s):	12790
Last Modified:	Oct 28 14:51:12 2009
MD5 Checksum:	d4b13b929126920753288d33c74b948f

/// File Name:	php168-exec.txt
Description:	PHP168 version 6.0 suffers from a remote command execution vulnerability.
Author:	Securitylab Security Research
Homepage:	http://securitylab.ir/
File Size:	723
Last Modified:	Oct 28 10:30:30 2009
MD5 Checksum:	99e5919f30aee51e96f8f08662a44399

/// File Name:	hagent_untrusted_hsdata.rb.txt
Description:	This Metasploit module exploits the Wyse Rapport Hagent service by pretending to be a legitimate server. This process involves starting both HTTP and FTP services on the attacker side, then contacting the Hagent service of the target and indicating that an update is available. The target will then download the payload wrapped in an executable from the FTP service.
Author:	Kevin Finisterre
File Size:	7029
Related OSVDB(s):	55839
Related CVE(s):	CVE-2009-0695
Last Modified:	Oct 27 20:50:48 2009
MD5 Checksum:	81c6b3ec51a59ee4082efe5546123b56

/// File Name:	svnserve_date.rb.txt
Description:	This is a Metasploit exploit for the Subversion date parsing overflow. This exploit is for the svnserve daemon (svn:// protocol) and will not work for Subversion over webdav (http[s]://). This exploit should never crash the daemon, and should be safe to do multi-hits.
Author:	spoonm
File Size:	3508
Related OSVDB(s):	6301
Related CVE(s):	CVE-2004-0397
Last Modified:	Oct 27 20:42:17 2009
MD5 Checksum:	0010e127a5fce0a8edf07f3d560aa14f

/// File Name:	nttrans.rb.txt
Description:	This Metasploit module exploits the nttrans overflow in Samba 2.2.x.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	3872
Related OSVDB(s):	6323
Related CVE(s):	CVE-2003-0085
Last Modified:	Oct 27 20:39:08 2009
MD5 Checksum:	92023b633def751a71eef92adf4f610f

/// File Name:	describe.rb.txt
Description:	This Metasploit module exploits a buffer overflow in RealServer 7/8/9 and was based on Johnny Cyberpunk's THCrealbad exploit. This code should reliably exploit Linux, BSD, and Windows-based servers.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2116
Related OSVDB(s):	4468
Last Modified:	Oct 27 18:18:44 2009
MD5 Checksum:	6094aa9a91491f3755f7e3cd2e7c367a

/// File Name:	vmware86.tar.gz
Description:	VMWare Workstation Virtual 8086 Linux Local ring0 exploit.
Author:	Julien Tinnes,Tavis Ormandy
File Size:	2320
Related CVE(s):	CVE-2009-2267
Last Modified:	Oct 27 17:56:54 2009
MD5 Checksum:	f0fbf0b88d488847d728b1c5ed6154de

/// File Name:	wowd-xss.txt
Description:	The Wowd Search Client version 1.3.0 suffers from cross site scripting vulnerabilities.
Author:	Lostmon
Homepage:	http://lostmon.blogspot.com/
File Size:	3535
Last Modified:	Oct 27 17:45:36 2009
MD5 Checksum:	734bdab1e8387525dde49d224b95a0e1

/// File Name:	boloto-dos.txt
Description:	Boloto Media Player version 1.0.0.9 local crash proof of concept exploit that creates a malicious .pls file.
Author:	Dr_IDE
File Size:	597
Last Modified:	Oct 27 17:35:24 2009
MD5 Checksum:	b36a4c84498c7da3d7bc23d3b60ad57d

/// File Name:	php_unserialize_zval_cookie.rb.txt
Description:	This Metasploit module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension.
Author:	GML,H D Moore,Stefan Esser
Homepage:	http://www.metasploit.com
File Size:	12349
Related OSVDB(s):	32771
Related CVE(s):	CVE-2007-1286
Last Modified:	Oct 27 17:32:23 2009
MD5 Checksum:	5328f9ccf0fabc5d2f0900b7b86d6114

/// File Name:	ntp_overflow.rb.txt
Description:	This Metasploit module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2730
Related OSVDB(s):	805
Related CVE(s):	CVE-2001-0414
Last Modified:	Oct 27 17:30:47 2009
MD5 Checksum:	5e227b8fec1a9ac01b1964aa5e77f258

/// File Name:	veritas_netbackup_cmdexec.rb.txt
Description:	This Metasploit module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2110
Related OSVDB(s):	11026
Related CVE(s):	CVE-2004-1389
Last Modified:	Oct 27 17:28:39 2009
MD5 Checksum:	8427f7207c40d2c8437b522340d70c3a

/// File Name:	openview_omniback_exec.rb.txt
Description:	This Metasploit module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module.
Author:	H D Moore,patrick
Homepage:	http://www.metasploit.com
File Size:	6055
Related OSVDB(s):	6018
Related CVE(s):	CVE-2001-0311
Last Modified:	Oct 27 17:26:35 2009
MD5 Checksum:	b269dc6f7984d396b3e5e9acaf44dd3c

/// File Name:	qtjava_pointer.rb.txt
Description:	This Metasploit module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.
Author:	Dino A Dai Zovi,H D Moore,Kevin Finisterre
Homepage:	http://www.metasploit.com
File Size:	5492
Related OSVDB(s):	23608
Related CVE(s):	CVE-2007-2175
Last Modified:	Oct 27 17:15:01 2009
MD5 Checksum:	fd12e3cb5086c03366ca1e1daa1f55f1

/// File Name:	opera_historysearch.rb.txt
Description:	Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.
Author:	Aviv Raff,Roberto Suggi Liverani Craig
File Size:	4598
Related OSVDB(s):	49472
Related CVE(s):	CVE-2008-4696
Last Modified:	Oct 27 17:10:14 2009
MD5 Checksum:	b217cb641cbc6f7e36e3f249a2a4cc1e

/// File Name:	opera_configoverwrite.rb.txt
Description:	Opera web browser in versions 9.10 and below allows unrestricted script access to its configuration page, opera:config, allowing an attacker to change settings and potentially execute arbitrary code.
File Size:	4463
Last Modified:	Oct 27 17:08:05 2009
MD5 Checksum:	a1c3a6e51e21635db81c032dda7ed33c

/// File Name:	mozilla_navigatorjava.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	3644
Related OSVDB(s):	27559
Related CVE(s):	CVE-2006-3677
Last Modified:	Oct 27 17:05:07 2009
MD5 Checksum:	2804a3015f290bb20035327cbda16adf

/// File Name:	mozilla_compareto.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.
Author:	Aviv Raff,H D Moore
Homepage:	http://www.metasploit.com
File Size:	5132
Related OSVDB(s):	17968
Related CVE(s):	CVE-2005-2265
Last Modified:	Oct 27 17:01:03 2009
MD5 Checksum:	4d11bb8de765d259995301791ec60b38

/// File Name:	java_calendar_deserialize.rb.txt
Description:	This Metasploit module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The effected Java versions are JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier (SDK and JRE 1.3.1 are not affected).
Author:	sf,H D Moore
Homepage:	http://www.metasploit.com
File Size:	5114
Related OSVDB(s):	50500
Related CVE(s):	CVE-2008-5353
Last Modified:	Oct 27 16:58:33 2009
MD5 Checksum:	adddfd511b0cb82ba52be9f260b8602f

/// File Name:	firefox_queryinterface.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in the Mozilla Firefox browser. To reliably exploit this vulnerability, we need to fill almost a gigabyte of memory with our nop sled and payload. This module has been tested on OS X 10.3 with the stock Firefox 1.5.0 package.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	3107
Related OSVDB(s):	22893
Related CVE(s):	CVE-2006-0295
Last Modified:	Oct 27 16:49:39 2009
MD5 Checksum:	b158bc86d5bf60d7467ced07314943c5

/// File Name:	firefox_escape_retval.rb.txt
Description:	This Metasploit module exploits a memory corruption vulnerability in the Mozilla Firefox browser. This flaw occurs when a bug in the javascript interpreter fails to preserve the return value of the escape() function and results in uninitialized memory being used instead. This module has only been tested on Windows, but should work on other platforms as well with the current targets.
Author:	H D Moore,Simon Berry-Byrne
File Size:	5581
Related OSVDB(s):	55846
Last Modified:	Oct 27 16:35:44 2009
MD5 Checksum:	6116e92fca1903ed3250f521944da945

/// File Name:	lsa_transnames_heap.rb.txt
Description:	This Metasploit module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method (credit Ramon and Adriano), which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher than "2".
Author:	Adriano Lima
Homepage:	http://www.risesecurity.org/
File Size:	8185
Related OSVDB(s):	34699
Related CVE(s):	CVE-2007-2446
Last Modified:	Oct 27 16:27:36 2009
MD5 Checksum:	8f84f393fa7096a43ae30b92fc8df61d

/// File Name:	squid_ntlm_authenticate.rb.txt
Description:	This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.
Author:	skape
File Size:	4150
Related OSVDB(s):	6791
Related CVE(s):	CVE-2004-0541
Last Modified:	Oct 27 16:24:50 2009
MD5 Checksum:	1e35db4061c87b08d4b474ab69753bdd

/// File Name:	poptop_negative_read.rb.txt
Description:	This is an exploit for the Poptop negative read overflow. This will work against versions prior to 1.1.3-b3 and 1.1.3-20030409.
Author:	spoonm
File Size:	3833
Related OSVDB(s):	3293
Related CVE(s):	CVE-2003-0213
Last Modified:	Oct 27 16:22:39 2009
MD5 Checksum:	830bfdbd26298b840c903bfc1b4d5d94

/// File Name:	mysql_yassl.rb.txt
Description:	This Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL versions 6.0 and below. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.
Author:	MC
File Size:	2057
Related OSVDB(s):	41195
Related CVE(s):	CVE-2008-0226
Last Modified:	Oct 27 16:20:12 2009
MD5 Checksum:	690b5fdd36e38c0b026a4e0fc9ad7a54