Section: .. / 0911-exploits /

Page 9 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 200 - 225 of 449

Currently sorted by: File Name Sort By: Last Modified, File Size

/// File Name:	mcafeevisualtrace_tracetarget.rb.tx..>
Description:	This Metasploit module exploits a stack overflow in the McAfee Visual Trace 3.25 ActiveX Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the "TraceTarget()" method, an attacker may be able to execute arbitrary code.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2453
Related OSVDB(s):	32399
Related CVE(s):	CVE-2006-6707
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	1bdfc384df9928349c696cfe90903e2c

/// File Name:	mdaemon_cram_md5.rb.txt
Description:	This Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
Author:	anonymous
Homepage:	http://www.metasploit.com
File Size:	2056
Related OSVDB(s):	11838
Related CVE(s):	CVE-2004-1520
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	70f92a2245512a9a831eeff9a9bd282e

/// File Name:	mdaemon_fetch.rb.txt
Description:	This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli
Author:	Jacopo Cervini,patrick
Homepage:	http://www.metasploit.com
File Size:	2422
Related OSVDB(s):	43111
Related CVE(s):	CVE-2008-1358
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	08aa7f36b27117177c3b5fd60358dd1b

/// File Name:	mdaemon_worldclient_form2raw.rb.txt
Description:	This Metasploit module exploits a stack overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\\MDaemon\\RawFiles\\*.raw.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	3520
Related OSVDB(s):	3255
Related CVE(s):	CVE-2003-1200
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	c2530c0269bdafb7df3d701fa01955bf

/// File Name:	mediasrv_sunrpc.rb.txt
Description:	This exploit targets a stack overflow in the MediaSrv RPC service of CA BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code.
Author:	toto
Homepage:	http://www.metasploit.com
File Size:	7299
Related OSVDB(s):	35326
Related CVE(s):	CVE-2007-2139
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	b30b4f7f29315bdcca157be6ca0759d6

/// File Name:	mercur_imap_select_overflow.rb.txt
Description:	Mercur v5.0 IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Credit to Tim Taylor for discover the vulnerability.
Author:	Jacopo Cervini
Homepage:	http://www.metasploit.com
File Size:	2217
Related OSVDB(s):	23950
Related CVE(s):	CVE-2006-1255
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	6dd73139a26090ff81c7d73873e5ada8

/// File Name:	mercur_login.rb.txt
Description:	This Metasploit module exploits a stack overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1990
Related OSVDB(s):	23950
Related CVE(s):	CVE-2006-1255
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	5858320035bfa07ff27a3a50baad9087

/// File Name:	mercury_cram_md5.rb.txt
Description:	This Metasploit module exploits a stack overflow in Mercury Mail Transport System 4.51. By sending a specially crafted argument to the AUTH CRAM-MD5 command, an attacker may be able to execute arbitrary code.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1902
Related OSVDB(s):	39669
Related CVE(s):	CVE-2007-4440
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	4aabd9f0bdad3a5fdb56b4f1950cb4a0

/// File Name:	mercury_login.rb.txt
Description:	This Metasploit module exploits a stack overflow in Mercury/32 <= 4.01b IMAPD LOGIN verb. By sending a specially crafted login command, a buffer is corrupted, and code execution is possible. This vulnerability was discovered by (mu-b at digit-labs.org).
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2308
Related OSVDB(s):	33883
Related CVE(s):	CVE-2007-1373
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	eca08e42e9a6d8d3c8e2dc20a08d5942

/// File Name:	mercury_phonebook.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow in Mercury/32 <= v4.01b PH Server Module. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1885
Related OSVDB(s):	22103
Related CVE(s):	CVE-2005-4411
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	91fe4076b66dc23ad7b3bebd909730d5

/// File Name:	mercury_rename.rb.txt
Description:	This Metasploit module exploits a stack overflow vulnerability in the Mercury/32 v.4.01a IMAP service.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1782
Related OSVDB(s):	12508
Related CVE(s):	CVE-2004-1211
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	27411691d56dde9d1fcd280a203598ce

/// File Name:	message_engine.rb.txt
Description:	This Metasploit module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
Author:	MC,patrick
Homepage:	http://www.metasploit.com
File Size:	2278
Related OSVDB(s):	31318
Related CVE(s):	CVE-2007-0169
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	c851d7e2a0b986a607dca467c5dc0652

/// File Name:	message_engine_heap.rb.txt
Description:	This Metasploit module exploits a heap overflow in Computer Associates BrightStor ARCserve Backup 11.5. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2098
Related OSVDB(s):	29533
Related CVE(s):	CVE-2006-5143
Last Modified:	Oct 30 17:01:12 2009
MD5 Checksum:	30bae2aad319eca435b874c4335b8515

/// File Name:	micronet-xss.txt
Description:	The Micronet SP1910 Data Access Controller user interface suffers from a cross site scripting vulnerability.
Author:	K053
File Size:	823
Last Modified:	Nov 30 21:03:22 2009
MD5 Checksum:	481e4f68f42859127ea9159acea72f2c

/// File Name:	microsoft_ftpd_nlst.rb.txt
Description:	This Metasploit module exploits a stack overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
Author:	H D Moore,Kingcope
Homepage:	http://www.metasploit.com
File Size:	4937
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	b566a46c73d7525de3e054c23aeee675

/// File Name:	milleniummp3-overflow.txt
Description:	Millenium MP3 Studio version 2.0 buffer overflow exploit that creates a malicious .pls file.
Author:	Molotov
File Size:	1969
Last Modified:	Nov 30 21:00:01 2009
MD5 Checksum:	b61b67d539912a1c3f8abe14cceb9f72

/// File Name:	minishare_get_overflow.rb.txt
Description:	This is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack overflow that requires a "jmp esp" to reach the payload, making this difficult to target many platforms at once. This Metasploit module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.
Author:	acaro
Homepage:	http://www.metasploit.com
File Size:	2622
Related OSVDB(s):	11530
Related CVE(s):	CVE-2004-2271
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	0a585e008afc05253dafa670d80fa4b2

/// File Name:	mirc_irc_url.rb.txt
Description:	This Metasploit module exploits a stack overflow in mIRC 6.1. By submitting an overly long and specially crafted URL to the 'irc' protocol, an attacker can overwrite the buffer and control program execution.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	2114
Related OSVDB(s):	2665
Related CVE(s):	CVE-2003-1336
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	c76f69b90bd7a20ae67be7001a6dca48

/// File Name:	mirc_privmsg_server.rb.txt
Description:	This Metasploit module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be necessary. This Metasploit module is based on the code by SkD.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2883
Related OSVDB(s):	48752
Related CVE(s):	CVE-2008-4449
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	1fa2d5200e77bdabfce3997f80846de0

/// File Name:	mohaa_getinfo.rb.txt
Description:	This Metasploit module exploits a stack based buffer overflow in the getinfo command of Medal Of Honor Allied Assault.
Author:	Jacopo Cervini
Homepage:	http://www.metasploit.com
File Size:	2669
Related OSVDB(s):	8061
Related CVE(s):	CVE-2004-0735
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	f7cabe5295747588e5f6653262b511da

/// File Name:	MORNINGSTAR-2009-02-CuteNews.txt
Description:	Cute News version 1.4.6 and UTF-8 Cute News suffer from cross site request forgery, cross site scripting, file path disclosure, local file inclusion, authentication bypass, and php command injection vulnerabilities.
Author:	Andrew Horton (urbanadventurer)
File Size:	19037
Last Modified:	Nov 16 20:37:23 2009
MD5 Checksum:	5dcec16d5b818f21db12e4efcd7d78a0

/// File Name:	ms00_094_pbserver.rb.txt
Description:	This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This Metasploit module has only been tested against Windows 2000 SP1.
Author:	patrick
Homepage:	http://www.metasploit.com
File Size:	2287
Related OSVDB(s):	463
Related CVE(s):	CVE-2000-1089
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	8f98e0a8f552e8c9d40ce6979594e098

/// File Name:	ms01_023_printer.rb.txt
Description:	This exploits a buffer overflow in the request processor of the Internet Printing Protocol ISAPI module in IIS. This Metasploit module works against Windows 2000 service pack 0 and 1. If the service stops responding after a successful compromise, run the exploit a couple more times to completely kill the hung process.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	2770
Related OSVDB(s):	3323
Related CVE(s):	CVE-2001-0241
Last Modified:	Oct 30 17:02:03 2009
MD5 Checksum:	011eb5cfc9ca3a9b443ef09d69cb9770

/// File Name:	ms01_033_idq.rb.txt
Description:	This Metasploit module exploits a stack overflow in the IDQ ISAPI handler for Microsoft Index Server.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	1993
Related OSVDB(s):	568
Related CVE(s):	CVE-2001-0500
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	e2fc9abea937d8ab7004cff1acb46057

/// File Name:	ms02_018_htr.rb.txt
Description:	This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This Metasploit module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters.
Author:	stinko
Homepage:	http://www.metasploit.com
File Size:	2436
Related OSVDB(s):	3325
Related CVE(s):	CVE-1999-0874
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	3b9914f3c7ce3d94567daaf53f52f817