Section:  .. / 0911-exploits  /

Page 7 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 150 - 175 of 449
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: lpviewer_url.rb.txt
Description:
This Metasploit module exploits a stack overflow in LPViewer ActiveX control (LPControll.dll 3.2.0.2). When sending an overly long string to the URL() property an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3485
Related OSVDB(s):48946
Related CVE(s):CVE-2008-4384
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:efcffbe4b20269596e2d4ce175089440

 ///  File Name: lyris_listmanager_weak_pass.rb.txt
Description:
This Metasploit module exploits a weak password vulnerability in the Lyris ListManager MSDE install. During installation, the 'sa' account password is set to 'lminstall'. Once the install completes, it is set to 'lyris' followed by the process ID of the installer. This Metasploit module brute forces all possible process IDs that would be used by the installer.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:2155
Related OSVDB(s):21559
Related CVE(s):CVE-2005-4145
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:864f7fbdc2116d42407934a82f15897c

 ///  File Name: macrovision_downloadandexecute.rb.t..>
Description:
This Metasploit module exploits a stack overflow in Macrovision InstallShield Update Service(Isusweb.dll 6.0.100.54472). By passing an overly long ProductCode string to the DownloadAndExecute method, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2906
Related OSVDB(s):38347
Related CVE(s):CVE-2007-5660
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:034b4cbcee2c4e79533c437059536541

 ///  File Name: macrovision_unsafe.rb.txt
Description:
This Metasploit module allows attackers to execute code via an unsafe methods in Macrovision InstallShield 2008.
Author:MC
Homepage:http://www.metasploit.com
File Size:2386
Related OSVDB(s):38347
Related CVE(s):CVE-2007-5660
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:8445f61fc25f5e18432b2a7a7a3d3c91

 ///  File Name: mailcarrier_smtp_ehlo.rb.txt
Description:
This Metasploit module exploits the MailCarrier v2.51 suite SMTP service. The stack is overwritten when sending an overly long EHLO command.
Author:Patrick Webster
Homepage:http://www.metasploit.com
File Size:2186
Related OSVDB(s):11174
Related CVE(s):CVE-2004-1638
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c8bb30a738c45bb59743f2aa28d035a8

 ///  File Name: mailenable_auth_header.rb.txt
Description:
This Metasploit module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are affected.
Author:David Maciejak
Homepage:http://www.metasploit.com
File Size:1871
Related OSVDB(s):15913,15737
Related CVE(s):CVE-2005-1348
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:5f28e22f23a19b0de5470c0882d24451

 ///  File Name: mailenable_login.rb.txt
Description:
MailEnable's IMAP server contains a buffer overflow vulnerability in the Login command.
Author:MC
Homepage:http://www.metasploit.com
File Size:1914
Related OSVDB(s):32125
Related CVE(s):CVE-2006-6423
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:06e22a16b5a95a62bf3121e135f76630

 ///  File Name: mailenable_status.rb.txt
Description:
MailEnable's IMAP server contains a buffer overflow vulnerability in the STATUS command. With proper credentials, this could allow for the execution of arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:1980
Related OSVDB(s):17844
Related CVE(s):CVE-2005-2278
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:71f5fcc54613b0417a35b32296e4b05f

 ///  File Name: mailenable_w3c_select.rb.txt
Description:
This Metasploit module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
Author:MC
Homepage:http://www.metasploit.com
File Size:1994
Related OSVDB(s):19842
Related CVE(s):CVE-2005-3155
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:872352f8eaf8761886ca628f3e9ad956

 ///  File Name: maxdb_webdbm_get_overflow.rb.txt
Description:
This Metasploit module exploits a stack overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:\\Program Files\\sdb\\programs\\web\\Documents
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:2668
Related OSVDB(s):15816
Related CVE(s):CVE-2005-0684
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:e3ef8665099910df82532e192c7e0725

 ///  File Name: mcafee_epolicy_source.rb.txt
Description:
This is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.
Author:H D Moore,muts,patrick,xbxice
Homepage:http://www.metasploit.com
File Size:3123
Related OSVDB(s):29421
Related CVE(s):CVE-2006-5156
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:20f6347fee8fd448c8404aaf76680f61

 ///  File Name: mcafee_hercules_deletesnapshot.rb.t..>
Description:
This Metasploit module exploits a stack overflow in McAfee Remediation Agent 4.5.0.41. When sending an overly long string to the DeleteSnapshot() method of enginecom.dll (3.7.0.9) an attacker may be able to execute arbitrary code. This control is not marked safe for scripting, so choose your attack vector accordingly.
Author:MC
Homepage:http://www.metasploit.com
File Size:4561
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:30b6004a5deb721219522362363fdb24

 ///  File Name: mcafee_mcsubmgr_vsprintf.rb.txt
Description:
This Metasploit module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of eEye.
Author:skape
Homepage:http://www.metasploit.com
File Size:3216
Related OSVDB(s):27698
Related CVE(s):CVE-2006-3961
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:a12decca05d657650a2cc4c18d2aa4e2

 ///  File Name: mcafeevisualtrace_tracetarget.rb.tx..>
Description:
This Metasploit module exploits a stack overflow in the McAfee Visual Trace 3.25 ActiveX Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the "TraceTarget()" method, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2453
Related OSVDB(s):32399
Related CVE(s):CVE-2006-6707
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:1bdfc384df9928349c696cfe90903e2c

 ///  File Name: mdaemon_cram_md5.rb.txt
Description:
This Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
Author:anonymous
Homepage:http://www.metasploit.com
File Size:2056
Related OSVDB(s):11838
Related CVE(s):CVE-2004-1520
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:70f92a2245512a9a831eeff9a9bd282e

 ///  File Name: mdaemon_fetch.rb.txt
Description:
This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli
Author:Jacopo Cervini,patrick
Homepage:http://www.metasploit.com
File Size:2422
Related OSVDB(s):43111
Related CVE(s):CVE-2008-1358
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:08aa7f36b27117177c3b5fd60358dd1b

 ///  File Name: mdaemon_worldclient_form2raw.rb.txt
Description:
This Metasploit module exploits a stack overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\\MDaemon\\RawFiles\\*.raw.
Author:patrick
Homepage:http://www.metasploit.com
File Size:3520
Related OSVDB(s):3255
Related CVE(s):CVE-2003-1200
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c2530c0269bdafb7df3d701fa01955bf

 ///  File Name: mediasrv_sunrpc.rb.txt
Description:
This exploit targets a stack overflow in the MediaSrv RPC service of CA BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code.
Author:toto
Homepage:http://www.metasploit.com
File Size:7299
Related OSVDB(s):35326
Related CVE(s):CVE-2007-2139
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:b30b4f7f29315bdcca157be6ca0759d6

 ///  File Name: mercur_imap_select_overflow.rb.txt
Description:
Mercur v5.0 IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Credit to Tim Taylor for discover the vulnerability.
Author:Jacopo Cervini
Homepage:http://www.metasploit.com
File Size:2217
Related OSVDB(s):23950
Related CVE(s):CVE-2006-1255
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:6dd73139a26090ff81c7d73873e5ada8

 ///  File Name: mercur_login.rb.txt
Description:
This Metasploit module exploits a stack overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results.
Author:MC
Homepage:http://www.metasploit.com
File Size:1990
Related OSVDB(s):23950
Related CVE(s):CVE-2006-1255
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:5858320035bfa07ff27a3a50baad9087

 ///  File Name: mercury_cram_md5.rb.txt
Description:
This Metasploit module exploits a stack overflow in Mercury Mail Transport System 4.51. By sending a specially crafted argument to the AUTH CRAM-MD5 command, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:1902
Related OSVDB(s):39669
Related CVE(s):CVE-2007-4440
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:4aabd9f0bdad3a5fdb56b4f1950cb4a0

 ///  File Name: mercury_login.rb.txt
Description:
This Metasploit module exploits a stack overflow in Mercury/32 <= 4.01b IMAPD LOGIN verb. By sending a specially crafted login command, a buffer is corrupted, and code execution is possible. This vulnerability was discovered by (mu-b at digit-labs.org).
Author:MC
Homepage:http://www.metasploit.com
File Size:2308
Related OSVDB(s):33883
Related CVE(s):CVE-2007-1373
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:eca08e42e9a6d8d3c8e2dc20a08d5942

 ///  File Name: mercury_phonebook.rb.txt
Description:
This Metasploit module exploits a stack-based buffer overflow in Mercury/32 <= v4.01b PH Server Module. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
Author:MC
Homepage:http://www.metasploit.com
File Size:1885
Related OSVDB(s):22103
Related CVE(s):CVE-2005-4411
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:91fe4076b66dc23ad7b3bebd909730d5

 ///  File Name: mercury_rename.rb.txt
Description:
This Metasploit module exploits a stack overflow vulnerability in the Mercury/32 v.4.01a IMAP service.
Author:MC
Homepage:http://www.metasploit.com
File Size:1782
Related OSVDB(s):12508
Related CVE(s):CVE-2004-1211
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:27411691d56dde9d1fcd280a203598ce

 ///  File Name: message_engine.rb.txt
Description:
This Metasploit module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
Author:MC,patrick
Homepage:http://www.metasploit.com
File Size:2278
Related OSVDB(s):31318
Related CVE(s):CVE-2007-0169
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c851d7e2a0b986a607dca467c5dc0652