Section:  .. / 0911-exploits  /

Page 9 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 200 - 225 of 449
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: ms06_040_netapi.rb.txt
Description:
This Metasploit module exploits a stack overflow in the NetApi32 CanonicalizePathName() function using the NetpwPathCanonicalize RPC call in the Server Service. It is likely that other RPC calls could be used to exploit this service. This exploit will result in a denial of service on on Windows XP SP2 or Windows 2003 SP1. A failed exploit attempt will likely result in a complete reboot on Windows 2000 and the termination of all SMB-related services on Windows XP. The default target for this exploit should succeed on Windows NT 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:8354
Related OSVDB(s):27845
Related CVE(s):CVE-2006-3439
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:09ce9abfa6366a47d09be140af9affef

 ///  File Name: ms06_055_vml_method.rb.txt
Description:
This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.
Author:Aviv Raff,H D Moore,M Shirk,Mr.Niega,Trirat Puttaraksa
Homepage:http://www.metasploit.com
File Size:3885
Related OSVDB(s):28946
Related CVE(s):CVE-2006-4868
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:715a26e332ef319bc61f812179780008

 ///  File Name: ms06_057_webview_setslice.rb.txt
Description:
This Metasploit module exploits a flaw in the WebViewFolderIcon ActiveX control included with Windows 2000, Windows XP, and Windows 2003. This flaw was published during the Month of Browser Bugs project (MoBB #18).
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:3386
Related OSVDB(s):27110
Related CVE(s):CVE-2006-3730
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:6fe379a656f13db355bff8418fdf7e3c

 ///  File Name: ms06_066_nwapi.rb.txt
Description:
This Metasploit module exploits the vulnerability in nwapi32.dll as described in MS06-066.
Author:Pusscat
Homepage:http://www.metasploit.com
File Size:3738
Related OSVDB(s):30260
Related CVE(s):CVE-2006-4688
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:e46d8b56030dcc17c1389e3fec046cd6

 ///  File Name: ms06_066_nwwks.rb.txt
Description:
This Metasploit module exploits a stack overflow in the svchost service, when the netware client service is running.
Author:Pusscat
Homepage:http://www.metasploit.com
File Size:3519
Related OSVDB(s):30260
Related CVE(s):CVE-2006-4688
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:845947a57fc90dc8289d163427c11077

 ///  File Name: ms06_067_keyframe.rb.txt
Description:
This Metasploit module exploits a heap overflow vulnerability in the KeyFrame method of the direct animation ActiveX control. This is a port of the exploit implemented by Alexander Sotirov.
Author:Alexander Sotirov,skape
Homepage:http://www.metasploit.com
File Size:3533
Related OSVDB(s):28842
Related CVE(s):CVE-2006-4777
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:f311c947bb718b5b83a20f17370dd051

 ///  File Name: ms06_071_xml_core.rb.txt
Description:
This Metasploit module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This Metasploit module is the modified version of http://www.milw0rm.com/exploits/2743 - credit to str0ke. This Metasploit module has been successfully tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6 + Microsoft XML Core Services 4.0 SP2.
Author:Trirat Puttaraksa
Homepage:http://www.metasploit.com
File Size:4383
Related OSVDB(s):29425
Related CVE(s):CVE-2006-5745
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:31b6f63c7a236c87738c0eae9ae220de

 ///  File Name: ms07_064_sami.rb.txt
Description:
This Metasploit module exploits a stack overflow in the DirectShow Synchronized Accessible Media Interchanged (SAMI) parser in quartz.dll. This Metasploit module has only been tested with Windows Media Player (6.4.09.1129) and DirectX 8.0.
Author:MC
Homepage:http://www.metasploit.com
File Size:2787
Related OSVDB(s):39126
Related CVE(s):CVE-2007-3901
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:988b11f0121a564e366bd17fda30c525

 ///  File Name: ms07_065_msmq.rb.txt
Description:
This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. This exploit requires the target system to have been configured with a DNS name and for that name to be supplied in the 'DNAME' option. This name does not need to be served by a valid DNS server, only configured on the target machine.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:4263
Related OSVDB(s):39123
Related CVE(s):CVE-2007-3039
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c28dd950f80df9a3406ea9f8204c0e31

 ///  File Name: ms08_041_snapshotviewer.rb.txt
Description:
This Metasploit module allows remote attackers to place arbitrary files on a users file system via the Microsoft Office Snapshot Viewer ActiveX Control.
Author:MC
Homepage:http://www.metasploit.com
File Size:2638
Related OSVDB(s):46749
Related CVE(s):CVE-2008-2463
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:54e6e6213f3dbbdca7fa19ccd4216581

 ///  File Name: ms08_053_mediaencoder.rb.txt
Description:
This Metasploit module exploits a stack overflow in Windows Media Encoder 9. When sending an overly long string to the GetDetailsString() method of wmex.dll an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3425
Related OSVDB(s):47962
Related CVE(s):CVE-2008-3008
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:30680e4a59504024930bee6edd40ccc7

 ///  File Name: ms09_002_memory_corruption.rb.txt
Description:
This Metasploit module exploits an error related to the CFunctionPointer function when attempting to access uninitialized memory. A remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Author:dean
Homepage:http://www.metasploit.com
File Size:3824
Related OSVDB(s):51839
Related CVE(s):CVE-2009-0075
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:e17c0300b31c041c7764d657860fa92b

 ///  File Name: ms_visual_basic_vbp.rb.txt
Description:
This Metasploit module exploits a stack oveflow in Microsoft Visual Basic 6.0. When a specially crafted vbp file containing a long reference line, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3025
Related CVE(s):CVE-2007-4776
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c67c58f9ed43ab5964d86aca51104669

 ///  File Name: ms_visual_studio_msmask.rb.txt
Description:
This Metasploit module exploits a stack overflow in Microsoft's Visual Studio 6.0. When passing a specially crafted string to the Mask parameter of the Msmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary code.
Author:MC,koshi
Homepage:http://www.metasploit.com
File Size:3625
Related CVE(s):CVE-2008-3704
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:b192c9beb06a91690727d675ecdb0152

 ///  File Name: mssql_payload.rb.txt
Description:
This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using the Windows debug.com method for writing an executable to disk and the xp_cmdshell stored procedure. File size restrictions are avoided by incorporating the debug bypass method presented at Defcon 17 by SecureState. Note that this module will leave a metasploit payload in the Windows System32 directory which must be manually deleted once the attack is completed.
Author:David Kennedy "ReL1K"
Homepage:http://www.metasploit.com
File Size:1749
Related OSVDB(s):557
Related CVE(s):CVE-2000-0402
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:9fcdfb3e45947625be60d062c78ae1af

 ///  File Name: msvidctl_mpeg2.rb.txt
Description:
This Metasploit module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow (BDATuner.MPEG2TuneRequest). By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option (otherwise randomized) - I)ruid
Author:Trancer
Homepage:http://www.metasploit.com
File Size:8579
Related OSVDB(s):55651
Related CVE(s):CVE-2008-0015
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:9b9d26e9a03bbef70db82e706671e334

 ///  File Name: mswhale_checkforupdates.rb.txt
Description:
This Metasploit module exploits a stack overflow in Microsoft Whale Intelligent Application Gateway Whale Client. When sending an overly long string to CheckForUpdates() method of WhlMgr.dll (3.1.502.64) an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3095
Related OSVDB(s):53933
Related CVE(s):CVE-2007-2238
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:a79d844fcce28ce4ca2f2e01d144f8bb

 ///  File Name: msworks_wkspictureinterface.rb.txt
Description:
The Microsoft Works ActiveX control (WkImgSrv.dll) could allow a remote attacker to execute arbitrary code on a system. By passing a negative integer to the WksPictureInterface method, an attacker could execute arbitrary code on the system with privileges of the victim. Change 168430090 /0X0A0A0A0A to 202116108 / 0x0C0C0C0C FOR IE6. This control is not marked safe for scripting, please choose your attack vector carefully.
Author:dean
Homepage:http://www.metasploit.com
File Size:3244
Related OSVDB(s):44458
Related CVE(s):CVE-2008-1898
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:bcdb58bef1a3657bd1dfbb797f9b50ed

 ///  File Name: name_service.rb.txt
Description:
This Metasploit module exploits a vulnerability in the Veritas Backup Exec Agent Browser service. This vulnerability occurs when a recv() call has a length value too long for the destination stack buffer. By sending an agent name value of 63 bytes or more, we can overwrite the return address of the recv function. Since we only have ~60 bytes of contiguous space for shellcode, a tiny findsock payload is sent which uses a hardcoded IAT address for the recv() function. This payload will then roll the stack back to the beginning of the page, recv() the real shellcode into it, and jump to it. This Metasploit module has been tested against Veritas 9.1 SP0, 9.1 SP1, and 8.6.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:4479
Related OSVDB(s):12418
Related CVE(s):CVE-2004-1172
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:2e7ed3fc1d5b832c0eb89a9efc217759

 ///  File Name: navicopa_get_overflow.rb.txt
Description:
This Metasploit module exploits a stack overflow in NaviCOPA 2.0.1. The vulnerability is caused due to a boundary error within the handling of URL parameters.
Author:MC
Homepage:http://www.metasploit.com
File Size:1989
Related OSVDB(s):29257
Related CVE(s):CVE-2006-5112
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c1a626de774259771ca4d5d7b4c04f29

 ///  File Name: netcat110_nt.rb.txt
Description:
This Metasploit module exploits a stack overflow in Netcat v1.10 NT. By sending an overly long string we are able to overwrite SEH. The vulnerability exists when netcat is used to bind (-e) an executable to a port in doexec.c. This Metasploit module tested successfully using "c:\\>nc -L -p 31337 -e ftp".
Author:patrick
Homepage:http://www.metasploit.com
File Size:1889
Related OSVDB(s):12612
Related CVE(s):CVE-2004-1317
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:21c003ef4e86ce46f27c10cc6824efe5

 ///  File Name: netgear_wg111_beacon.rb.txt
Description:
This Metasploit module exploits a stack overflow in the NetGear WG111v2 wireless device driver. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains more than 1100 bytes worth of information elements. This exploit was tested with version 5.1213.6.316 of the WG111v2.SYS driver and a NetGear WG111v2 USB adapter. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:18:4d:02:XX:XX. Vulnerable clients will need to have their card in a non-associated state for this exploit to work. The easiest way to reproduce this bug is by starting the exploit and then unplugging and reinserting the USB card. The exploit can take up to a minute to execute the payload, depending on system activity. NetGear was NOT contacted about this flaw. A search of the SecurityFocus database indicates that NetGear has not provided an official patch or solution for any of the thirty flaws listed at the time of writing. This list includes BIDs: 1010, 3876, 4024, 4111, 5036, 5667, 5830, 5943, 5940, 6807, 7267, 7270, 7371, 7367, 9194, 10404, 10459, 10585, 10935, 11580, 11634, 12447, 15816, 16837, 16835, 19468, and 19973. This Metasploit module depends on the Lorcon2 library and only works on the Linux platform with a supported wireless card. Please see the Ruby Lorcon2 documentation (external/ruby-lorcon/README) for more information.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:6304
Related OSVDB(s):30473
Related CVE(s):CVE-2006-5972
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:9ceed7c29c5098508333f0dbb1abef88

 ///  File Name: netidentity_xtierrpcpipe.rb.txt
Description:
This Metasploit module exploits a stack overflow in Novell's NetIdentity Agent. When sending a specially crafted string to the 'XTIERRPCPIPE' named pipe, an attacker may be able to execute arbitrary code. The success of this module is much greater once the service has been restarted.
Author:MC,Ruben Santamarta
Homepage:http://www.metasploit.com
File Size:5002
Related OSVDB(s):53351
Related CVE(s):CVE-2009-1350
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:d6e6600af22fbaa6a1eb6e5af2edc05f

 ///  File Name: netterm_netftpd_user.rb.txt
Description:
This Metasploit module exploits a vulnerability in the NetTerm NetFTPD application. This package is part of the NetTerm package. This Metasploit module uses the USER command to trigger the overflow.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:2690
Related OSVDB(s):15865
Related CVE(s):CVE-2005-1323
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:39884793a1e92b69ca6683832a08c846

 ///  File Name: niprint.rb.txt
Description:
This Metasploit module exploits a stack overflow in the Network Instrument NIPrint LPD service.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:1624
Related OSVDB(s):2774
Related CVE(s):CVE-2003-1141
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:0cf00e0f2ca676c7020effb4d0d516bc