Section:  .. / 0911-exploits  /

Page 2 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 25 - 50 of 449
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: nss-bypass.txt
Description:
Mozilla NSS NULL character CA SSL certificate validation security bypass vulnerability.
Author:Dan Kaminsky
Homepage:http://www.doxpara.com
File Size:7450
Last Modified:Nov 16 22:01:57 2009
MD5 Checksum:3a02a4eed8006d3a2834913dde03f727

 ///  File Name: ie_createobject.rb.txt
Description:
This Metasploit module exploits a generic code execution vulnerability in Internet Explorer by abusing vulnerable ActiveX objects.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:7347
Last Modified:Oct 30 17:01:20 2009
MD5 Checksum:a85d55c56e1a1797651aac42aabe0cb8

 ///  File Name: CORE-2009-0910.txt
Description:
Core Security Technologies Advisory - Autodesk Maya Script Nodes suffers from an arbitrary command execution vulnerability.
Homepage:http://www.coresecurity.com/corelabs/
File Size:7317
Related CVE(s):CVE-2009-3578
Last Modified:Nov 23 18:29:33 2009
MD5 Checksum:992dec8c33937be89fdd1c1717b8d5a9

 ///  File Name: mediasrv_sunrpc.rb.txt
Description:
This exploit targets a stack overflow in the MediaSrv RPC service of CA BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code.
Author:toto
Homepage:http://www.metasploit.com
File Size:7299
Related OSVDB(s):35326
Related CVE(s):CVE-2007-2139
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:b30b4f7f29315bdcca157be6ca0759d6

 ///  File Name: kmeleon-overrun.txt
Description:
K-Meleon version 1.5.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
Author:Maksymilian Arciemowicz
Homepage:http://securityreason.com/
File Size:7205
Related CVE(s):CVE-2009-0689
Last Modified:Nov 19 23:18:25 2009
MD5 Checksum:77a8692a8d922a730d4eb910224dfb1a

 ///  File Name: apache_chunked.rb.txt
Description:
This Metasploit module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apache (Oracle 8i, 9i, IBM HTTPD, etc). You will need to use the Check() functionality to determine the exact target version prior to launching the exploit. The version of Apache bundled with Oracle 8.1.7 will not automatically restart, so if you use the wrong target value, the server will crash.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:7146
Related OSVDB(s):838
Related CVE(s):CVE-2002-0392
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:e3d3d24a04a5fa710ddd92b1a78239b0

 ///  File Name: psexec.rb.txt
Description:
This Metasploit module uses a valid administrator username and password (or password hash) to execute an arbitrary payload. This Metasploit module is similar to the "psexec" utility provided by SysInternals. Unfortunately, this module is not able to clean up after itself. The service and payload file listed in the output will need to be manually removed after access has been gained. The service created by this tool uses a randomly chosen name and description, so the services list can become cluttered after repeated exploitation.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:7017
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:ec78b183c6635c79b969beaba936aa7e

 ///  File Name: CORE-2009-0909.txt
Description:
Core Security Technologies Advisory - Autodesk 3DS Max Application Callbacks suffers from an arbitrary command execution vulnerability.
Homepage:http://www.coresecurity.com/corelabs/
File Size:6946
Related CVE(s):CVE-2009-3577
Last Modified:Nov 23 18:28:16 2009
MD5 Checksum:f146c94bba1eb57f049eee4566a80d19

 ///  File Name: SWRX-2009-001.txt
Description:
The McAfee Network Security Manager suffers from a cross site scripting vulnerability.
Author:Daniel King
File Size:6860
Related CVE(s):CVE-2009-3565
Last Modified:Nov 17 13:57:03 2009
MD5 Checksum:4bcab0a4fedebb625765112b1a5be21f

 ///  File Name: ibm_tpmfosd_overflow.rb.txt
Description:
This is a stack overflow exploit for IBM Tivoli Provisioning Manager for OS Deployment version 5.1.0.X.
Author:toto
Homepage:http://www.metasploit.com
File Size:6773
Related OSVDB(s):34678
Related CVE(s):CVE-2007-1868
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:0e651970fd8db1555515d7abc16a76ac

 ///  File Name: CORE-2009-0912.txt
Description:
Core Security Technologies Advisory - Blender embeds a python interpreter to extend its functionality. Blender .blend project files can be modified to execute arbitrary commands without user intervention by design. An attacker can take full control of the machine where Blender is installed by sending a specially crafted .blend file and enticing the user to open it.
Homepage:http://www.coresecurity.com/corelabs/
File Size:6678
Related CVE(s):CVE-2009-3850
Last Modified:Nov 5 14:23:53 2009
MD5 Checksum:3f35540862c9c7a87d3aca95c31184c7

 ///  File Name: ms03_026_dcom.rb.txt
Description:
This Metasploit module exploits a stack overflow in the RPCSS service, this vulnerability was originally found by the Last Stage of Delirium research group and has bee widely exploited ever since. This Metasploit module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)
Author:H D Moore,cazz,spoonm
Homepage:http://www.metasploit.com
File Size:6662
Related OSVDB(s):2100
Related CVE(s):CVE-2003-0352
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:0e8c891f65d0c275b901a86b6cebc95d

 ///  File Name: SN-2009-02.txt
Description:
ToutVirtual VirtualIQ Pro version 3.2 build 7882 suffers from cross site scripting, cross site request forgery, directory traversal, and code execution vulnerabilities.
Author:Alberto Trivero,Claudio Criscione
Homepage:http://www.securenetwork.it/advisories/
File Size:6385
Related CVE(s):CVE-2008-2938, CVE-2006-3835
Last Modified:Nov 16 19:59:14 2009
MD5 Checksum:db0756a516815b6718a7f2c4a5099533

 ///  File Name: sybsec-adv17.txt
Description:
Cisco VPN Client 0day integer overflow denial of service proof of concept code.
Author:Alex Hernandez
File Size:6351
Last Modified:Nov 19 23:13:44 2009
MD5 Checksum:7e510e9de03030493f7d24697b283b22

 ///  File Name: netgear_wg111_beacon.rb.txt
Description:
This Metasploit module exploits a stack overflow in the NetGear WG111v2 wireless device driver. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains more than 1100 bytes worth of information elements. This exploit was tested with version 5.1213.6.316 of the WG111v2.SYS driver and a NetGear WG111v2 USB adapter. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:18:4d:02:XX:XX. Vulnerable clients will need to have their card in a non-associated state for this exploit to work. The easiest way to reproduce this bug is by starting the exploit and then unplugging and reinserting the USB card. The exploit can take up to a minute to execute the payload, depending on system activity. NetGear was NOT contacted about this flaw. A search of the SecurityFocus database indicates that NetGear has not provided an official patch or solution for any of the thirty flaws listed at the time of writing. This list includes BIDs: 1010, 3876, 4024, 4111, 5036, 5667, 5830, 5943, 5940, 6807, 7267, 7270, 7371, 7367, 9194, 10404, 10459, 10585, 10935, 11580, 11634, 12447, 15816, 16837, 16835, 19468, and 19973. This Metasploit module depends on the Lorcon2 library and only works on the Linux platform with a supported wireless card. Please see the Ruby Lorcon2 documentation (external/ruby-lorcon/README) for more information.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:6304
Related OSVDB(s):30473
Related CVE(s):CVE-2006-5972
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:9ceed7c29c5098508333f0dbb1abef88

 ///  File Name: iis5-exec.txt
Description:
Remake of the IIS 5.0 FTP server / remote SYSTEM exploit. Useful for Win2k/JP SP0 through SP3.
Author:Kingcope,Mati Aharoni,Tomoki Sanaki
File Size:6271
Last Modified:Nov 18 08:11:50 2009
MD5 Checksum:68d064d65a63424979f4a1bb52027914

 ///  File Name: Telepark-fixes-nov09-2.txt
Description:
Telepark Wiki versions 2.4.23 and below suffer from code execution, delete page, and cross site scripting vulnerabilities.
Author:Abysssec
Homepage:http://abysssec.com/
File Size:6223
Last Modified:Nov 16 22:13:54 2009
MD5 Checksum:865381e7b640e73bd552e43c6d8ce445

 ///  File Name: bitrix-rfi.txt
Description:
New exploit for an old already known remote file inclusion bug in Bitrix Site Manager.
Author:Don Tukulesto
Homepage:http://www.indonesiancoder.com/
Related Exploit:bitrix40xInclusion.txt
File Size:6001
Last Modified:Nov 18 08:07:53 2009
MD5 Checksum:5738185a1023769b6c1d04494ffbfc85

 ///  File Name: ms06_025_rasmans_reg.rb.txt
Description:
This Metasploit module exploits a registry-based stack overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000. When attacking XP SP1, the SMBPIPE option needs to be set to 'SRVSVC'. Exploiting this flaw involves two distinct steps - creating the registry key and then triggering an overwrite based on a read of this key. Once the key is created, it cannot be recreated. This means that for any given system, you only get one chance to exploit this flaw. Picking the wrong target will require a manual removal of the following registry key before you can try again: HKEY_USERS\\\\.DEFAULT\\\\Software\\\\Microsoft\\\\RAS Phonebook
Author:H D Moore,Pusscat
Homepage:http://www.metasploit.com
File Size:5884
Related OSVDB(s):26437
Related CVE(s):CVE-2006-2370
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:e3878c4e99491b1e90737445afd1a5bd

 ///  File Name: ms09_065_eot_integer.rb.txt
Description:
This Metasploit module exploits an integer overflow flaw in the Microsoft Windows Embedded OpenType font parsing code located in win32k.sys. Since the kernel itself parses embedded web fonts, it is possible to trigger a BSoD from a normal web page when viewed with Internet Explorer.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:5818
Related OSVDB(s):59869
Related CVE(s):CVE-2009-2514
Last Modified:Nov 18 07:53:11 2009
MD5 Checksum:e144d2789bddff28d9c46a51e8731b3a

 ///  File Name: ie_unsafe_scripting.rb.txt
Description:
This exploit takes advantage of the "Initialize and script ActiveX controls not marked safe for scripting" setting within Internet Explorer.
Author:natron
Homepage:http://www.metasploit.com
File Size:5767
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:3bd62efc3766194d68aa73eb6ae5ef50

 ///  File Name: servu_mdtm.rb.txt
Description:
This is an exploit for the Serv-U's MDTM command timezone overflow. It has been heavily tested against versions 4.0.0.4/4.1.0.0/4.1.0.3/5.0.0.0 with success against nt4/2k/xp/2k3. I have also had success against version 3, but only tested 1 version/os. The bug is in all versions prior to 5.0.0.4, but this exploit will not work against versions not listed above. You only get one shot, but it should be OS/SP independent. This exploit is a single hit, the service dies after the shellcode finishes execution.
Author:spoonm
Homepage:http://www.metasploit.com
File Size:5677
Related OSVDB(s):4073
Related CVE(s):CVE-2004-0330
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:3c3e798367f555e4fb0346813c33a307

 ///  File Name: joomlatinymce-exec.txt
Description:
Remote code execution exploit for Joomla 1.5.12 using a file upload vulnerability in TinyMCE.
Author:Luca De Fulgentis
File Size:5674
Last Modified:Nov 2 23:21:43 2009
MD5 Checksum:703dc2699c920bd5ccf7a8f7e74ceef3

 ///  File Name: domino_http_accept_language.rb.txt
Description:
This Metasploit module exploits a stack overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes.
Author:Earl Marcus,Fairuzan Roslan
Homepage:http://www.metasploit.com
File Size:5661
Related OSVDB(s):45415
Related CVE(s):CVE-2008-2240
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:434938f54dbe3e0b8433554d770893d8

 ///  File Name: adobe_geticon.rb.txt
Description:
This Metasploit module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.4. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.
Author:Didier Stevens,MC,jduck
Homepage:http://www.metasploit.com
File Size:5606
Related OSVDB(s):53647
Related CVE(s):CVE-2009-0927
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:1f2320eef87406c95ea5b7edbe4b85eb