Section: .. / 0911-exploits /

Page 4 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 75 - 100 of 449

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	mcafee_hercules_deletesnapshot.rb.t..>
Description:	This Metasploit module exploits a stack overflow in McAfee Remediation Agent 4.5.0.41. When sending an overly long string to the DeleteSnapshot() method of enginecom.dll (3.7.0.9) an attacker may be able to execute arbitrary code. This control is not marked safe for scripting, so choose your attack vector accordingly.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	4561
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	30b6004a5deb721219522362363fdb24

/// File Name:	ms04_011_lsass.rb.txt
Description:	This Metasploit module exploits a stack overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4548
Related OSVDB(s):	5248
Related CVE(s):	CVE-2003-0533
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	70709884db691b00a5f83e02c46451e1

/// File Name:	name_service.rb.txt
Description:	This Metasploit module exploits a vulnerability in the Veritas Backup Exec Agent Browser service. This vulnerability occurs when a recv() call has a length value too long for the destination stack buffer. By sending an agent name value of 63 bytes or more, we can overwrite the return address of the recv function. Since we only have ~60 bytes of contiguous space for shellcode, a tiny findsock payload is sent which uses a hardcoded IAT address for the recv() function. This payload will then roll the stack back to the beginning of the page, recv() the real shellcode into it, and jump to it. This Metasploit module has been tested against Veritas 9.1 SP0, 9.1 SP1, and 8.6.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4479
Related OSVDB(s):	12418
Related CVE(s):	CVE-2004-1172
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	2e7ed3fc1d5b832c0eb89a9efc217759

/// File Name:	fbsdrtld-exec.txt
Description:	FreeBSD local root exploit that leverages a bug in the Run-Time Link-Editor (rtld). Versions 7.1 and 8.0 are vulnerable.
Author:	Kingcope
File Size:	4469
Last Modified:	Nov 30 20:35:03 2009
MD5 Checksum:	cbcc98addf614846e89865ec7b0e193f

/// File Name:	bakbone_netvault_heap.rb.txt
Description:	This Metasploit module exploits a heap overflow in the BakBone NetVault Process Manager service. This code is a direct port of the netvault.c code written by nolimit and BuzzDee.
Author:	H D Moore,nolimit
Homepage:	http://www.metasploit.com
File Size:	4455
Related OSVDB(s):	15234
Related CVE(s):	CVE-2005-1009
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	875f10d61e00f6e28f4dd5afef4dd48c

/// File Name:	ms05_017_msmq.rb.txt
Description:	This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's excellent MSRPC website.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4434
Related OSVDB(s):	15458
Related CVE(s):	CVE-2005-0059
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	17069e45c5e565921dbd828c75bdb9d0

/// File Name:	groupwisemessenger_client.rb.txt
Description:	This Metasploit module exploits a stack overflow in Novell's GroupWise Messenger Client. By sending a specially crafted HTTP response, an attacker may be able to execute arbitrary code.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	4427
Related OSVDB(s):	46041
Related CVE(s):	CVE-2008-2703
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	0da711ff86ad6eca8d8c35d3c2225df2

/// File Name:	ms06_071_xml_core.rb.txt
Description:	This Metasploit module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This Metasploit module is the modified version of http://www.milw0rm.com/exploits/2743 - credit to str0ke. This Metasploit module has been successfully tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6 + Microsoft XML Core Services 4.0 SP2.
Author:	Trirat Puttaraksa
Homepage:	http://www.metasploit.com
File Size:	4383
Related OSVDB(s):	29425
Related CVE(s):	CVE-2006-5745
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	31b6f63c7a236c87738c0eae9ae220de

/// File Name:	ibmlotusdomino_dwa_uploadmodule.rb...>
Description:	This Metasploit module exploits a stack overflow in IBM Lotus Domino Web Access Upload Module. By sending an overly long string to the "General_ServerName()" property located in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute arbitrary code.
Author:	Elazar Broad
Homepage:	http://www.metasploit.com
File Size:	4356
Related OSVDB(s):	40954
Related CVE(s):	CVE-2007-4474
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	50aa5ae090a1b2db0a274c256a751cba

/// File Name:	mupdf-overflow.tgz
Description:	MuPDF and SumatraPDF suffer from a buffer overflow vulnerability. Proof of concept pdf included.
Author:	Christophe Devine
File Size:	4327
Last Modified:	Nov 30 16:48:23 2009
MD5 Checksum:	73751c3c590fdd3c9248b9c2f88dd4c8

/// File Name:	ms07_065_msmq.rb.txt
Description:	This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. This exploit requires the target system to have been configured with a DNS name and for that name to be supplied in the 'DNAME' option. This name does not need to be served by a valid DNS server, only configured on the target machine.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4263
Related OSVDB(s):	39123
Related CVE(s):	CVE-2007-3039
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	c28dd950f80df9a3406ea9f8204c0e31

/// File Name:	ms04_011_pct.rb.txt
Description:	This Metasploit module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an application that uses SSL. The only application protocol supported at this time is SMTP. You only have one chance to select the correct target, if you are attacking IIS, you may want to try one of the other exploits first (WebDAV). If WebDAV does not work, this more than likely means that this is either Windows 2000 SP4+ or Windows XP (IIS 5.0 vs IIS 5.1). Using the wrong target may not result in an immediate crash of the remote system.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	4224
Related OSVDB(s):	5250
Related CVE(s):	CVE-2003-0719
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	eb7d6cb9c2d3c0098ad3e22f55fe4c52

/// File Name:	safenet_ike_11.rb.txt
Description:	This Metasploit module exploits a stack overflow in Safenet SoftRemote IKE IreIKE.exe service. When sending a specially crafted udp packet to port 62514 an attacker may be able to execute arbitrary code. This Metasploit module has been tested with Juniper NetScreen-Remote 10.8.0 (Build 20) using windows/meterpreter/reverse_ord_tcp payloads.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	4200
Related OSVDB(s):	54831
Related CVE(s):	CVE-2009-1943
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	693347c05eeaf84f2c8e0f1db86d4c61

/// File Name:	adaptcms-rfi.txt
Description:	Adapt CMS Lite version 1.5 suffers from a remote file inclusion vulnerability. This is the same issue that affected 1.4.
Author:	v3n0m
Related Exploit:	adaptcms-rfixss.txt
File Size:	4191
Last Modified:	Nov 30 20:41:14 2009
MD5 Checksum:	6ced16079e7b0f02153c925513b6869a

/// File Name:	deliverscript-rfi.txt
Description:	DeliveryScript suffers from multiple remote file inclusion vulnerabilities.
Author:	kaMtiEz
Homepage:	http://www.indonesiancoder.com/
File Size:	4147
Last Modified:	Nov 16 19:57:56 2009
MD5 Checksum:	2f6c0e0a43909dd1987d543b16a009b3

/// File Name:	winzip_fileview.rb.txt
Description:	The FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61) could allow a remote attacker to execute arbitrary code on the system. The control contains several unsafe methods and is marked safe for scripting and safe for initialization. A remote attacker could exploit this vulnerability to execute arbitrary code on the victim system. WinZip 10.0 <= Build 6667 are vulnerable.
Author:	dean
Homepage:	http://www.metasploit.com
File Size:	4132
Related OSVDB(s):	30433
Related CVE(s):	CVE-2006-5198
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	93a6c98b454e30c0e115617c5211c2bb

/// File Name:	ImpelDown-2.6.31only.c
Description:	Linux 2.6.31 only fs/pipe.c local kernel root exploit.
Author:	teach,xipe
Homepage:	http://www.vxhell.org/
File Size:	4124
Related CVE(s):	CVE-2009-3547
Last Modified:	Nov 16 20:03:12 2009
MD5 Checksum:	59058f130fbbaa59fdd4f2fc9c67e0fe

/// File Name:	autodesk_idrop.rb.txt
Description:	This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.
Author:	Elazar Broad,Trancer
Homepage:	http://www.metasploit.com
File Size:	4124
Related OSVDB(s):	53265
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	037140349d314f924d03d94351da0c4e

/// File Name:	symantec_backupexec_pvcalendar.rb.t..>
Description:	This Metasploit module exploits a stack overflow in Symantec BackupExec Calendar Control. By sending an overly long string to the "_DOWText0" property located in the pvcalendar.ocx control, an attacker may be able to execute arbitrary code.
Author:	Elazar Broad
Homepage:	http://www.metasploit.com
File Size:	4118
Related OSVDB(s):	42358
Related CVE(s):	CVE-2007-6016
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	1df8f24fcdcece9e8eb4a56262167732

/// File Name:	athocgov_completeinstallation.rb.tx..>
Description:	This Metasploit module exploits a stack overflow in AtHocGov IWSAlerts. When sending an overly long string to the CompleteInstallation() method of AtHocGovTBr.dll (6.1.4.36) an attacker may be able to execute arbitrary code. This vulnerability was silently patched by the vendor.
Author:	MC
Homepage:	http://www.metasploit.com
File Size:	4097
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	7a69f327cb1b6c6fd85573375b96bec6

/// File Name:	aol_ampx_convertfile.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow in AOL IWinAmpActiveX class (AmpX.dll) version 2.4.0.6 installed via AOL Radio website. By setting an overly long value to 'ConvertFile()', an attacker can overrun a buffer and execute arbitrary code.
Author:	Trancer,rgod
Homepage:	http://www.metasploit.com
File Size:	4035
Related OSVDB(s):	54706
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	d4dc59c45b216b5b0e5026124d44c045

/// File Name:	hpmqc_progcolor.rb.txt
Description:	This Metasploit module exploits a stack-based buffer overflow in SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 installed by TestDirector (TD) for Hewlett-Packard Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32. By setting an overly long value to 'ProgColor', an attacker can overrun a buffer and execute arbitrary code.
Author:	Trancer
Homepage:	http://www.metasploit.com
File Size:	4001
Related OSVDB(s):	34317
Related CVE(s):	CVE-2007-1819
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	236739259c5f6f007c26b83d0392dadc

/// File Name:	trackercam_phparg_overflow.rb.txt
Description:	This Metasploit module exploits a simple stack overflow in the TrackerCam web server. All current versions of this software are vulnerable to a large number of security issues. This Metasploit module abuses the directory traversal flaw to gain information about the system and then uses the PHP overflow to execute arbitrary code.
Author:	H D Moore
Homepage:	http://www.metasploit.com
File Size:	3994
Related OSVDB(s):	13953,13955
Related CVE(s):	CVE-2005-0478
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	c832537867177bce73f7068a5b20ebfd

/// File Name:	Telepark-fixes-nov09.txt
Description:	Unavailable.
File Size:	3948
Last Modified:	Nov 16 22:11:34 2009
MD5 Checksum:	16e441e83cb59772d82307ccd69cf4c1

/// File Name:	ib_svc_attach.rb.txt
Description:	This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted service attach request.
Author:	Adriano Lima,Ramon de Carvalho Valle
Homepage:	http://www.metasploit.com
File Size:	3942
Related OSVDB(s):	38605
Related CVE(s):	CVE-2007-5243
Last Modified:	Nov 25 19:34:53 2009
MD5 Checksum:	221842da93044ac6124e2e9fcd093224