Section:  .. / 0911-exploits  /

Page 11 of 18
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 >> Files 250 - 275 of 449
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: ms07_064_sami.rb.txt
Description:
This Metasploit module exploits a stack overflow in the DirectShow Synchronized Accessible Media Interchanged (SAMI) parser in quartz.dll. This Metasploit module has only been tested with Windows Media Player (6.4.09.1129) and DirectX 8.0.
Author:MC
Homepage:http://www.metasploit.com
File Size:2787
Related OSVDB(s):39126
Related CVE(s):CVE-2007-3901
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:988b11f0121a564e366bd17fda30c525

 ///  File Name: ms07_065_msmq.rb.txt
Description:
This Metasploit module exploits a stack overflow in the RPC interface to the Microsoft Message Queueing service. This exploit requires the target system to have been configured with a DNS name and for that name to be supplied in the 'DNAME' option. This name does not need to be served by a valid DNS server, only configured on the target machine.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:4263
Related OSVDB(s):39123
Related CVE(s):CVE-2007-3039
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c28dd950f80df9a3406ea9f8204c0e31

 ///  File Name: ms08_041_snapshotviewer.rb.txt
Description:
This Metasploit module allows remote attackers to place arbitrary files on a users file system via the Microsoft Office Snapshot Viewer ActiveX Control.
Author:MC
Homepage:http://www.metasploit.com
File Size:2638
Related OSVDB(s):46749
Related CVE(s):CVE-2008-2463
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:54e6e6213f3dbbdca7fa19ccd4216581

 ///  File Name: ms08_053_mediaencoder.rb.txt
Description:
This Metasploit module exploits a stack overflow in Windows Media Encoder 9. When sending an overly long string to the GetDetailsString() method of wmex.dll an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3425
Related OSVDB(s):47962
Related CVE(s):CVE-2008-3008
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:30680e4a59504024930bee6edd40ccc7

 ///  File Name: ms09_002_memory_corruption.rb.txt
Description:
This Metasploit module exploits an error related to the CFunctionPointer function when attempting to access uninitialized memory. A remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Author:dean
Homepage:http://www.metasploit.com
File Size:3824
Related OSVDB(s):51839
Related CVE(s):CVE-2009-0075
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:e17c0300b31c041c7764d657860fa92b

 ///  File Name: ms09_065_eot_integer.rb.txt
Description:
This Metasploit module exploits an integer overflow flaw in the Microsoft Windows Embedded OpenType font parsing code located in win32k.sys. Since the kernel itself parses embedded web fonts, it is possible to trigger a BSoD from a normal web page when viewed with Internet Explorer.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:5818
Related OSVDB(s):59869
Related CVE(s):CVE-2009-2514
Last Modified:Nov 18 07:53:11 2009
MD5 Checksum:e144d2789bddff28d9c46a51e8731b3a

 ///  File Name: ms_visual_basic_vbp.rb.txt
Description:
This Metasploit module exploits a stack oveflow in Microsoft Visual Basic 6.0. When a specially crafted vbp file containing a long reference line, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3025
Related CVE(s):CVE-2007-4776
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c67c58f9ed43ab5964d86aca51104669

 ///  File Name: ms_visual_studio_msmask.rb.txt
Description:
This Metasploit module exploits a stack overflow in Microsoft's Visual Studio 6.0. When passing a specially crafted string to the Mask parameter of the Msmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary code.
Author:MC,koshi
Homepage:http://www.metasploit.com
File Size:3625
Related CVE(s):CVE-2008-3704
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:b192c9beb06a91690727d675ecdb0152

 ///  File Name: mssql_payload.rb.txt
Description:
This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using the Windows debug.com method for writing an executable to disk and the xp_cmdshell stored procedure. File size restrictions are avoided by incorporating the debug bypass method presented at Defcon 17 by SecureState. Note that this module will leave a metasploit payload in the Windows System32 directory which must be manually deleted once the attack is completed.
Author:David Kennedy "ReL1K"
Homepage:http://www.metasploit.com
File Size:1749
Related OSVDB(s):557
Related CVE(s):CVE-2000-0402
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:9fcdfb3e45947625be60d062c78ae1af

 ///  File Name: msvidctl_mpeg2.rb.txt
Description:
This Metasploit module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow (BDATuner.MPEG2TuneRequest). By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option (otherwise randomized) - I)ruid
Author:Trancer
Homepage:http://www.metasploit.com
File Size:8579
Related OSVDB(s):55651
Related CVE(s):CVE-2008-0015
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:9b9d26e9a03bbef70db82e706671e334

 ///  File Name: mswhale_checkforupdates.rb.txt
Description:
This Metasploit module exploits a stack overflow in Microsoft Whale Intelligent Application Gateway Whale Client. When sending an overly long string to CheckForUpdates() method of WhlMgr.dll (3.1.502.64) an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:3095
Related OSVDB(s):53933
Related CVE(s):CVE-2007-2238
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:a79d844fcce28ce4ca2f2e01d144f8bb

 ///  File Name: msworks_wkspictureinterface.rb.txt
Description:
The Microsoft Works ActiveX control (WkImgSrv.dll) could allow a remote attacker to execute arbitrary code on a system. By passing a negative integer to the WksPictureInterface method, an attacker could execute arbitrary code on the system with privileges of the victim. Change 168430090 /0X0A0A0A0A to 202116108 / 0x0C0C0C0C FOR IE6. This control is not marked safe for scripting, please choose your attack vector carefully.
Author:dean
Homepage:http://www.metasploit.com
File Size:3244
Related OSVDB(s):44458
Related CVE(s):CVE-2008-1898
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:bcdb58bef1a3657bd1dfbb797f9b50ed

 ///  File Name: mupdf-overflow.tgz
Description:
MuPDF and SumatraPDF suffer from a buffer overflow vulnerability. Proof of concept pdf included.
Author:Christophe Devine
File Size:4327
Last Modified:Nov 30 16:48:23 2009
MD5 Checksum:73751c3c590fdd3c9248b9c2f88dd4c8

 ///  File Name: name_service.rb.txt
Description:
This Metasploit module exploits a vulnerability in the Veritas Backup Exec Agent Browser service. This vulnerability occurs when a recv() call has a length value too long for the destination stack buffer. By sending an agent name value of 63 bytes or more, we can overwrite the return address of the recv function. Since we only have ~60 bytes of contiguous space for shellcode, a tiny findsock payload is sent which uses a hardcoded IAT address for the recv() function. This payload will then roll the stack back to the beginning of the page, recv() the real shellcode into it, and jump to it. This Metasploit module has been tested against Veritas 9.1 SP0, 9.1 SP1, and 8.6.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:4479
Related OSVDB(s):12418
Related CVE(s):CVE-2004-1172
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:2e7ed3fc1d5b832c0eb89a9efc217759

 ///  File Name: navicopa_get_overflow.rb.txt
Description:
This Metasploit module exploits a stack overflow in NaviCOPA 2.0.1. The vulnerability is caused due to a boundary error within the handling of URL parameters.
Author:MC
Homepage:http://www.metasploit.com
File Size:1989
Related OSVDB(s):29257
Related CVE(s):CVE-2006-5112
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:c1a626de774259771ca4d5d7b4c04f29

 ///  File Name: netcat110_nt.rb.txt
Description:
This Metasploit module exploits a stack overflow in Netcat v1.10 NT. By sending an overly long string we are able to overwrite SEH. The vulnerability exists when netcat is used to bind (-e) an executable to a port in doexec.c. This Metasploit module tested successfully using "c:\\>nc -L -p 31337 -e ftp".
Author:patrick
Homepage:http://www.metasploit.com
File Size:1889
Related OSVDB(s):12612
Related CVE(s):CVE-2004-1317
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:21c003ef4e86ce46f27c10cc6824efe5

 ///  File Name: netgear_wg111_beacon.rb.txt
Description:
This Metasploit module exploits a stack overflow in the NetGear WG111v2 wireless device driver. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains more than 1100 bytes worth of information elements. This exploit was tested with version 5.1213.6.316 of the WG111v2.SYS driver and a NetGear WG111v2 USB adapter. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:18:4d:02:XX:XX. Vulnerable clients will need to have their card in a non-associated state for this exploit to work. The easiest way to reproduce this bug is by starting the exploit and then unplugging and reinserting the USB card. The exploit can take up to a minute to execute the payload, depending on system activity. NetGear was NOT contacted about this flaw. A search of the SecurityFocus database indicates that NetGear has not provided an official patch or solution for any of the thirty flaws listed at the time of writing. This list includes BIDs: 1010, 3876, 4024, 4111, 5036, 5667, 5830, 5943, 5940, 6807, 7267, 7270, 7371, 7367, 9194, 10404, 10459, 10585, 10935, 11580, 11634, 12447, 15816, 16837, 16835, 19468, and 19973. This Metasploit module depends on the Lorcon2 library and only works on the Linux platform with a supported wireless card. Please see the Ruby Lorcon2 documentation (external/ruby-lorcon/README) for more information.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:6304
Related OSVDB(s):30473
Related CVE(s):CVE-2006-5972
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:9ceed7c29c5098508333f0dbb1abef88

 ///  File Name: netidentity_xtierrpcpipe.rb.txt
Description:
This Metasploit module exploits a stack overflow in Novell's NetIdentity Agent. When sending a specially crafted string to the 'XTIERRPCPIPE' named pipe, an attacker may be able to execute arbitrary code. The success of this module is much greater once the service has been restarted.
Author:MC,Ruben Santamarta
Homepage:http://www.metasploit.com
File Size:5002
Related OSVDB(s):53351
Related CVE(s):CVE-2009-1350
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:d6e6600af22fbaa6a1eb6e5af2edc05f

 ///  File Name: netterm_netftpd_user.rb.txt
Description:
This Metasploit module exploits a vulnerability in the NetTerm NetFTPD application. This package is part of the NetTerm package. This Metasploit module uses the USER command to trigger the overflow.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:2690
Related OSVDB(s):15865
Related CVE(s):CVE-2005-1323
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:39884793a1e92b69ca6683832a08c846

 ///  File Name: niprint.rb.txt
Description:
This Metasploit module exploits a stack overflow in the Network Instrument NIPrint LPD service.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:1624
Related OSVDB(s):2774
Related CVE(s):CVE-2003-1141
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:0cf00e0f2ca676c7020effb4d0d516bc

 ///  File Name: nis2004_antispam.rb.txt
Description:
This Metasploit module exploits a stack overflow in Norton AntiSpam 2004. When sending an overly long string to the LaunchCustomRuleWizard() method of symspam.dll (2004.1.0.147) an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2908
Related OSVDB(s):6249
Related CVE(s):CVE-2004-0363
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:123387e04f4080e8c6add6b875c08b28

 ///  File Name: nis2004_get.rb.txt
Description:
This Metasploit module exploits a stack overflow in the ISAlertDataCOM ActiveX Control (ISLAert.dll) provided by Symantec Norton Internet Security 2004. By sending a overly long string to the "Get()" method, an attacker may be able to execute arbitrary code.
Author:MC
Homepage:http://www.metasploit.com
File Size:2609
Related OSVDB(s):36164
Related CVE(s):CVE-2007-1689
Last Modified:Oct 30 17:01:26 2009
MD5 Checksum:27fa43c7a6bc6ad0adaf06f90417e613

 ///  File Name: nmap_stor.rb.txt
Description:
This Metasploit module exploits a stack overflow in Novell's Netmail 3.52 NMAP STOR verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution.
Author:MC
Homepage:http://www.metasploit.com
File Size:1621
Related OSVDB(s):31363
Related CVE(s):CVE-2006-6424
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:929d5bb49a88a714b4a34820d2e39e38

 ///  File Name: novell_messenger_acceptlang.rb.txt
Description:
This Metasploit module exploits a stack overflow in Novell GroupWise Messenger Server v2.0. This flaw is triggered by any HTTP request with an Accept-Language header greater than 16 bytes. To overwrite the return address on the stack, we must first pass a memcpy() operation that uses pointers we supply. Due to the large list of restricted characters and the limitations of the current encoder modules, very few payloads are usable.
Author:H D Moore
Homepage:http://www.metasploit.com
File Size:2184
Related OSVDB(s):24617
Related CVE(s):CVE-2006-0992
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:dcdb2decfd0bb7a24c41d523bb8fd16c

 ///  File Name: novell_netmail_append.rb.txt
Description:
This Metasploit module exploits a stack overflow in Novell's Netmail 3.52 IMAP APPEND verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution.
Author:MC
Homepage:http://www.metasploit.com
File Size:1958
Related OSVDB(s):31362
Related CVE(s):CVE-2006-6425
Last Modified:Nov 25 19:34:53 2009
MD5 Checksum:fd5c7de42beeacbca445b99c768cf27a