This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted attach request.
b80f3f01d5b09ec0df01689c15ecee32ca53ffad4905d8a3f3f94aeef0db9afb
This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted create request.
f3b72345c222e40c6aaf748b6c4f32d67304fddd295a20f57eef48e39ed8ec37
This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted service attach request.
6064154184357638969d135075df6a18b1fdd12c7031a8c3a01b541a382b4d19
This Metasploit module exploits a stack overflow in the Salim Gasmi GLD versions 1.4 and below greylisting daemon for Postfix. By sending an overly long string the stack can be overwritten.
ea6d90f755fe4ab12b60f16218193025e81969e9398ec2a4ad48e9c30e700753
This Metasploit module exploits a stack-based buffer overflow in the Madwifi driver.
0754c28ffae1c6acf4d1bb93d5f0ef0b22f7d54c1e399116520b529c45ac5417
This Metasploit module exploits a buffer overflow in the 'LSUB' command of the University of Washington IMAP service. This vulnerability can only be exploited with a valid username and password.
ed074262b944617dd05f31cfbad7fdb4bc44dbc72e181c6afa6bc59ed9e6d14a
This Metasploit module exploits a stack overflow in the Back Orifice pre-processor module included with Snort versions 2.4.0, 2.4.1, 2.4.2, and 2.4.3. This vulnerability could be used to completely compromise a Snort sensor, and would typically gain an attacker full root or administrative privileges.
585cf3c1e094b61417107aeaed623a55b27056aae30c96f310965fd2fc23c460
This Metasploit module exploits a stack overflow in PeerCast versions 0.1216 and below. The vulnerability is caused due to a boundary error within the handling of URL parameters.
a97d8094e69f356b824cec0293b2687edc10f2b3b75350b8dde86a8f0530ef97
This Metasploit module exploits a stack overflow in apply.cgi on the Linksys WRT54G and WRT54GS routers. According to iDefense who discovered this vulnerability, all WRT54G versions prior to 4.20.7 and all WRT54GS version prior to 1.05.2 may be be affected.
05f730badb59943ab48414e62810156de18000b427d38198a0facb7c98a34364
This Metasploit module exploits a format string vulnerability in the Berlios GPSD server. This vulnerability was discovered by Kevin Finisterre.
d2e1483aa159570fa1971db2ccf1f50ba9cfec3932e23d478dc9ec3b53de36a1
This Metasploit module abuses a metacharacter injection vulnerability in the HTTP management server of wireless gateways running DD-WRT. This flaw allows an unauthenticated attacker to execute arbitrary commands as the root user account.
f7af9223b5eec8e1b261fdcf742cf64095bfc863450d469577f5a680d3312887
This Metasploit module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary commands by specifying shell metacharacters as the 'user' within the 'ping' action to obtain 'httpd' user access. This module only supports command line payloads, as the httpd process kills the reverse/bind shell spawn after the HTTP 200 OK response.
5f729c464589be1bd553b1af7b924cba42e213fffa0fc22238f2714175028981
This is an exploit for the GameSpy secure query in the Unreal Engine. This exploit only requires one UDP packet, which can be both spoofed and sent to a broadcast address. Usually, the GameSpy query server listens on port 7787, but you can manually specify the port as well. The RunServer.sh script will automatically restart the server upon a crash, giving us the ability to bruteforce the service and exploit it multiple times.
f450b169feb194e0e65157d07815ac70dd9253a75e0d229c069ff6dce045c81d
This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix.
e9b94c7b39094f786cf93481c5471c76f60e78b4c1f1ebf64aff58eaed537f5d
This exploit abuses an unpublished vulnerability in the HP-UX LPD service. This flaw allows an unauthenticated attacker to execute arbitrary commands with the privileges of the root user. The LPD service is only exploitable when the address of the attacking system can be resolved by the target. This vulnerability was silently patched with the buffer overflow flaws addressed in HP Security Bulletin HPSBUX0208-213.
f9d5ef66fb19775cafad693801df558f4d03366c4666e3742e525d43fecae14b
This Metasploit module exploits a stack overflow in XTACACSD versions 4.1.2 and below. By sending a specially crafted XTACACS packet with an overly long username, an attacker may be able to execute arbitrary code.
068edc782b5026fe47e5d9c5618ccb7a64b50639d9ee2451f72c1757139fddc5
This exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments.
879fb76e40bddd82af476396294fcefd3b2cf5ce2ed0dcf7a06b1239ed4be912
This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.
c9dccfe5b7419f70e2a30a4c2e34c682780607f4dc1a5b5945ab9f5f4cef63b9
This is a detailed analysis regarding the U3D CLODProgressiveMeshDeclaration initialization array overrun that affects Adobe Acrobat Reader versions 7.x, 8.x, and 9.x. Exploit included.
c090417dc1342b3cda436100dd5256853c41e6b89eb64b311be1a05620d98e00
SharePoint Team Services suffers from a remote source code disclosure vulnerability in its download facility.
4e7055eb3038cde6c4ec6d7dddd8f7a0b00a1c88f6274975ea98f42e56ba948e
xp-AntiSpy versions 3.9.7-4 and below local buffer overflow exploit that creates a malicious .xpas file.
fb7c0d38c62756cc07427f4f9cc68a113bb21c52a93dcd03c74d4ea5f5190bc2
Cherokee web server version 0.5.4 remote denial of service exploit.
bc5ae7c21bcb8c03242d5ca9efe893b038532ab37ece8f6120f1d93318696b2b
Jetty versions 6.x and 7.x suffer from cross site scripting, injection, and information disclosure vulnerabilities.
5f6bdd64a6596d46cbd0a5ae2448106b4656a8543eb8f07317ef5d4b92ae82d9
RunCMS version 2M1 store() remote SQL injection exploit.
5ec198e21d6cd21d61f5fdc3c6a5ee8d87713cb7314e10d3097198cadcd066a8
TFTgallery version 0.13 is susceptible to a cross site scripting vulnerability.
63c864ab65c6626cd22619a37272b2397a4e4a8dfda92c12502c770de28ed5ca