This Metasploit module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This Metasploit module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.
96b871a0195d2591844969f9bba63abc59813d3e7296ce6634f95d37eb06d859This Metasploit module exploits a stack overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.
60c5b0f8c0b2bae758156348e4c8ec79ad1ee0f66b1e62f0f5b340492a94c0c6This Metasploit module exploits a stack overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code.
21574fbd6e00724523d7a5f9074376708ca42fdee7cfd7358724cf3a988c22abThis Metasploit module exploits a buffer overflow in Apple QuickTime 7.1.3. This Metasploit module was inspired by MOAB-01-01-2007. The Browser target for this module was tested against IE 6 and Firefox 1.5.0.3 on Windows XP SP0/2; Firefox 3 blacklists the QuickTime plugin.
0b2ce5d40bcda714f7eeb620c09554a9625b558fd3dd638b89ff17d6190c2eeeThis Metasploit module exploits a stack overflow in Ask.com Toolbar 4.0.2.53. An attacker may be able to execute arbitrary code by sending an overly long string to the "ShortFormat()" method in askbar.dll.
0249fa5425f66e515b44963220de048bef1629fae9fdbbac12b1b044adf57ee6This Metasploit module exploits a stack overflow in Asus Dpcroxy version 2.0.0.19. It should be vulnerable until version 2.0.0.24.
2fe9f48d3f15c7789afc7a9cb89d4e8460d9728364df7e30ee77cc43757e5323This Metasploit module exploits a stack overflow in AtHocGov IWSAlerts. When sending an overly long string to the CompleteInstallation() method of AtHocGovTBr.dll (6.1.4.36) an attacker may be able to execute arbitrary code. This vulnerability was silently patched by the vendor.
3be437f260772dff9eaa53d584553434d04c820e8403f838ccbefca9b4d9967cThis Metasploit module exploits a stack overflow in AT-TFTP v1.9, by sending a request (get/write) for an overly long file name.
c485cdfe9f1d2432b1537fb84ec5ea7062f793592929aba3668b651348caba32This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.
ed9e481ead1489a1daf2b9cee8648d7e139f01c0d32d6ba6537f09d38141d0c1This is a stack overflow exploit for BadBlue version 2.5.
0d475fde99075c9ad6bf634410f200dc2f13e92c479178bd8bcfe8964c45e884This Metasploit module exploits a stack overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier.
3eddde82736d0b0ecfca5d1b0b9308d95d9ce454cf159801e881a87590afdd43This Metasploit module exploits a heap overflow in the BakBone NetVault Process Manager service. This code is a direct port of the netvault.c code written by nolimit and BuzzDee.
abb3356d348f4bf759c98838cbffce838b11685877ba40eb30c6f1e41e563425This Metasploit module exploits a 0day in the JSESSION cookie value when clustering is configured.
86c77b3be0f72a80cfacf3a893a4763093c6a54c14bc80ae50b93d61caa6c5a5This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. This vulnerability exists in the error reporting for unknown Transfer-Encoding headers. You may have to run this twice due to timing issues with handlers.
ba8f35f7d7e08834aa8e9aaa62c2d259a6ba632f79794a0647b915f1830dfd5cThis Metasploit module exploits a stack overflow in the NCTAudioFile2.Audio ActiveX Control provided by BearShare 6.0.2.26789. By sending a overly long string to the "SetFormatLikeSample()" method, an attacker may be able to execute arbitrary code.
391ea9701aa5c2824c8c010a33a3a53acf2d8878b0d3537d082c8d39edb32328This Metasploit module exploits a stack overflow in Belkin Bulldog Plus 4.0.2 build 1219. When sending a specially crafted http request, an attacker may be able to execute arbitrary code.
45aad35b5ab2c8331fdf0a21c06b843600a233e78d2d32e79556240e5698d21eThis exploits a stack overflow in the BigAnt Messaging Service, part of the BigAnt Server product suite. This Metasploit module was tested successfully against version 2.50 SP1.
a6efaa655fbca2207d1e6a66a1c5c9d6fb68fe09f3765724c03c9f340169fcf3This Metasploit module exploits a stack overflow in BigAnt Server 2.2. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.
b28a87380ea46061fdb7f0aba074ed8113eaa87be493b1d7c807546ef8032c68This Metasploit module exploits a stack overflow in the ISS products that use the iss-pam1.dll ICQ parser (Blackice/RealSecure). Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast address. The ISS exception handler will recover the process after each overflow, giving us the ability to bruteforce the service and exploit it multiple times.
d67c5051b25bd521627ed2f0b421e431d2c7a7bc79507cd2dd85cb4525447b2aThis Metasploit module exploits a buffer overflow in the Blue Coat Systems WinProxy service by sending a long port value for the Host header in a HTTP request.
82c80e9e59b7ee8805196b11f4141db3c2560f793a7da0edf8e9f6abaa27dc32This Metasploit module exploits a stack buffer overflow in Bomberclone 0.11.6 for Windows. The return address is overwritten with lstrcpyA memory address, the second and third value are the destination buffer, the fourth value is the source address of our buffer in the stack. This exploit is like a return in libc. ATTENTION The shellcode is exec ONLY when someone try to close bomberclone.
1f188f97f389b0404fc041c1871d2fe7bd68b27ac86eb20c50950042743fad29This Metasploit module exploits a stack overflow in Bopup Communications Server 3.2.26.5460. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.
4ff32d726ad735b55296a2b8480eb5333f6064cacce8f3c7061985db1f52ba1fThis Metasploit module exploits a stack overflow in Borland Interbase 2007. By sending a specially crafted create-request packet, a remote attacker may be able to execute arbitrary code.
4c2a6868ee123f5c6ac4d4af4662087424172ee39e6bfc56d8e204f412e56e81This Metasploit module exploits a stack overflow in Borland CaliberRM 2006. By sending a specially crafted GET request to the STMulticastService, an attacker may be able to execute arbitrary code.
d8bb96eb79adea37a793cf30d816ca54790900b0479cbb38b677856168d4d588The CA BrightStor ARCserve Backup ActiveX control (ListCtrl.ocx) is vulnerable to a stack-based buffer overflow. By passing an overly long argument to the AddColumn() method, a remote attacker could overflow a buffer and execute arbitrary code on the system.
deda324d5d17fb5a0a5f8b8fcc9d39b55328a2faeca975767d3d6875b67d01d1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed