exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 601 RSS Feed

Files

Persits XUpload ActiveX MakeHttpRequest Directory Traversal
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

This Metasploit module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing "..\\\\" sequences to the MakeHttpRequest method, an attacker is able to write arbitrary files to arbitrary locations on disk. Code execution occurs by writing to the All Users Startup Programs directory. You may want to combine this module with the use of multi/handler since a user would have to log for the payload to execute.

tags | exploit, arbitrary, code execution, activex
advisories | CVE-2009-3693
SHA-256 | a22d6a5d6ae13466a6759a4b609ca02715e96a081fa217cf96cb8a72607502d3
Oracle Document Capture 10g ActiveX Control Buffer Overflow
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Oracle Document Capture 10g (10.1.3.5.0). Oracle Document Capture 10g comes bundled with a third party ActiveX control emsmtp.dll (6.0.1.0). When passing a overly long string to the method "SubmitToExpress" an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-4607
SHA-256 | 3681ea82f4e84abfe0cbea6f00e7b797da8c9e22f7fa045d832eda5a5371bd10
Symantec Altiris Deployment Solution ActiveX Control Buffer Overflow
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Symantec Altiris Deployment Solution. When sending an overly long string to RunCmd() method of AeXNSConsoleUtilities.dll (6.0.0.1426) an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2009-3033
SHA-256 | 307712dacb17f1ff1707f3260b7175cbb211417deddfe962ccd54e42b6bc44df
AwingSoft Winds3D Player SceneURL Buffer Overflow
Posted Dec 31, 2009
Authored by shinnai, Trancer, jduck | Site metasploit.com

This Metasploit module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x (WindsPly.ocx v3.6.0.0). This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
SHA-256 | cc5464c5502efeb363604ff7cff786f441a5c42581c6aaf148a0991375add770
Microsoft Internet Explorer Style getElementsByTagName Memory Corruption
Posted Dec 31, 2009
Authored by jduck, K4mr4n_st | Site metasploit.com

This Metasploit module exploits a vulnerability in the getElementsByTagName function as implemented within Internet Explorer.

tags | exploit
advisories | CVE-2009-3672
SHA-256 | d11edd52626b5a17b7f199e8ad2f6694a46ee39e57f58766dc6ad4feb982d0fc
NCTAudioFile2 v2.x ActiveX Control SetFormatLikeSample() Buffer Overflow
Posted Dec 31, 2009
Authored by MC, jduck, dookie | Site metasploit.com

This Metasploit module exploits a stack overflow in the NCTAudioFile2.Audio ActiveX Control provided by various audio applications. By sending a overly long string to the "SetFormatLikeSample()" method, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-0018
SHA-256 | 572cd45f169e8ae99680a260fbe93c3ec15696fd145b671b14f7ce7d7656216b
HP LoadRunner 9.0 ActiveX AddFolder Buffer Overflow
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Persits Software Inc's XUpload ActiveX control(version 2.1.0.1) thats included in HP LoadRunner 9.0. By passing an overly long string to the AddFolder method, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-6530
SHA-256 | 0734205128b08ddc3df0d3272867d8a8333da02d7b7b61ab690efec93e3e3aaf
AwingSoft Winds3D Player 3.5 SceneURL Download and Execute
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

This Metasploit module exploits an untrusted program execution vulnerability within the Winds3D Player from AwingSoft. The Winds3D Player is a browser plugin for IE (ActiveX), Opera (DLL) and Firefox (XPI). By setting the 'SceneURL' parameter to the URL to an executable, an attacker can execute arbitrary code. Testing was conducted using plugin version 3.5.0.9 for Firefox 3.5 and IE 8 on Windows XP SP3.

tags | exploit, arbitrary, activex
systems | windows
SHA-256 | 5d1244d3102a6a8bc52f45d6e2d5c1543508b64b6756ff4a6bbce3e854708833
Persits XUpload ActiveX AddFile Buffer Overflow
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack overflow in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) thats included in HP LoadRunner 9.5. By passing an overly long string to the AddFile method, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2008-0492
SHA-256 | 089d6eb19898145a2a56800a1257447d897fce5f0c907c70b9222faf98dfc7db
Alt-N SecurityGateway username Buffer Overflow
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

Alt-N SecurityGateway is prone to a buffer overflow condition. This is due to insufficient bounds checking on the "username" parameter. Successful exploitation could result in code execution with SYSTEM level privileges. NOTE: This service doesn't restart, you'll only get one shot. However, it often survives a successful exploitation attempt.

tags | exploit, overflow, code execution
advisories | CVE-2008-4193
SHA-256 | ff81f757d0ee734b80216662fed47c56e6a92afa7502822354ef61533ab501d3
IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express CAD Service (5.3.3). By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2007-4880
SHA-256 | ba833e5d01e36543b456b900d99600f020ff71158db1a219a0b9c920d7d5fc41
HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Snmp.exe, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2009-3849
SHA-256 | 1d019d9bfdce65032252ae522967de2f8fc81bf13e2aab36602e9dcdf2e3924f
Rhinosoft Serv-U Session Cookie Buffer Overflow
Posted Dec 31, 2009
Authored by Megumi Yanagishita, jduck, Nikolas Rangos | Site metasploit.com

This Metasploit module exploits a buffer overflow in Rhinosoft Serv-U 9.0.0.5. Sending a specially crafted POST request with an overly long session cookie string, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | 69483ee7992ff6f4b2b2ef96e0c967c2db4973dbbf9ad4391f544ad1b0cd3449
HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication SEH Overflow
Posted Dec 31, 2009
Authored by Mati Aharoni, bannedit | Site metasploit.com

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager versions 7.53 and earlier. Specifically this vulnerability is caused by a failure to properly handle user supplied input within the HTTP request including headers and the actual URL GET request. Exploitation is tricky due to character restrictions. It was necessary to utilize a egghunter shellcode which was alphanumeric encoded by muts in the original exploit. If you plan on using exploit this for a remote shell, you will likely want to migrate to a different process as soon as possible. Any connections get reset after a short period of time. This is probably some timeout handling code that causes this.

tags | exploit, remote, web, overflow, shell, shellcode
advisories | CVE-2008-1697
SHA-256 | 3dc7da1a36dedf13ddf7ea5539aaac3f51e4cbdb8ecfab2652405871dd1aca71
Hewlett-Packard Power Manager Administration Buffer Overflow.
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Hewlett-Packard Power Manager 4.2. Sending a specially crafted POST request with an overly long Login string, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2009-2685
SHA-256 | 760a5e0c428e0ee8a5ed03674f016766c57a65eb426311bb765728b2278567af
HTTPDX tolog() Function Format String Vulnerability
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

This Metasploit module exploits a format string vulnerability in HTTPDX FTP server. By sending an specially crafted FTP command containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'moderator' user via FTP.

tags | exploit, web, arbitrary
SHA-256 | 931d50dd9d1e55c8f607f4660c7aa3557cc6af19452ebf2580cf70d48421a3ee
HTTPDX tolog() Function Format String Vulnerability
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

This Metasploit module exploits a format string vulnerability in HTTPDX HTTP server. By sending an specially crafted HTTP request containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'moderator' user via FTP.

tags | exploit, web, arbitrary
SHA-256 | 5e82425ca633c611eb005775846af3b61ea0104b3a119879e7ff8046db79d936
InterSystems Cache UtilConfigHome.csp Argument Buffer Overflow
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in InterSystems Cache 2009.1. By sending a specially crafted GET request, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | 988f9f88e5e33fbde5236fcf17ff809a247b6a13a13022ecc22b600d876060d6
HP OpenView Network Node Manager OpenView5.exe CGI Buffer Overflow
Posted Dec 31, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2007-6204
SHA-256 | 66583a0594555d5fbb4ef434ba4d8cbbf81f63ce0361f95c46aa5ece2a9e0693
HT-MP3Player 1.0 HT3 File Parsing Buffer Overflow
Posted Dec 31, 2009
Authored by His0k4, hack4love, jduck | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HT-MP3Player 1.0. Arbitrary code execution could occur when parsing a specially crafted .HT3 file. NOTE: The player installation does not register the file type to be handled. Therefore, a user must take extra steps to load this file.

tags | exploit, overflow, arbitrary, code execution
advisories | CVE-2009-2485
SHA-256 | 93c3719a58f1c3f72ff27596e136d037fd1436d92c5834b6f8a0c7ed3b2353b0
Adobe Illustrator CS4 v14.0.0
Posted Dec 31, 2009
Authored by Nine:Situations:Group::pyrokinesis, dookie | Site metasploit.com

Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit

tags | exploit, overflow
advisories | CVE-2009-4195
SHA-256 | fa7d623818aa870797cedbdfe793f36edde2119163f962043b50da8da39732e1
IDEAL Administration 2009 Buffer Overflow
Posted Dec 31, 2009
Authored by Dr_IDE, dookie | Site metasploit.com

This Metasploit module exploits a stack overflow in IDEAL Administration v9.7. By creating a specially crafted ipj file, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | 671e32b58eafc179c66a2c75065bd9266308aadcc36d69ae7c4a2f035130544f
ProShow Gold v4.0.2549 (PSH File) Stack Buffer Overflow
Posted Dec 31, 2009
Authored by jduck | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in ProShow Gold v4.0.2549. An attacker must send the file to victim and the victim must open the file.

tags | exploit, overflow
advisories | CVE-2009-3214
SHA-256 | cbe13148a58c488ccf7971b10d00768ebab0881172175b2ca34f1eebc44f7a4a
Audio Workstation 6.4.2.4.3 pls Buffer Overflow
Posted Dec 31, 2009
Authored by germaya_x, dookie | Site metasploit.com

This Metasploit module exploits a buffer overflow in Audio Workstation 6.4.2.4.3. When opening a malicious pls file with the Audio Workstation, a remote attacker could overflow a buffer and execute arbitrary code.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2009-0476
SHA-256 | d9f34d3ca724495af9e1703e2053bf024bceb6935e3dacafc2b68f298b46fb9a
HTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit
Posted Dec 31, 2009
Authored by bratax, jduck | Site metasploit.com

This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74. By creating a specially crafted hhp file, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2006-0564
SHA-256 | d8999e37ae0660f6d0ccb78297cd00f678139931f395ba7c381dff454cfdddd2
Page 3 of 24
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Why Does The US Want To ban TikTok, And When Could It Happen?
Posted Mar 15, 2024

tags | headline, government, usa, china, cyberwar, spyware, social
Discontinued Security Plugins Expose Many WordPress Sites To Takeover
Posted Mar 15, 2024

tags | headline, hacker, flaw, wordpress
Member Of LockBit Ransomware Group Sentenced To 4 Years In Prison
Posted Mar 15, 2024

tags | headline, malware, canada, russia, cybercrime, fraud, cryptography
Banish OEM Self-Signed Certs And Roll Your Own LetsEncrypt
Posted Mar 15, 2024

tags | headline, privacy, cryptography
Cop Shop Rapped For Completely Avoidable Web Form Blunder
Posted Mar 15, 2024

tags | headline, government, privacy, britain, data loss
Cisco Patches High Severity IOS RX Vulnerabilities
Posted Mar 14, 2024

tags | headline, flaw, patch, cisco
RedLine Malware Top Credential Stealer Of Last 6 Months
Posted Mar 14, 2024

tags | headline, hacker, malware, cybercrime, data loss, password, identity theft
Meta Sues Brazenly Disloyal Former Exec Over Stolen Confidential Docs
Posted Mar 14, 2024

tags | headline, data loss, fraud, facebook
Poking Holes In Google Tech Bagged Bug Hunters $10M
Posted Mar 14, 2024

tags | headline, hacker, flaw, google
US Congress Goes Bang, Bang, On Tik-Tok Sale Or Ban Plan
Posted Mar 14, 2024

tags | headline, government, privacy, usa, china, cyberwar, spyware, social
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close