This Metasploit module exploits a stack overflow in gAlan 0.2.1. By creating a specially crafted galan file, an attacker may be able to execute arbitrary code.
2e0713dab708cb8928f5ff1281dd21157fc4f28fefbc51535925ce25b30b52e8
This Metasploit module exploits a stack-based buffer overflow in Millenium MP3 Studio 2.0. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extension is registered to Millenium MP3 Studio. This functionality has not been tested in this module.
06d85f2491d1615ca33ae611b3a98c687a542e8e52b5e87ca2f1e88fad8e5e4d
This Metasploit module exploits a stack overflow in Media Jukebox 8.0.400. By creating a specially crafted m3u or pls file, an attacker may be able to execute arbitrary code.
fef83dcc625d462c8b805f2c638c713780ca2eb54695b17cff8d6771f57a07b6
This Metasploit module exploits a stack overflow in Xenorate 2.50 By creating a specially crafted xpl file, an an attacker may be able to execute arbitrary code.
55d0fc5c30e52b4fa3196de380c9ba074f6b1b00caae59fe14a607e2123f1414
This Metasploit module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
7d4d1c9d8fe1d36f17d6776c8b9cbcf05cf5f1144bc437fe3eb1909f688d2b15
This Metasploit module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
db8a3aadb83130b870e5a70ed5ba3a3aafb3ba7ade242ba5744bcd8251b74f40
This Metasploit module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
b1f8cfeb14bd0899045d104a6e8573a0f4d05407352329432a77e25d99ebb260
This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
328118791df64b5b6d6ab27dc8882d52301e5fc9ac482a046dc54015346ec0ee
This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
52cfb9936f28bcd82db14be3f1433d97ac01c53395207cf875242f47e7ad9043
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on Solaris SPARC systems that do not have the noexec stack option set. Big thanks to MC and valsmith for resolving a problem with the beta version of this module.
48fe6c9e19f75786c1b1abb6aa3114673fe6ce806ec1a7f209d21ef0aa51d85a
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.
0a81c70c55c5b626382aa3846753c3ac0bbcbc83db3ba6ea2a26b8367e01106c
This Metasploit module exploits a stack overflow in Mini-Stream 3.0.1.1 By creating a specially crafted pls file, an an attacker may be able to execute arbitrary code.
4192232f4608503f3384466b334e0ca938b1481a1a306823bf6f3b3b10595f7d
This Metasploit module exploits a stack overflow in SafeNet SoftRemote Security Policy Editor <= 10.8.5. When an attacker creates a specially formatted security policy with an overly long GROUPNAME argument, it is possible to execute arbitrary code.
893bb506f38fcf79c614bcd9b25bd833d1a8b2c40de37392ae61cd670aa1a7fc
This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74. By creating a specially crafted hhp file, an an attacker may be able to execute arbitrary code.
82e01542fb818ed7b5e9120ef5f8dd54a33c4cfbb41b7de8c7a3d88ba717a6a9
This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74 By creating a specially crafted hhp file, an an attacker may be able to execute arbitrary code.
40bdbca4a822c1c8a058b1ad97daee10c5ee39712e47900750b8a660df207251
This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This Metasploit module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes between one and 100 connection attempts to successfully obtain a shell. This exploit is *very* unreliable.
26a51fce399b6448d8c4a7690d9c8391601cf7dd1c9478bdf2b4167db5d655ee
This exploit connects to a system's modem over dialup and provides the user with a readout of the login banner.
6e01f6b1ed3484659805eb43e03eb97a23a6273485669abbe6a07c7362a7a728
This Metasploit module exploits a format string vulnerability in versions of the Washington University FTP server older than 2.6.1. By executing specially crafted SITE EXEC or SITE INDEX commands containing format specifiers, an attacker can corrupt memory and execute arbitrary code.
17811a8ac377764adfb49c164f93cdcf698df0df9d68af1e9617fc9029a4ec99
This Metasploit module exploits a flaw in the setDiffICM function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
15c0e94e60ddaf304a0db8722ab90a4346f35a28d6a122802f19e8681d79283f
This Metasploit module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
18334e64c1ccbeb5a3f96e1e9a81a3c6475589d69aefabd8ff1d29aa8ad74a99
This Metasploit modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because iTunes is multithreaded, only vfork-based payloads should be used.
3cb12bf18862a6b8d19ec162dc207e19cb5f515c8eb78c636ca9c004868e964d
This Metasploit module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
fdb0c241722cd2aa67d4eb9f05c46f52ce09ac8fae6eb7afb1cb35f20897926e
This Metasploit module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means for this exploit to work.
31bbe100ffdd2f91eaedeff7614f1752ef8f6fb3e51341837b95b2b328745b19
This Metasploit module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace().
3a2382adc10594ee42ff1bd0b49855a630ee0af65a53e90bd2f33b29bcbe9542
osCommerce is a popular open source E-Commerce application. The admin console contains a file management utility that allows administrators to upload, download, and edit files. This could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.
e74aaeea615a430a6f4a22d1a117d3048d29172d6f0b6fb720906609e397a0ff