what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files from Gary O'Leary-Steele

Email addressgaryo at sec-1.com
First Active2002-08-13
Last Active2013-01-25
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
Posted Jan 25, 2013
Authored by Gary O'Leary-Steele, Nick Blundell, Kacper Nowak | Site metasploit.com

This Metasploit module can be used to execute a payload on MoveableType (MT) that exposes a CGI script, mt-upgrade.cgi (usually at /mt/mt-upgrade.cgi), that is used during installation and updating of the platform. This allows for code injection.

tags | exploit, cgi
advisories | CVE-2012-6315, CVE-2013-0209
MD5 | c41c453aaf7b8b6c299726ebe11660bc
Splunk Search Remote Code Execution
Posted Dec 23, 2011
Authored by Gary O'Leary-Steele, juan vazquez | Site metasploit.com

This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.

tags | exploit, web, root, python
systems | linux, windows
advisories | CVE-2011-4642, OSVDB-77695
MD5 | 294cfa16c9506b36e2aaf7e1e00192ff
Splunk Remote Root Command Execution / Directory Traversal
Posted Dec 15, 2011
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 Labs performed a product security analysis of Splunk and discovered remote command execution as a privileged user, a directory traversal vulnerability, failure to protect itself from brute force attacks and information disclosure issues. Versions 4.2.2, 4.2.3 and 4.2.4 were tested. This archive contains an advisory and an exploit.

tags | exploit, remote, info disclosure
systems | linux
advisories | CVE-2011-4642, CVE-2011-4643, CVE-2011-4644
MD5 | 7e59f2dc72f57a7160906a20c3bb2ae6
unicode-fun.txt
Posted Sep 11, 2008
Authored by Gary O'Leary-Steele | Site sec-1.com

Ruby Script to generate URL encoded Unicode UTF-8 URL.

tags | web, ruby
MD5 | e24f08221794bf016d8296477ded5427
mailmarshall-password.txt
Posted Jul 18, 2007
Authored by Gary O'Leary-Steele | Site sec-1.com

The MailMarshal Spam Quarantine version 6.2.0.x HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address.

tags | advisory, web
advisories | CVE-2007-3796
MD5 | 1195fa7209354574609552bc888ef297
BTA_CensoredRelease.pdf
Posted Jul 7, 2007
Authored by Gary O'Leary-Steele | Site sec-1.com

Paper called Buffer Truncation Abuse in Microsoft SQL Server Based Applications. This paper is designed to document an attack technique Sec-1 recently adopted during the course of their application assessments.

tags | paper
MD5 | 7a82345431b0de38382f36430441fbbe
automagic.zip
Posted Nov 30, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

The Automagic SQL Injector is part of the Sec-1 Exploit Arsenal provided as part of the Applied Hacking & Intrusion Prevention training courses. In a nutshell it's an automated SQL injection tool designed to help save time on pen tests. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned.

tags | tool, scanner, sql injection
systems | unix
MD5 | e0a4e2669ec52d212d73d0864492dd78
sec-1-Collarboration.txt
Posted Oct 15, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable buffer overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.

tags | advisory, overflow
advisories | CVE-2005-1987
MD5 | 214c9052233e0677ed44775fe3507f2a
sec-1-GFI-MailSecurity.txt
Posted Oct 13, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable Buffer Overflow within the HTTP management interface of GFI MailSecurity 8.1. By sending large strings within several areas of the HTTP request (such as a large 'Host' or 'Accept' header) critical portions of memory are overwritten. Verification of this vulnerability can be achieved through the use of a HTTP fuzzer, such as @stake webproxy. Successful exploitation could allow an attacker to gain administrative control of the targeted host.

tags | advisory, web, overflow, fuzzer
MD5 | e7e879d96868a5f38533947ffba9af3d
CDObo.txt
Posted Oct 12, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Sec-1 has identified an exploitable Buffer Overflow within Collaboration Data Objects (Cdosys.dll and Cdoex.dll). The vulnerability exists when event sinks are used within Microsoft Exchange 2000 or Microsoft Mail services to parse e-mail content. Several Content Security packages were identified to be vulnerable/exploitable.

tags | advisory, overflow
advisories | CVE-2005-1987
MD5 | 90980caac6ac6153635ef2b9c186b012
rsaHeap.txt
Posted Aug 7, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

The RSA SecurID Web Agent suffers from a heap overflows. Versions 5, 5.2, and 5.3 are affected.

tags | advisory, web, overflow
MD5 | 7cd43196d1428f1b38820e869046d04d
cainAbel.txt
Posted Mar 22, 2005
Authored by Gary O'Leary-Steele | Site sec-1.com

Cain and Abel PSK sniffer version 2.65 is susceptible to a heap overflow that allows for arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
MD5 | bcf2b1c2d7d45d3df2010026d230a1ba
HelpMe2.pl
Posted Aug 13, 2002
Authored by Gary O'Leary-Steele | Site Sec-1.com

Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.2778.

tags | exploit, remote, overflow
systems | windows, 2k
MD5 | 3d9b0b9443e634977c358e53e06c4108
HelpMe.pl
Posted Aug 13, 2002
Authored by Gary O'Leary-Steele | Site Sec-1.com

Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.4272.

tags | exploit, remote, overflow
systems | windows, 2k
MD5 | 1a8e8b5b527b3d3bf230966975a8248c
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close