This Metasploit module exploits a vulnerability in the coreservice.exe component of Proycon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a small buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record on the stack, allowing for unauthenticated remote code execution. Also, after the payload exits, Coreservice.exe should automatically recover.
6b02358e406abc5384ec6cc6943c4b62bf2bebc540cf1b912151572b9b5615e2FreeBSD 7.x local kernel panic exploit.
28e9421f730d7c79b7b3515bd36e9fcfd6bb27a6ab2a5cc13ad86eb678838d7eQNX version 6.4.0 bitflipped ELF binary kernel panic exploit.
67838071cfa1af9524bf3dc3ff8cf7b63e86e1c0ae90c47377b4190bfe6901eeF-PROT Antivirus version 6.2.1.4252 suffers from an infinite loop denial of service vulnerability when handling a malformed archive. Such an archive is included.
05444e36b0fa5ae6dd080db432181f4f2d2b852627e58ee2d8608e643427eb83minix version 3.1.2a suffers from a remote tty panic vulnerability.
2cb379bf741ea02c61e445ed23d0a00db8cd6e95d444521210589cf0f9150615Minix version 3.1.2a suffers from a tty panic local denial of service vulnerability.
c62bfc6a7420bf5edae1534ed45b7ed9d24b51a164f9bced3dc7394931a1f3e5Denial of service exploit for Microsoft Windows XP and Vista that uses ARP.
521d20576bef0e344d07aa66023e71bc289eb0f833d90bbd647ea744f24f7996The IBM Totalstorage ds400 comes with unpassworded root access.
942bd506a1c40530286a2a87b1e0d69ffbee5d0dfa2a936655ff74e14f898b9fFreeBSD ftruncate() DoS exploit. Causes system reboot.
d95dd783029e8b621927a0eaedae18fe266fbfc1532f3764ac0ae810567a9229FreeBSD sched_setscheduler() local denial of service exploit.
b24a5232df1bada7c8f4be20c1c63a7fcb50a5f2ab716dd460a5a898d7fa4a03FreeBSD 5.4 and 6.0 ptrace DoS exploit.
c8e8152518cb4731fedaa7dfdfdc1ac3fba3471053b6dd67d6f9611d95fb62a2Local root exploit for QNX Neutrino RTOS's phfont command. Affects QNX Neutrino RTOS version 6.2.1. Earlier versions may also be susceptible.
9bbca002dda89b554504a0ee6a50ba18b07eb0cad32ac21956c276f13c26e03bCisco AP remote denial of service exploit that makes use of maliciously crafted ARP requests.
4083da861a5b98c1c4884acb301763e04d58d02fe2ac8140746df0c0400371a0Farmers WIFE version 4.4 sp1 ftpd remote exploit that allows for system compromise.
890997b51723f28c17e0b21e78bc7cc7e3e5fb4620c3ebe70555565e6bffafc1Cisco IP Phone 7940 remote denial of service exploit that causes it to reboot.
bc6e8e57335f75baeb61ffe8ec15c3cbd077132ea32bdbb346f719d54de771dcWmapm v3.1 local exploit - Gives a shell with UID=operator in FreeBSD if compiled via ports collection, or UID=root if compiled from source on FreeBSD or Linux. Requires a valid X display.
310dae0751d751688fbae10e7aa187a1b9842453da5cc6e64fb855d8d69cffe6Remote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Tested against FreeBSD 4.8-RELEASE. Binds a shell to port 45295.
e3e547732748f7447108587f2723bccdb4db27e138cffb4956e21946879efff3Local exploit for ViRobot 2.0 that works against the FreeBSD edition. Tested against FreeBSD 4.8.
41059e552df59b7c97ce59335d8a8059d66eb278653f384fb513f884278d70fdmIRC 6.03 and below allows an attacker to misleading supply a URL that poses as one URL but leads to another by setting the color of the secondary URL to the default background color.
6b69a01535a0c67322cb56b25faa8fc7dba090f0825a3a04ed026b05cdd0462dmIRC 6.03 and below allow the ability for a remote attacker to spoof a dcc chat request in a targets client.
e563523994f9fa8795dd89183f1920def4ff07f15d1392c758656569e82a5204Local root exploit for listproc 8.2.09 written for FreeBSD.
32d29d4604081ef12675fd665f8f0a35be36d443ef66bfee3dd3ba7a3b41693dHilariously amusing and simple exploit that makes use of the fact that the cuxs binary on InterSystems Corp. Cache management system executes a binary as root without that binary having a static path.
7e9b9f1c5dc3a4b6f8a786e2d7e3b1817c0c0fd7c6899b52e1d6da8a428b2287Gkrellmd 2.1.10 remote exploit with shellcode that does kill(-1,9) then an exit. Written for Linux and tested on Slackware 9.
b973bd4af33c09c485c0b63186d2856b6559db115187b42032801bdb8afede57Gkrellmd 2.1.10 remote exploit with connect back shellcode. Tested on FreeBSD 4.8.
0484a62c7b78dd555a7a6f5e4945f1aa3126597a6351fbe10cbc505dfc097213Exploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
bdb62d798a58f673dc7a74bf9554a3a89281cc32e003b0963dceb3f6d801b45a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed