exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 613 RSS Feed

Files from Luigi Auriemma

Email addressaluigi at autistici.org
First Active2003-04-05
Last Active2015-03-06
Nvidia Mental Ray Satellite Service Arbitrary DLL Injection
Posted Mar 6, 2015
Authored by Luigi Auriemma, Donato Ferrante | Site metasploit.com

The Nvidia Mental Ray Satellite Service listens for control commands on port 7414. When it receives the command to load a DLL (via an UNC path) it will try to connect back to the host on port 7514. If a TCP connection is successful it will then attempt to load the DLL. This Metasploit module has been tested successfully on Win7 x64 with Nvidia Mental Ray Satellite Service v3.11.1.

tags | exploit, tcp
SHA-256 | d20a1acb01b0356c8f7a9dfb93f9f6c186f8a9c91ae2ee919bd91f597ae8afef
Owning Render Farms Via NVIDIA Mental Ray
Posted Dec 10, 2013
Authored by Luigi Auriemma, Donato Ferrante

This paper details a vulnerability affecting NVIDIA mental ray, which allows an attacker to take control over a mental ray based render farm.

tags | paper
SHA-256 | 775f48d6630d6aac147c8f09fc15e01a82cf693584d38a901be40b58fff0f320
Interactive Graphical SCADA System Remote Command Injection
Posted Oct 22, 2013
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands.

tags | exploit, arbitrary
advisories | CVE-2011-1566, OSVDB-72349
SHA-256 | a7114479b9ce7f63393a233814fca94f23890b35fff1a4000dbd132da087dd09
Microsoft Windows 98/ME/2000/XP/2003 HTML Help File Hijack
Posted Jul 5, 2013
Authored by Luigi Auriemma, Eduardo Braun Prado

Multiple Microsoft Windows 98/ME/2000/XP/2003 HTML Help file loading hijack vulnerabilities exist. Proof of concept included.

tags | exploit, vulnerability, proof of concept
systems | linux, windows
SHA-256 | 84465488b511cd9a9bc47e5238c9e17dffafd6132f7761481d27a835c68d1123
Game Engines: A 0-Day's Tale
Posted May 20, 2013
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

This paper details several issues affecting different game engines. All the vulnerabilities discussed in this paper are 0-days, at time of writing. This paper has been released as a companion paper along with the authors' talk Exploiting Game Engines For Fun And Profit presented at the NoSuchCon conference.

tags | paper, remote, local, vulnerability
SHA-256 | d6ecd8f4c602a765dcc75745f021e2021968f2607ffd8bafed3a506e1bda08ed
Exploiting Game Engines For Fun and Profit
Posted May 19, 2013
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

This presentation discusses what to look for and how to go about exploiting game engines.

tags | paper
SHA-256 | 19c17c8c8f9f909e61f6f1dc27550abd5f28f40ed4090d437df048b0efb363af
EA Origin Insecurity
Posted Mar 18, 2013
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

In this paper the authors uncover and demonstrate an interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known EA Origin platform as an attack vector against remote systems. The attack proposed in this paper is similar to the attack targeting the Steam platform that they detailed in their previous research. The Origin attack detailed in this paper affects more than 40 million Origin users.

tags | advisory, remote, local, vulnerability
SHA-256 | 49def0264cec468ffef03ccdced1ff431068dffff126aca570d55caf707dd49f
Call Of Duty: Modern Warfare 3 NULL Pointer Dereference
Posted Nov 14, 2012
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

This paper describes a pre-auth server-side NULL pointer dereference vulnerability in Call Of Duty: Modern Warfare 3, which is due to an issue related to the DemonWare6 query packets. This vulnerability can be exploited to perform Denial of Service (DoS) attacks against game servers.

tags | advisory, denial of service
SHA-256 | 1db66d6df1c094eebc40c0809e56c80069be073ae8a823feafea42632a3104da
HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
Posted Oct 28, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent for Windows. The vulnerability exists in the HP Software Performance Core Program component (coda.exe) when parsing requests for the 0x8c opcode. This Metasploit module has been tested successfully on HP Operations Agent 11.00 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass). The coda.exe components runs only for localhost by default, network access must be granted through its configuration to be remotely exploitable. On the other hand it runs on a random TCP port, to make easier reconnaissance a check function is provided.

tags | exploit, overflow, tcp
systems | windows
advisories | CVE-2012-2020, OSVDB-83674
SHA-256 | b17f8aa903e5e1fb8c11edc59aa31a5d56b46b6c73d9f2b8f5465c470c2951aa
HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
Posted Oct 28, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent for Windows. The vulnerability exists in the HP Software Performance Core Program component (coda.exe) when parsing requests for the 0x34 opcode. This Metasploit module has been tested successfully on HP Operations Agent 11.00 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass). The coda.exe components runs only for localhost by default, network access must be granted through its configuration to be remotely exploitable. On the other hand it runs on a random TCP port, to make easier reconnaissance a check function is provided.

tags | exploit, overflow, tcp
systems | windows
advisories | CVE-2012-2019, OSVDB-83673
SHA-256 | 809a9aac4f2a408b3f9058799cf1083d77ec0a7e8360fb3dc6acb06f3554aeee
Steam Browser Protocol Insecurity
Posted Oct 16, 2012
Authored by Luigi Auriemma, Donato Ferrante | Site revuln.com

In this paper the authors uncover and demonstrate a novel and interesting way to convert local bugs and features in remotely exploitable security vulnerabilities by using the well known Steam3 platform as an attack vector against remote systems.

tags | paper, remote, local, vulnerability
SHA-256 | 57c4272e83ee441c391a6f412f9d691391e59e3704ad2da10b6aa6bdd6606b73
InduSoft Web Studio Arbitrary Upload Remote Code Execution
Posted Oct 4, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and authorization on the InduSoft Web Studio Remote Agent, that allows a remote attacker to write arbitrary files to the filesystem, by abusing the functions provided by the software. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of InduSoft Web Studio on Windows pre Vista. It has been successfully tested on InduSoft Web Studio 6.1 SP6 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, remote, web, arbitrary
systems | windows
advisories | CVE-2011-4051, OSVDB-77179
SHA-256 | 3fdafb054398a32fb8b23fd92f9caabbc9e00bce705897aaeb32c9f0b57d9a2a
Novell ZENworks Configuration Management Preboot Service 0x4c Buffer Overflow
Posted Jul 19, 2012
Authored by Luigi Auriemma, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x4c (PROXY_CMD_PREBOOT_TASK_INFO2) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | CVE-2011-3176, OSVDB-80231
SHA-256 | eb8d23c0d1251c7dcb0480044c6de8f7f8d9c2d7e8de5b4a78afffe09b659c78
Novell ZENworks Configuration Management Preboot Service 0x6c Buffer Overflow
Posted Jul 19, 2012
Authored by Luigi Auriemma, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | CVE-2011-3175, OSVDB-80231
SHA-256 | 7d25707a364b6e8cc80a0819d82a572cf3f8dd0815e6c1b374eaa52379c9f479
SpecView 2.5 Build 853 Directory Traversal
Posted Jun 29, 2012
Authored by Luigi Auriemma | Site aluigi.org

SpecView versions 2.5 build 853 and below suffer from a remote directory traversal vulnerability.

tags | exploit, remote
SHA-256 | 37c481c86f91ff979c1f2a14452d4bc1fc45aaf6d60f55ae0b180aa752d19d99
PowerNet Twin Client 8.9 Stack Overflow
Posted Jun 29, 2012
Authored by Luigi Auriemma | Site aluigi.org

PowerNet Twin Client versions 8.9 and below suffer from a stack overflow vulnerability.

tags | exploit, overflow
systems | linux
SHA-256 | 01ee7bdceda2abbcd11f2723950b87df2788e5314ddad8946094bb92071a21fd
Sielco Sistemi Winlog 2.07.16 Code Execution / Directory Traversal
Posted Jun 27, 2012
Authored by Luigi Auriemma | Site aluigi.org

Sielco Sistemi Winlog versions 2.07.16 and below suffer from various code execution, stack overflow, and directory traversal vulnerabilities. Proof of concept utility included.

tags | exploit, overflow, vulnerability, code execution, proof of concept
systems | linux
SHA-256 | 2c3d3186116ed66592e68144dac18e5288896dc07ba9846d20cbd79b708917db
Samsung AllShare 2.1.1.0 NULL Pointer
Posted Jun 20, 2012
Authored by Luigi Auriemma | Site aluigi.org

Samsung AllShare versions 2.1.1.0 and below suffer from a NULL pointer vulnerability. Proof of concept utility included.

tags | exploit, proof of concept
systems | linux
SHA-256 | 83cd80b6e2edbb33b8a4976ea647724003619c7fb8d84f66b2a16fcef95d2296
Microsoft Windows OLE Object File Handling Remote Code Execution
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2011-3400, OSVDB-77663
SHA-256 | 38a04eb9235c0ff6ef85f3b9bba40470be0f95a7efe95b58a475e3f84a0afc55
Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-81453
SHA-256 | 03a28d9b585a04552b2af08e30b7a0771b1cda34693418914dcb8507b373570a
RabidHamster R4 Log Entry sprintf() Buffer Overflow
Posted May 25, 2012
Authored by Luigi Auriemma, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.

tags | exploit, web, overflow, arbitrary, code execution
advisories | OSVDB-79007
SHA-256 | 9bd2fe133907afe8dae3b0872be07135e15c6152fbb081eaf7b8fefe328ad0a3
FlexNet License Server Manager lmgrd Buffer Overflow
Posted May 22, 2012
Authored by Luigi Auriemma, sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.

tags | exploit, overflow
advisories | OSVDB-81899
SHA-256 | 2d6d029945aaecc2ac0003cb91c1250f912d627ce695077b2bfbd1919c57f669
FlexNet License Server Manager 11.9.1 Stack Overflow
Posted May 13, 2012
Authored by Luigi Auriemma | Site aluigi.org

FlexNet License Server Manager versions 11.9.1 and below suffer from a stack overflow vulnerability in lmgrd. Proof of concept included.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | e1685cec49a2c9fdbef7f2df8194086852d758d0cee891a610d91b40c7e329ac
Wonderware Archestra SuiteLink Resource Consumption
Posted May 13, 2012
Authored by Luigi Auriemma | Site aluigi.org

Wonderware Archestra SuiteLink suffers from resource consumption and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
systems | linux
SHA-256 | c34e1df7a3082d619c7c03aab1d1f9f1341e2d5947161396f2bcfcb5128fa599
Pro-face Pro-Server EX 1.30.000 Memory Issues / Integer Overflow
Posted May 13, 2012
Authored by Luigi Auriemma | Site aluigi.org

Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.

tags | exploit, overflow, vulnerability, proof of concept
systems | linux
SHA-256 | 6eba0c58436511df2a7c1ddd9624d256ee11fcd20a797290f0587ece9614fe70
Page 1 of 25
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close