exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

Files from muts

Email addressmuts at remote-exploit.org
First Active2004-10-27
Last Active2012-08-03
Dell SonicWALL Scrutinizer 9 SQL Injection
Posted Aug 3, 2012
Authored by muts, sinn3r, Devon Kearns | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2012-2962, OSVDB-84232
SHA-256 | 2fd37f85b3b97b8f8c3c3028dc3ce694832b09af2ec361d954d869e453380a88
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
SHA-256 | 0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Symantec Web Gateway 5.0.3.18 LFI / Command Execution
Posted Jul 24, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 local file inclusion remote root command execution exploit.

tags | exploit, remote, web, local, root, file inclusion
advisories | CVE-2012-2957
SHA-256 | 88327d0f7cbaac39c6aad31a8ef7f4b43b8d525c4c4b964adfb91854c7a37766
Symantec Web Gateway 5.0.2 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2574
SHA-256 | 6aec98e00f8daa7f3e784b9b085136fd783f41fed252a1521762a3217af9e407
Symantec Web Gateway 5.0.3.18 Blind SQL Injection
Posted Jul 23, 2012
Authored by muts

Symantec Web Gateway version 5.0.3.18 suffers from a remote blind SQL injection backdoor via MySQL triggers.

tags | exploit, remote, web, sql injection
advisories | CVE-2012-2961
SHA-256 | 33d2c7451eea8c45146663fa6330e2747966d6816d1ce83431c543d2238e56fd
Ipswitch WhatsUp Gold 15.02 XSS / SQL Injection / Command Execution
Posted Jul 22, 2012
Authored by muts

Ipswitch WhatsUp Gold version 15.02 suffers from code execution, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, xss, sql injection
advisories | CVE-2012-2601
SHA-256 | 4811003d330d6ff9fc3ea22effd0939b589f9d1a7f2a27a858dd90d7e0988596
Dell SonicWALL Scrutinizer 9.0.1 SQL Injection
Posted Jul 22, 2012
Authored by muts

Dell SonicWALL Scrutinizer version 9.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2012-2962
SHA-256 | 51f8331d268be99ec1bf0765163b49d3c86e2071fd657509a74930a28343e6f9
Symantec Web Gateway 5.0.2.8 Command Execution
Posted May 28, 2012
Authored by unknown, muts, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.

tags | exploit, remote, web, shell, php, code execution
advisories | CVE-2012-0297
SHA-256 | 65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63
Symantec Web Gateway 5.0.2 Local File Inclusion
Posted May 26, 2012
Authored by muts

Symantec Web Gateway version 5.0.2 remote local file inclusion root exploit.

tags | exploit, remote, web, local, root, file inclusion
advisories | CVE-2012-0297
SHA-256 | 1f988ae10011c9e9527aa54aee6542a4e4f221f26948b02c388b89c3b9e6db66
Solarwinds Storage Manager 5.1.0 SQL Injection
Posted May 6, 2012
Authored by muts, r@b13$, sinn3r | Site metasploit.com

This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.

tags | exploit, web, root, sql injection
advisories | OSVDB-81634
SHA-256 | f0082fe343289cee7851fb985c1987add9c8ebcb058523260ad6c25997867acf
Solarwinds Storage Manager 5.1.0 SQL Injection
Posted May 2, 2012
Authored by muts

Solarwinds Storage Manager version 5.1.0 remote SYSTEM SQL injection exploit.

tags | exploit, remote, sql injection
SHA-256 | 8721ee1a12fe6d7008415fbf1a6f1b25e326924c27b9fa0e98b01fd1e473de9f
FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution
Posted Mar 26, 2012
Authored by muts | Site metasploit.com

This Metasploit module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.

tags | exploit, remote, php, code execution
SHA-256 | 732f9a89390a847e9a30d1b733961bd71e76e38457ac805770011388b929d0cc
FreePBX 2.10.0 / Elastic 2.2.0 Remote Code Execution
Posted Mar 23, 2012
Authored by muts

FreePBX version 2.10.0 and Elastic version 2.2.0 remote root code execution exploit.

tags | exploit, remote, root, code execution
SHA-256 | 984ef9b4d46d202068534bc7c0391749912cfe24b026e014bc264260d6e0af46
Ability Server 2.34 STOR Command Stack Buffer Overflow
Posted Dec 7, 2011
Authored by muts, Dark Eagle, Peter Osterberg | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Ability Server 2.34. Ability Server fails to check input size when parsing STOR and APPE commands, which leads to a stack based buffer overflow. This plugin uses the STOR command. The vulnerability has been confirmed on version 2.34 and has also been reported in version 2.25 and 2.32. Other versions may also be affected.

tags | exploit, overflow
SHA-256 | 2f42268540b9e7a1b27be7be2665ffceb81143ab10130f7b317339dcd4c523c5
HP OmniInet.exe Opcode 20 Buffer Overflow
Posted Jul 4, 2011
Authored by muts, Oren Isacson, corelanc0d3r, sinn3r, dookie2000ca | Site metasploit.com

This Metasploit module exploits a vulnerability found in HP Data Protector's OmniInet process. By supplying a long string of data as the file path with opcode '20', a buffer overflow can occur when this data is being written on the stack where no proper bounds checking is done beforehand, which results arbitrary code execution under the context of SYSTEM. This Metasploit module is also made against systems such as Windows Server 2003 or Windows Server 2008 that have DEP and/or ASLR enabled by default.

tags | exploit, overflow, arbitrary, code execution
systems | windows
advisories | CVE-2011-1865
SHA-256 | c300d04fb3ea4183698f9badb47bedde5230f3414ad7738a1e1ab7d7e1be8221
HP Data Protector 6.11 Remote Buffer Overflow
Posted Jul 2, 2011
Authored by muts, dookie

HP Data Protector version 6.11 remote buffer overflow exploit with DEP bypass.

tags | exploit, remote, overflow
SHA-256 | 9e8e5a84de486e78b0670c124724bc4754ef8447902faec7f282f582cbf86f0c
Sun Java Web Server 7.0 u7 Denial Of Service
Posted Jul 6, 2010
Authored by muts

Sun Java Web Server version 7.0 u7 administrative interface denial of service exploit.

tags | exploit, java, web, denial of service
SHA-256 | 1f4ee03d2f21873fa85a546b82be9bb31a7253d7895c6df6f145c63406a95360
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
Posted Nov 26, 2009
Authored by H D Moore, patrick, muts, xbxice | Site metasploit.com

This is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.

tags | exploit, web
advisories | CVE-2006-5156
SHA-256 | 4e64f2bde60479894b56b37f3ca9106dbfee008011c45a3a524a30225b19046b
mcafee.pm.txt
Posted Oct 9, 2006
Authored by H D Moore, muts, xbxice | Site metasploit.com

This metasploit module is a stack overflow exploit for McAfee ePolicy Orchestrator 3.5.0 and ProtectionPilot 1.1.0. Tested on Windows 2000 SP4 and Windows 2003 SP1.

tags | exploit, overflow
systems | windows
SHA-256 | c5d4374afb7d02fcb71a301406cf46a7b08856e8634b8c4b455323de754bcf69
Epolicy3.5.0.txt
Posted Oct 4, 2006
Authored by muts | Site remote-exploit.org

McAfee ePolicy Orchestrator 3.5.0 contains a pre-authentication buffer overflow vulnerability in NAISERV.exe. Protection Pilot 1.1.0 uses the same HTTP server, and is also vulnerable.

tags | advisory, web, overflow
SHA-256 | b10041868084225e62f4a63f86c4fb4e2f49df32ae08ccc857170b2bfe9a4c39
mdaemon-user-py.txt
Posted Aug 27, 2006
Authored by muts | Site hackingdefined.com

MDaemon Pre Authentication (USER) heap overflow exploit.

tags | exploit, overflow
SHA-256 | 4f7b94833ece72e52aeb28060f38d879ff856d35732f73e066575bfd5ed1d323
globalscape_ftp_30.pm
Posted May 27, 2005
Authored by muts

GlobalScape Secure FTP server 3.0.2 Build 04.12.2005.1 buffer overflow exploit.

tags | exploit, overflow
SHA-256 | a12099d3b3073ebd5af605fee5579ffa44515664ccde164fdf6c87b1d8cf8a25
slmail5x.txt
Posted Nov 20, 2004
Authored by muts | Site whitehat.co.il

SLMail 5.x POP3 remote PASS buffer overflow exploit that binds a shell to port 4444. Tested on Windows 2000 SP4.

tags | exploit, remote, overflow, shell
systems | windows
advisories | CVE-2004-0942
SHA-256 | e52e26d43fc8281cdd86366385864d1faabe76d496cbf284434a32a5b495a1f4
mailcarrier.txt
Posted Oct 27, 2004
Authored by muts

MailCarrier 2.51 SMTP EHLO / HELO buffer overflow exploit written in python that spawns a shell on port 101 of the target machine.

tags | exploit, overflow, shell, python
SHA-256 | 9cdcfa966f1b52e3db88669267c30a79a0da90da60a10ee65048a42219f21e53
ability.c
Posted Oct 27, 2004
Authored by muts

Ability FTP server 2.34 FTP STOR buffer overflow remote exploit that spawns a shell on port 4444 upon successful exploitation.

tags | exploit, remote, overflow, shell
SHA-256 | 39dfb200bb55c2fb0fffdc3697970f7ee2ba3f62c21c2adfd4d3a5f4996de5a8
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close