Exploit the possiblities
Showing 1 - 8 of 8 RSS Feed

Files from Andrea Micalizzi

First Active2005-08-14
Last Active2015-01-12
Lexmark MarkVision Enterprise Arbitrary File Upload
Posted Jan 12, 2015
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-8741
MD5 | cd1e925244f475f400459c44ff459365
KingScada kxClientDownload.ocx ActiveX Remote Code Execution
Posted Feb 11, 2014
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada. The ProjectURL property can be abused to download and load arbitrary DLLs from arbitrary locations, leading to arbitrary code execution, because of a dangerous usage of LoadLibrary. Due to the nature of the vulnerability, this module will work only when Protected Mode is not present or not enabled.

tags | exploit, arbitrary, code execution, activex
advisories | CVE-2013-2827
MD5 | 287d97f2652981fe694264c71eb7c221
VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload
Posted Jul 23, 2013
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in VMware vCenter Chargeback Manager, where the ImageUploadServlet servlet allows unauthenticated file upload. The files are uploaded to the /cbmui/images/ web path, where JSP code execution is allowed. The module has been tested successfully on VMware vCenter Chargeback Manager 2.0.1 on Windows 2003 SP2.

tags | exploit, web, code execution, file upload
systems | windows
advisories | CVE-2013-3520, OSVDB-94188
MD5 | 7bb909108ececb286f0a184f3191aa87
HP Managed Printing Administration jobAcct Remote Command Execution
Posted Jul 18, 2013
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 (and before). The vulnerability exists in the UploadFiles() function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory traversal and null byte injection in order to achieve arbitrary file upload.

tags | exploit, arbitrary, file upload
advisories | CVE-2011-4166, OSVDB-78015
MD5 | 971b98d962ddabcf86fc3c2bfb350b90
LANDesk Lenovo ThinkManagement Console Remote Command Execution
Posted Apr 10, 2012
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module can be used to execute a payload on LANDesk Lenovo ThinkManagement Suite 9.0.2 and 9.0.3. The payload is uploaded as an ASP script by sending a specially crafted SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx" , via a "RunAMTCommand" operation with the command '-PutUpdateFileCore' as the argument. After execution, the ASP script with the payload is deleted by sending another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx" via a "SetTaskLogByFile" operation.

tags | exploit, asp
advisories | CVE-2012-1195, CVE-2012-1196, OSVDB-79276, OSVDB-79277
MD5 | 7e622d16202980709325aec7154b625c
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
Posted Jan 18, 2012
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, arbitrary, code execution, activex
systems | windows
advisories | CVE-2011-4786
MD5 | b01ade0319dd4987b8285b4f21c4ed2e
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution
Posted Aug 21, 2011
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing via Directory Traversal attack the "saveXML" method from the "XMLSimpleAccessor" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, arbitrary, code execution, activex
systems | windows
advisories | CVE-2011-2404, OSVDB-74510
MD5 | 0b4aa11995c2049a6af2ce9d7ff49c18
nmapgui.zip
Posted Aug 14, 2005
Authored by Andrea Micalizzi | Site retrogod.altervista.org

An unofficial Win32 front-end for Fyodor's Nmap. Adds some functionalities that allow end users to take greater advantage of the tool. Allows for HTML exporting, and more.

tags | tool, scanner
systems | windows, unix
MD5 | c28ba1120dd648e3c5d6b7e81b678ca0
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close