what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files from Matteo Memelli

Real Nameryujin
Email addressprivate
Websitewww.offensive-security.com
First Active2008-01-09
Last Active2015-05-21
View User Profile
Windows 8.0 / 8.1 x64 TrackPopupMenu Privilege Escalation
Posted May 21, 2015
Authored by Matteo Memelli

Microsoft Windows versions 8.0 and 8.1 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058.

tags | exploit
systems | windows
advisories | CVE-2014-4113
MD5 | 7558f5dbcb1f1aad75dd4f8fd1021ff5
Symantec Endpoint Protection 11.x / 12.x Kernel Pool Overflow
Posted Aug 5, 2014
Authored by Matteo Memelli, sickness

Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability.

tags | exploit, overflow, kernel
advisories | CVE-2014-3434
MD5 | f34e94fc45f69fbf037858196c0221b6
MS11-080 AfdJoinLeaf Privilege Escalation
Posted Oct 3, 2012
Authored by Matteo Memelli, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process before restoring it's own token to avoid causing system instability.

tags | exploit, kernel, shellcode
advisories | CVE-2011-2005
MD5 | 4bb673fc92283c6a680ddea5396dce74
MS11-080 Afd.sys Privilege Escalation
Posted Nov 30, 2011
Authored by Matteo Memelli

MS11-080 privilege escalation exploit that leverages the fact that afd.sys does not properly validate user-mode input passed to kernel-mode.

tags | exploit, kernel
advisories | CVE-2011-2005
MD5 | 0834059529bbfef600c3d2569f96973b
Mozilla Firefox Array.reduceRight() Integer Overflow
Posted Oct 14, 2011
Authored by Chris Rohlf, Matteo Memelli, sinn3r, dookie2000ca, Yan Ivnitskiy | Site metasploit.com

This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2371
MD5 | 8f671993e315b396062e0dd7604ee0b8
Mozilla Firefox Integer Overflow
Posted Oct 13, 2011
Authored by Matteo Memelli

Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.

tags | exploit, overflow
advisories | CVE-2011-2371
MD5 | 0c130b815fbf67b41e790fd6a0e12dee
Internet Explorer CSS SetUserClip Memory Corruption
Posted Dec 14, 2010
Authored by Matteo Memelli, jduck, yuange1975 | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2010-3962, OSVDB-68987
MD5 | d8abe530c771ff9eb0b738f46b264236
Internet Explorer CSS Tags Memory Corruption
Posted Nov 5, 2010
Authored by Matteo Memelli, jduck, yuange1975 | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2010-3962
MD5 | a6e5a8e7e349e8c1d163c11cab6e7354
Microsoft Internet Explorer 6 / 7 / 8 Memory Corruption
Posted Nov 5, 2010
Authored by Matteo Memelli

Microsoft Internet Explorer versions 6, 7 and 8 memory corruption exploit.

tags | exploit
advisories | CVE-2010-3962
MD5 | c0d7b7b1f0ae356bc5698b97fcf5122b
Avast! 4.7 Privilege Escalation
Posted Apr 27, 2010
Authored by Matteo Memelli | Site offensive-security.com

Avast! version 4.7 aavmker4.sys local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2008-1625
MD5 | 59bb36d790d1df3eff9789dae3d73b90
PHP 6.0 Dev str_transliterate() Buffer Overflow
Posted Apr 14, 2010
Authored by Matteo Memelli | Site offensive-security.com

PHP version 6.0 Dev str_transliterate() buffer overflow exploit with NX + ASLR bypass.

tags | exploit, overflow, php
MD5 | 6b67d476c018a2d8378702759c681ff6
Novell eDirectory 8.8 SP5 iConsole Buffer Overflow
Posted Nov 17, 2009
Authored by Matteo Memelli | Site offensive-security.com

Novell eDirectory version 8.8 SP5 iConsole buffer overflow exploit. Written in Python.

tags | exploit, overflow, python
MD5 | cf22004c1535f5a71c20a730786fb8f9
HP Power Manager Administration Universal Buffer Overflow
Posted Nov 17, 2009
Authored by Matteo Memelli | Site offensive-security.com

HP Power Manager Administration universal buffer overflow exploit. Written in Python.

tags | exploit, overflow, python
advisories | CVE-2009-2685
MD5 | 2a749da727764a537ee0102d318e27e2
Apple iTunes 8.1.1.10 Buffer Overflow Exploit
Posted Jun 12, 2009
Authored by Matteo Memelli

Apple iTunes version 8.1.1.10 itms/itcp buffer overflow exploit for Microsoft Windows.

tags | exploit, overflow
systems | windows, apple
advisories | CVE-2009-0950
MD5 | c0e6b5e8ffeeb4bcadcfd33813a614f9
freesshd-sehoverflow.txt
Posted Jun 6, 2008
Authored by Matteo Memelli | Site be4mind.com

FreeSSHD version 1.2.1 post authentication remote SEH overflow exploit that spawns a shell on port 4444.

tags | exploit, remote, overflow, shell
MD5 | cc5d3e5aeddb24be40550a1ab91a6ec7
vlc-doubleshell.txt
Posted May 23, 2008
Authored by Matteo Memelli, j0rgan | Site jorgan.users.cg.yu

VLC version 0.8.6d double shell universal exploit that binds a shell to port 4444.

tags | exploit, shell
advisories | CVE-2007-6681
MD5 | bd3b9688afbdbef20352d717892f0759
antserver_exploit.py.txt
Posted Apr 15, 2008
Authored by Matteo Memelli | Site be4mind.com

BigAnt Server version 2.2 pre-auth remote SEH overflow exploit for Windows 2000 SP4 English that binds a shell to port 6080.

tags | exploit, remote, overflow, shell
systems | windows, 2k
MD5 | b9824c4e66cd826d328c6656e872640b
netwin-list.txt
Posted Mar 15, 2008
Authored by Matteo Memelli | Site be4mind.com

NetWin Surgemail version 3.8k4-4 IMAP post-auth remote LIST universal exploit that binds a shell to port 4444.

tags | exploit, remote, shell, imap
MD5 | 99b94e615985921c4d1069b2d2579afe
mdaemon-overflow.txt
Posted Mar 13, 2008
Authored by Matteo Memelli | Site be4mind.com

MDaemon IMAP server version 9.6.4 FETCH command remote buffer overflow universal exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell, imap
MD5 | 5c3dca8af2b66bd7bdccb920792c39bf
mailenable-dos.txt
Posted Mar 13, 2008
Authored by Matteo Memelli | Site be4mind.com

MailEnable SMTP server VRFY/EXPN command buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
MD5 | 34c5fb87581a48e4a55b6fae08d1af46
sami-overflow.txt
Posted Jan 9, 2008
Authored by Matteo Memelli | Site be4mind.com

Microsoft DirectX SAMI file parsing remote stack overflow exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell
MD5 | 868705bc90701375ac09387da9a96f8a
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close