what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files from Matteo Memelli

Real Nameryujin
Email addressprivate
Websitewww.offensive-security.com
First Active2008-01-09
Last Active2015-05-21
View User Profile
Windows 8.0 / 8.1 x64 TrackPopupMenu Privilege Escalation
Posted May 21, 2015
Authored by Matteo Memelli

Microsoft Windows versions 8.0 and 8.1 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058.

tags | exploit
systems | windows
advisories | CVE-2014-4113
SHA-256 | 7d524f41ded3fbca83cd0ed3b01c95d13cab774d7a2fa4d2956447e6c0c1eed9
Symantec Endpoint Protection 11.x / 12.x Kernel Pool Overflow
Posted Aug 5, 2014
Authored by Matteo Memelli, sickness

Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability.

tags | exploit, overflow, kernel
advisories | CVE-2014-3434
SHA-256 | 4336ac24272f9e03af411eafef0734ba3a8c0d939a93fed5265bff19cf5612fe
MS11-080 AfdJoinLeaf Privilege Escalation
Posted Oct 3, 2012
Authored by Matteo Memelli, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process before restoring it's own token to avoid causing system instability.

tags | exploit, kernel, shellcode
advisories | CVE-2011-2005
SHA-256 | f6dc1203a74e12170988c31fabd455ab39d26e8231aa917f56967362c0509242
MS11-080 Afd.sys Privilege Escalation
Posted Nov 30, 2011
Authored by Matteo Memelli

MS11-080 privilege escalation exploit that leverages the fact that afd.sys does not properly validate user-mode input passed to kernel-mode.

tags | exploit, kernel
advisories | CVE-2011-2005
SHA-256 | 050ef4e20cffa5096df95d3a92d67ec15bef3ea3848cd5b8824bbec9e2cb4338
Mozilla Firefox Array.reduceRight() Integer Overflow
Posted Oct 14, 2011
Authored by Chris Rohlf, Matteo Memelli, sinn3r, dookie2000ca, Yan Ivnitskiy | Site metasploit.com

This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2371
SHA-256 | eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6
Mozilla Firefox Integer Overflow
Posted Oct 13, 2011
Authored by Matteo Memelli

Mozilla Firefox Integer Overflow | Mozilla Firefox Array.reduceRight() integer overflow exploit. James Besmertnuk has reported that this vulnerability is still present in Firefox version 9.0.1.

tags | exploit, overflow
advisories | CVE-2011-2371
SHA-256 | b0d79a9af8ab6b14c5febfcb8aae8db449fcd6cc78eecbb021905dadaa2e2e0e
Internet Explorer CSS SetUserClip Memory Corruption
Posted Dec 14, 2010
Authored by Matteo Memelli, jduck, yuange1975 | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2010-3962, OSVDB-68987
SHA-256 | c5af90428a60eae212629d6165cc2ab369c2d3111464b63c3d7505ceda36a191
Internet Explorer CSS Tags Memory Corruption
Posted Nov 5, 2010
Authored by Matteo Memelli, jduck, yuange1975 | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2010-3962
SHA-256 | b5f68cfc74a96815adebfeab5b901e1febc67c4cb41f55ca40098dbd8d7ac9ff
Microsoft Internet Explorer 6 / 7 / 8 Memory Corruption
Posted Nov 5, 2010
Authored by Matteo Memelli

Microsoft Internet Explorer versions 6, 7 and 8 memory corruption exploit.

tags | exploit
advisories | CVE-2010-3962
SHA-256 | 31684eb156a1877d3e7a41622e50d6e6c00769cce04fc282658316fb9370a72d
Avast! 4.7 Privilege Escalation
Posted Apr 27, 2010
Authored by Matteo Memelli | Site offensive-security.com

Avast! version 4.7 aavmker4.sys local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2008-1625
SHA-256 | d3bb28a2b24343c621152dc7cfb21ff4932d6710b667865b875da8570485ee90
PHP 6.0 Dev str_transliterate() Buffer Overflow
Posted Apr 14, 2010
Authored by Matteo Memelli | Site offensive-security.com

PHP version 6.0 Dev str_transliterate() buffer overflow exploit with NX + ASLR bypass.

tags | exploit, overflow, php
SHA-256 | c915cded3e7fe8ebb668fccbc01befdee1908158cb07caee201a7e6e7dab516d
Novell eDirectory 8.8 SP5 iConsole Buffer Overflow
Posted Nov 17, 2009
Authored by Matteo Memelli | Site offensive-security.com

Novell eDirectory version 8.8 SP5 iConsole buffer overflow exploit. Written in Python.

tags | exploit, overflow, python
SHA-256 | 95f50c442d3fd3dc5c31b4e796c37252f8f18b011dbce81f67724b44562c1ee0
HP Power Manager Administration Universal Buffer Overflow
Posted Nov 17, 2009
Authored by Matteo Memelli | Site offensive-security.com

HP Power Manager Administration universal buffer overflow exploit. Written in Python.

tags | exploit, overflow, python
advisories | CVE-2009-2685
SHA-256 | 337fad58366611acfcbe84f9d94f843b5856b4b86a3e3ea9b0faf759454d90c4
Apple iTunes 8.1.1.10 Buffer Overflow Exploit
Posted Jun 12, 2009
Authored by Matteo Memelli

Apple iTunes version 8.1.1.10 itms/itcp buffer overflow exploit for Microsoft Windows.

tags | exploit, overflow
systems | windows, apple
advisories | CVE-2009-0950
SHA-256 | 140b17c3410e2700b0f0b0f6aba6cda0e9899e7773db6b0f7c41bb673a524261
freesshd-sehoverflow.txt
Posted Jun 6, 2008
Authored by Matteo Memelli | Site be4mind.com

FreeSSHD version 1.2.1 post authentication remote SEH overflow exploit that spawns a shell on port 4444.

tags | exploit, remote, overflow, shell
SHA-256 | f7343d892c3d08b25b42c2fd3eed90f2a31ecb113628845c1d671d69ea95a842
vlc-doubleshell.txt
Posted May 23, 2008
Authored by Matteo Memelli, j0rgan | Site jorgan.users.cg.yu

VLC version 0.8.6d double shell universal exploit that binds a shell to port 4444.

tags | exploit, shell
advisories | CVE-2007-6681
SHA-256 | e184c134027416e686c1e5810a3cf2cb24ddf0bb94a461147657eccd217e10e2
antserver_exploit.py.txt
Posted Apr 15, 2008
Authored by Matteo Memelli | Site be4mind.com

BigAnt Server version 2.2 pre-auth remote SEH overflow exploit for Windows 2000 SP4 English that binds a shell to port 6080.

tags | exploit, remote, overflow, shell
systems | windows
SHA-256 | 686272c27038e11de7c9e4ab5049521055d0aff4cb2b0da06793f5ea631ad9aa
netwin-list.txt
Posted Mar 15, 2008
Authored by Matteo Memelli | Site be4mind.com

NetWin Surgemail version 3.8k4-4 IMAP post-auth remote LIST universal exploit that binds a shell to port 4444.

tags | exploit, remote, shell, imap
SHA-256 | 13e2fa0e22a61a07a78d0404ae1ce4d872b60e6a762cc83285b52ee831ab9f6c
mdaemon-overflow.txt
Posted Mar 13, 2008
Authored by Matteo Memelli | Site be4mind.com

MDaemon IMAP server version 9.6.4 FETCH command remote buffer overflow universal exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell, imap
SHA-256 | 46172680402d72918d7c2218e17716c08edb90bc46bac08874a8277b85c54ab2
mailenable-dos.txt
Posted Mar 13, 2008
Authored by Matteo Memelli | Site be4mind.com

MailEnable SMTP server VRFY/EXPN command buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
SHA-256 | a0705361ac29e9fb40f8aeae9a11b264b6c3114b26f03df112fc86cb7c8a608d
sami-overflow.txt
Posted Jan 9, 2008
Authored by Matteo Memelli | Site be4mind.com

Microsoft DirectX SAMI file parsing remote stack overflow exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell
SHA-256 | 891b81acd9ed28a3aeb26a4085e20322e16d833a8297675eed4861882ea54014
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close