what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files from Trancer

Email addressmtrancer at gmail.com
First Active2009-02-25
Last Active2010-10-01
Trend Micro Internet Security Pro 2010 ActiveX extSetOwner() Remote Code Execution
Posted Oct 1, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. When sending an invalid pointer to the extSetOwner() function of UfPBCtrl.dll an attacker may be able to execute arbitrary code.

tags | exploit, remote, arbitrary, code execution, activex
advisories | CVE-2010-3189
MD5 | f0527cd0b6ef2cbe5f80f07f5f209ee6
Novell iPrint Client ActiveX Control call-back-url Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-1527
MD5 | 80269d9e5705e85962cc7e26d8957a01
Novell iPrint Client ActiveX Control debug Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.40. When sending an overly long string to the 'debug' parameter in ExecuteRequest() property of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-3106
MD5 | 4c82e48d18c60cbb339bae8863c7b2e3
Internet Explorer DTHML Behaviors Use After Free
Posted Apr 1, 2010
Authored by Nanika, Trancer | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability within the DTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from Microsoft's suggested workaround to block access to the iepeers.dll file. According to Nico Waisman, "The bug itself is when trying to persist an object using the setAttribute, which end up calling VariantChangeTypeEx with both the source and the destination being the same variant. So if you send as a variant an IDISPATCH the algorythm will try to do a VariantClear of the destination before using it. This will end up on a call to PlainRelease which decref the reference and clean the object." NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.

tags | exploit
advisories | CVE-2010-0806
MD5 | 499222317361c6b4495867bed56de302
Microsoft Internet Explorer iepeers.dll Use After Free
Posted Mar 11, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.

tags | exploit
advisories | CVE-2010-0806
MD5 | 148df6b886dc2dbed56a1580848c30f7
South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation
Posted Jan 27, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a privilege escalation vulnerability in South River Technologies WebDrive. Due to an empty security descriptor, a local attacker can gain elevated privileges. Tested on South River Technologies WebDrive 9.02 build 2232 on Microsoft Windows XP SP3.

tags | exploit, local
systems | windows, xp
advisories | CVE-2009-4606
MD5 | 8dd714881e063e08a7412de5262a9a84
AOL 9.5 Phobos.Playlist Import() Stack-based Buffer Overflow
Posted Jan 26, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow within Phobos.dll of AOL 9.5. By setting an overly long value to 'Import()', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | 7c391b1026feefd4187822cacfc9f40e
cPanel HTTP Response Splitting
Posted Jan 22, 2010
Authored by Trancer

cPanel and WHM versions 11.25 (up to build 42174) allows CR injection that can be leveraged for HTTP response splitting attacks.

tags | exploit, web
MD5 | 79d336770936e7a83a8fd0673d0137e4
AwingSoft Winds3D Player SceneURL Buffer Overflow
Posted Dec 31, 2009
Authored by shinnai, Trancer, jduck | Site metasploit.com

This Metasploit module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x (WindsPly.ocx v3.6.0.0). This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
MD5 | 6977698db9b53be800c84623cf31a3e0
AOL Radio AmpX ActiveX Control ConvertFile() Buffer Overflow
Posted Nov 26, 2009
Authored by rgod, Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in AOL IWinAmpActiveX class (AmpX.dll) version 2.4.0.6 installed via AOL Radio website. By setting an overly long value to 'ConvertFile()', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
MD5 | d4dc59c45b216b5b0e5026124d44c045
Autodesk IDrop ActiveX Control Heap Memory Corruption
Posted Nov 26, 2009
Authored by Elazar Broad, Trancer | Site metasploit.com

This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.

tags | exploit, arbitrary, activex
MD5 | 8ffa620ce9eba17109acaff64cef9690
HP Mercury Quality Center ActiveX Control ProgColor Buffer Overflow
Posted Nov 26, 2009
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 installed by TestDirector (TD) for Hewlett-Packard Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32. By setting an overly long value to 'ProgColor', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-1819
MD5 | 236739259c5f6f007c26b83d0392dadc
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
Posted Nov 26, 2009
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow (BDATuner.MPEG2TuneRequest). By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option (otherwise randomized) - I)ruid

tags | exploit, overflow, arbitrary
advisories | CVE-2008-0015
MD5 | 9b9d26e9a03bbef70db82e706671e334
Roxio CinePlayer ActiveX Control Buffer Overflow
Posted Nov 26, 2009
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in SonicPlayer ActiveX control (SonicMediaPlayer.dll) 3.0.0.1 installed by Roxio CinePlayer 3.2. By setting an overly long value to 'DiskType', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-1559
MD5 | d702dd32e39d1ef28a59dd49e3fb415b
HTTPDX h_handlepeer() Buffer Overflow
Posted Oct 16, 2009
Authored by Trancer, Pankaj Kohli | Site rec-sec.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in HTTPDX HTTP server 1.4. The vulnerability is caused due to a boundary error within the "h_handlepeer()" function in http.cpp. By sending an overly long HTTP request, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, web, overflow, arbitrary
MD5 | 8f618cb9fb2dae93b8a74aa7b8a6060c
VideoLAN VLC Media Player 0.9.9 Buffer Overflow
Posted Jun 29, 2009
Authored by Trancer | Site rec-sec.com

VideoLAN VLC Media Player version 0.9.9 smb:// URI stack-based buffer overflow proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
MD5 | 1a78efcafeb904f56602e1a7c35f7432
Green Dam URL Processing Buffer Overflow
Posted Jun 16, 2009
Authored by Trancer | Site rec-sec.com

This Metasploit module exploits a stack-based buffer overflow in Green Dam Youth Escort version 3.17 in the way it handles overly long URLs. By setting an overly long URL, an attacker can overrun a buffer and execute arbitrary code. This module uses the .NET DLL memory technique by Alexander Sotirov and Mark Dowd and should bypass DEP, NX and ASLR.

tags | exploit, overflow, arbitrary
MD5 | 5a08d81c955f53de749118fe4a316053
Apple Safari 4 Beta feeds: Denial Of Service
Posted Feb 25, 2009
Authored by Trancer | Site rec-sec.com

Apple Safari 4 Beta suffers from a NULL pointer dereference denial of service vulnerability in relation to the feeds handler.

tags | exploit, denial of service
systems | apple
MD5 | 98cd703c8438842d1dc0253a63fbce50
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    9 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close