exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

Files from unknown

First Active1999-08-17
Last Active2022-06-08
Atlassian Confluence Namespace OGNL Injection
Posted Jun 8, 2022
Authored by unknown, Spencer McIntyre, jbaines-r7, bturner-r7 | Site metasploit.com

This Metasploit module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution.

tags | exploit
advisories | CVE-2021-26084
SHA-256 | 648d8ece02bf7d7dd92d3c2ff78f2d3824ad3f28474f3d288194a271823bc243
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
Posted Jun 17, 2021
Authored by unknown, Spencer McIntyre, wvu | Site metasploit.com

The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.

tags | exploit, code execution
systems | windows
advisories | CVE-2021-31181
SHA-256 | 5dcb06868c15ec6031a011204cbd74de26b37669890217421638293a9f77e49b
Java Applet JMX Remote Code Execution
Posted Jan 11, 2013
Authored by unknown, egypt, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier.

tags | exploit, java, arbitrary
advisories | CVE-2013-0422
SHA-256 | 4a0fb8aa0b393da39aa32b84a93368c9393fd500aac21eeb9e7f26dc757220b7
IBM Cognos tm1admsd.exe Overflow
Posted Jan 8, 2013
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.

tags | exploit, overflow
systems | windows
advisories | CVE-2012-0202, OSVDB-80876
SHA-256 | abf55a041edebfc9c10a71c63250d53ebae7935806c4ab38d15c7743ef4a47b2
Ektron 8.02 XSLT Transform Remote Code Execution
Posted Dec 5, 2012
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary code with NETWORK SERVICE privileges.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2012-5357
SHA-256 | 2dda141b54a2d9b1cc61d181c833e4fa97868dcf6a148604c0bdaeebed78af75
Java Applet JAX-WS Remote Code Execution
Posted Nov 13, 2012
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.

tags | exploit, java, arbitrary
advisories | CVE-2012-5076, OSVDB-86363
SHA-256 | 84f8085a7aae3cc5d26830a695a8c574d4ef5c13dfc3a77061731b06b87041f1
Samba SetInformationPolicy AuditEventsInfo Heap Overflow
Posted Sep 28, 2012
Authored by unknown, Blasty, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.

tags | exploit, overflow, arbitrary, root
advisories | CVE-2012-1182, OSVDB-81303
SHA-256 | 9949872fc1ebdc3a22c30908a1250ac0f492dd32e5fa7cdf09b5146958389629
Webmin /file/show.cgi Remote Command Execution
Posted Sep 17, 2012
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webim 1.580 over Ubuntu 10.04.

tags | exploit, arbitrary, cgi, root
systems | linux, ubuntu
advisories | CVE-2012-2982, OSVDB-85248
SHA-256 | d7e27005cef2dea975ee0263e61102bda3d07c173825124a4099ef2ae10c8605
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow
Posted Jun 14, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-2915, OSVDB-82001
SHA-256 | 4f39a6ba7a1c027c53d6c89df81d4f572dc43a0a4728c3bef5f6473a11849cc1
Symantec Web Gateway 5.0.2.8 Command Execution
Posted May 28, 2012
Authored by unknown, muts, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Symantec Web Gateway's HTTP service. By injecting PHP code in the access log, it is possible to load it with a directory traversal flaw, which allows remote code execution under the context of 'apache'. Please note that it may take up to several minutes to retrieve access_log, which is about the amount of time required to see a shell back.

tags | exploit, remote, web, shell, php, code execution
advisories | CVE-2012-0297
SHA-256 | 65a7306dea41b299aa10904fe0da0ef4f8feaaf8b06f2b42c12431d74226ce63
ispVM System XCF File Handling Overflow
Posted May 28, 2012
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in ispVM System 18.0.2. Due to the way ispVM handles .xcf files, it is possible to cause a buffer overflow with a specially crafted file, when a long value is supplied for the version attribute of the ispXCF tag. It results in arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-82000
SHA-256 | dd306ebaa1dbb06e60f50cd822da5c809e6e45d3a3bec14bed35322b5703fd6a
MS12-027 MSCOMCTL ActiveX Buffer Overflow
Posted Apr 25, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.

tags | exploit, overflow
advisories | CVE-2012-0158, OSVDB-81125
SHA-256 | 0b684caf70084bb5bcb079447d8379464ff2e3e928ee2d84beab044161baf6bb
pbomb.pl
Posted Aug 17, 1999
Authored by unknown

Process bomb Denial of Service attack coded in perl that is designed to open a lot of connections to a given port on a given machine. Similar in concept to octopus.c.

tags | exploit, denial of service, perl
SHA-256 | 98464ca3517df297317b71e788585acb5b4bb2d5bff27d94843777dcec440a0d
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close