all things security
Showing 1 - 11 of 11 RSS Feed

Files from skape

Email addressmmiller at hick.org
First Active2005-11-12
Last Active2017-07-15
Metasploit Example Exploit
Posted Jul 15, 2017
Authored by skape | Site metasploit.com

This exploit module illustrates how a vulnerability could be exploited in an TCP server that has a parsing bug. This is an example Metasploit module to be used for exploit development.

tags | exploit, tcp
MD5 | a051fa899bec6d0fada4a0dec3a97a8d
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
Posted Apr 15, 2010
Authored by H D Moore, Solar Eclipse, skape | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-0038
MD5 | 7f81f603a6854e3ccdd3b055f6fe853e
Remote Library Injection
Posted Jan 10, 2010
Authored by Jarkko Turkulainen, skape

Whitepaper called Remote Library Injection.

tags | paper, remote
MD5 | cb3f1792b295695d6b2604e9e521031b
AOL Instant Messenger goaway Overflow
Posted Nov 26, 2009
Authored by skape, thief | Site metasploit.com

This Metasploit module exploits a flaw in the handling of AOL Instant Messenger's 'goaway' URI handler. An attacker can execute arbitrary code by supplying a overly sized buffer as the 'message' parameter. This issue is known to affect AOL Instant Messenger 5.5.

tags | exploit, arbitrary
advisories | CVE-2004-0636
MD5 | 4fae910f9a5bd3cc5c5719545a2c7926
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
Posted Nov 26, 2009
Authored by H D Moore, skape | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-0038, CVE-2007-1765
MD5 | 894c8dd4988bc61b523bf1b4fe614257
McAfee Subscription Manager Stack Overflow
Posted Nov 26, 2009
Authored by skape | Site metasploit.com

This Metasploit module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of eEye.

tags | exploit, overflow, activex
advisories | CVE-2006-3961
MD5 | a12decca05d657650a2cc4c18d2aa4e2
MS03-020 Internet Explorer Object Type
Posted Nov 26, 2009
Authored by skape | Site metasploit.com

This Metasploit module exploits a vulnerability in Internet Explorer's handling of the OBJECT type attribute.

tags | exploit
advisories | CVE-2003-0344
MD5 | d53d57fe5e180d621413bb31c7b3f342
Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
Posted Nov 26, 2009
Authored by Alexander Sotirov, skape | Site metasploit.com

This Metasploit module exploits a heap overflow vulnerability in the KeyFrame method of the direct animation ActiveX control. This is a port of the exploit implemented by Alexander Sotirov.

tags | exploit, overflow, activex
advisories | CVE-2006-4777
MD5 | f311c947bb718b5b83a20f17370dd051
Squid NTLM Authenticate Overflow
Posted Oct 27, 2009
Authored by skape

This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.

tags | exploit, overflow
advisories | CVE-2004-0541
MD5 | 1e35db4061c87b08d4b474ab69753bdd
Mercantec Softcart CGI Overflow
Posted Oct 27, 2009
Authored by trew, skape

This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.

tags | exploit, web, overflow, arbitrary, cgi
advisories | CVE-2004-2221
MD5 | d90c8be4dea2e6e590bf5767c2ab4e57
Metasploit's Meterpreter
Posted Nov 12, 2005
Authored by skape

Whitepaper called Metasploit's Meterpreter.

tags | paper
MD5 | bb8597e6fb39c9192e41685ca481ca3c
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close