exploit the possibilities
Showing 1 - 25 of 218 RSS Feed

Files from MC

First Active2009-10-27
Last Active2016-02-03
Oracle 9i XDB FTP Pass Overflow
Posted Feb 3, 2016
Authored by MC, Tom Ryans

Oracle 9i XDB FTP PASS overflow for win32. Ported to python from the oracle9i_xdb_ftp_pass.rb exploit.

tags | exploit, overflow, python
systems | windows
advisories | CVE-2003-0727, OSVDB-2449
SHA-256 | c76afb229ccd6ac3298763a1ff4cafc65db00bf77e00f2bd1bfe8a4dfe743f28
Interactive Graphical SCADA System Remote Command Injection
Posted Oct 22, 2013
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands.

tags | exploit, arbitrary
advisories | CVE-2011-1566, OSVDB-72349
SHA-256 | a7114479b9ce7f63393a233814fca94f23890b35fff1a4000dbd132da087dd09
CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow
Posted Sep 20, 2013
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | OSVDB-68330
SHA-256 | 9e93281c5a99b1786fc2fabf26e8375d1877b9b8ef741951fae3d0bad9d2039c
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
Posted Oct 4, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.

tags | exploit, arbitrary, sql injection
advisories | CVE-2011-1653, OSVDB-74968
SHA-256 | 59f34d37d37b405a3dd87eeca325a737d7f8ec08d171027a83a944479ce1cfcd
Apple QuickTime PICT PnSize Buffer Overflow
Posted Sep 4, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary
systems | apple
advisories | CVE-2011-0257
SHA-256 | d5a669e1cbe9fc32e390511a50ad2d982a0384474455021a3f0a09566e1a4261
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
Posted Aug 21, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0

tags | exploit, arbitrary, php, bypass
advisories | CVE-2010-0904
SHA-256 | a6b9f81b959d5734b4b0566c794ef98effe3e6416939923022fc0bcd168099f4
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
Posted Aug 21, 2011
Authored by MC | Site metasploit.com

Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.

tags | exploit, remote
advisories | CVE-2009-1429, OSVDB-54157
SHA-256 | 95f14312377294847b6443cafaea422eaf213f3a09cd52c6d7c601bcebfb6aee
Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution
Posted Aug 21, 2011
Authored by MC | Site metasploit.com

Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.

tags | exploit, remote
advisories | OSVDB-66807
SHA-256 | 232e78f8e6e5a5694a725d2f5a4b7ce93a4095155e0009240604e9174b7559f1
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
Posted Jul 16, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2008-0067, OSVDB-53222
SHA-256 | 39aebaad8a45d97708b4f70fca83c568747d3a648e8d0349db79003d4c8c1d8e
HP OmniInet.exe Opcode 27 Buffer Overflow
Posted Jul 2, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2011-1865
SHA-256 | eb9d10b903164f2c90c26f542dab7d1cc131c1e19ce94207df65fcf05ff64db7
RealWin SCADA Server DATAC Login Buffer Overflow
Posted Jun 23, 2011
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | eefc2e2dd1a8e6e3d6bbd51968ba293d8582140300ddd65d9a563690a5bf114b
Sielco Sistemi Winlog Buffer Overflow
Posted Jun 23, 2011
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sielco Sistem Winlog <= 2.07.00. When sending a specially formatted packet to the Runtime.exe service, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2011-0517, OSVDB-70418
SHA-256 | ad560ed7c2b5c2b085b3af27e95252ee83dd229a20d5349ee20068a8929d360f
DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
Posted Jun 20, 2011
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a vulnerability found in DATAC Control International RealWin SCADA Server 2.1 and below. By supplying a specially crafted On_FC_BINFILE_FCS_*FILE packet via port 910, RealWin will try to create a file (which would be saved to C:\Program Files\DATAC\Real Win\RW-version\filename) by first copying the user-supplied filename with a inline memcpy routine without proper bounds checking, which results a stack-based buffer overflow, allowing arbitrary remote code execution. Tested version: 2.0 (Build 6.1.8.10).

tags | exploit, remote, overflow, arbitrary, code execution
SHA-256 | 03bf98284439d992c47fe1e2bec66c01c8f4a83ae33e20afd12558dba1c061a7
EMC HomeBase Server Directory Traversal Remote Code Execution
Posted Apr 28, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a directory traversal and remote code execution flaw in EMC HomeBase Server 6.3.0. Note: This Metasploit module has only been tested against Windows XP SP3 and Windows 2003 SP2.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2010-0620
SHA-256 | e1157c518d84a4ffe3868bae4edb8772e80255a4824a34ca07799e7a7f517728
Microsoft Word Record Parsing Buffer Overflow
Posted Apr 17, 2011
Authored by MC, Andrew King | Site metasploit.com

This Metasploit module exploits a record parsing vulnerability in Microsoft Word. The Microsoft advisory detailing this issue is MS-09-027.

tags | exploit, overflow
advisories | CVE-2009-0565, OSVDB-54960
SHA-256 | 1ded3e2e88389357c74dfff95913dc140e9106025d3676e663967a157f6a57af
HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow
Posted Mar 25, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted Hostname parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1555, OSVDB-64976
SHA-256 | 02e35aef4d2704a877aaa34534a7c31d092c5935e1f8e3a97604db506cae3315
HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow
Posted Mar 24, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted ICount parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1554
SHA-256 | 4c22f86bdf3b46260576ea5cf66c91a1e70361023d657dd8cabdade506e19c3c
HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
Posted Mar 24, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted MaxAge parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1553
SHA-256 | 80ff73419a7cd13d7e21eb8ec7e33cd16805fe4f27fb6954c76a5d837fa3bf7f
HP OpenView Performance Insight Server Backdoor Account Code Execution
Posted Mar 16, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.

tags | exploit, java, arbitrary
advisories | CVE-2011-0276, OSVDB-70754
SHA-256 | 050081861cf9f50a5ad646217b0778ac53503dda9e87c16307c0f9afee856b4c
Microsoft WMI Administration Tools ActiveX Buffer Overflow
Posted Dec 22, 2010
Authored by MC, jduck, WooYun | Site metasploit.com

This Metasploit module exploits a memory trust issue in the Microsoft WMI Administration tools ActiveX control. When processing a specially crafted HTML page, the WEBSingleView.ocx ActiveX Control (1.50.1131.0) will treat the 'lCtxHandle' parameter to the 'AddContextRef' and 'ReleaseContext' methods as a trusted pointer. It makes an indirect call via this pointer which leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions.

tags | exploit, arbitrary, code execution, activex
systems | windows
advisories | OSVDB-69942
SHA-256 | 2fbd749099ccbb1eb6187af91f72d8f6bdafd96cce71ee281207ddc8baca9110
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
Posted Dec 3, 2010
Authored by MC | Site metasploit.com

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).

tags | exploit, remote, arbitrary, activex
advisories | CVE-2008-4830, OSVDB-53680
SHA-256 | c028aa1aba49bcdf2f915cc27582fb2f1fa7090e144741d9f3a5d81e7227f5a8
ProFTPD-1.3.3c Backdoor Command Execution
Posted Dec 3, 2010
Authored by MC, darkharper2 | Site metasploit.com

This Metasploit module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010.

tags | exploit
SHA-256 | 17094d8d6cc795f560232204708dd66d83a3dfa1fbf4de49a332bb625e731aef
DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
Posted Nov 24, 2010
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10). By sending a specially crafted packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-4142, OSVDB-68812
SHA-256 | b59d9a1f23c5626c6efa73bf36caa496b08cb3ed11b9c2ff88e058916f50b1c6
DATAC RealWin SCADA Server Buffer Overflow
Posted Nov 19, 2010
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10). By sending a specially crafted packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | e57bb6121457517c53d2597e5f16074557b9196d59670db5966120b5bff8d475
FreeNAS exec_raw.php Arbitrary Command Execution
Posted Nov 19, 2010
Authored by MC | Site metasploit.com

This Metasploit module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL to the exec_raw.php page, an attacker may be able to execute arbitrary commands. NOTE: This Metasploit module works best with php/meterpreter payloads.

tags | exploit, arbitrary, php
SHA-256 | 13b5f4e61c7a060d9336946021f180e27222fd5a2afded6ea947cf8bd1fd5ed1
Page 1 of 9
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close