accept no compromises
Showing 1 - 25 of 218 RSS Feed

Files from MC

First Active2009-10-27
Last Active2016-02-03
Oracle 9i XDB FTP Pass Overflow
Posted Feb 3, 2016
Authored by MC, Tom Ryans

Oracle 9i XDB FTP PASS overflow for win32. Ported to python from the oracle9i_xdb_ftp_pass.rb exploit.

tags | exploit, overflow, python
systems | windows
advisories | CVE-2003-0727, OSVDB-2449
MD5 | c9100f7f6b673af76fc1c9cdb47b8cdb
Interactive Graphical SCADA System Remote Command Injection
Posted Oct 22, 2013
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands.

tags | exploit, arbitrary
advisories | CVE-2011-1566, OSVDB-72349
MD5 | 957d58c0bd2c4b7ec8e294ec074c2c8c
CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow
Posted Sep 20, 2013
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | OSVDB-68330
MD5 | 79d49a3ee66b72970958f4f53c0d1b48
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
Posted Oct 4, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.

tags | exploit, arbitrary, sql injection
advisories | CVE-2011-1653, OSVDB-74968
MD5 | 6a356255e93f9eb4c38b4f05b060dede
Apple QuickTime PICT PnSize Buffer Overflow
Posted Sep 4, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary
systems | apple
advisories | CVE-2011-0257
MD5 | 7e8711b1c6dae7d66e30da3e52d30f72
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
Posted Aug 21, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0

tags | exploit, arbitrary, php, bypass
advisories | CVE-2010-0904
MD5 | 347fa8d74042f069a62d38f13d33152b
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
Posted Aug 21, 2011
Authored by MC | Site metasploit.com

Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.

tags | exploit, remote
advisories | CVE-2009-1429, OSVDB-54157
MD5 | f4e352c1144ca95a02e4633cadc61e96
Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution
Posted Aug 21, 2011
Authored by MC | Site metasploit.com

Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.

tags | exploit, remote
advisories | OSVDB-66807
MD5 | f17737a77e7c660995e0f6a922671882
HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow
Posted Jul 16, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2008-0067, OSVDB-53222
MD5 | 1f41176251557dfc0d1185653a49b2e6
HP OmniInet.exe Opcode 27 Buffer Overflow
Posted Jul 2, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2011-1865
MD5 | 84c3bef985fb6bcf369e9319c62fe222
RealWin SCADA Server DATAC Login Buffer Overflow
Posted Jun 23, 2011
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | 6633b12aa18a4697b9c55dd9371b204a
Sielco Sistemi Winlog Buffer Overflow
Posted Jun 23, 2011
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sielco Sistem Winlog <= 2.07.00. When sending a specially formatted packet to the Runtime.exe service, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2011-0517, OSVDB-70418
MD5 | f083b8537a12368517bc2d81de171d52
DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
Posted Jun 20, 2011
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a vulnerability found in DATAC Control International RealWin SCADA Server 2.1 and below. By supplying a specially crafted On_FC_BINFILE_FCS_*FILE packet via port 910, RealWin will try to create a file (which would be saved to C:\Program Files\DATAC\Real Win\RW-version\filename) by first copying the user-supplied filename with a inline memcpy routine without proper bounds checking, which results a stack-based buffer overflow, allowing arbitrary remote code execution. Tested version: 2.0 (Build 6.1.8.10).

tags | exploit, remote, overflow, arbitrary, code execution
MD5 | 005a85c098def3da5120c20ac4f1c492
EMC HomeBase Server Directory Traversal Remote Code Execution
Posted Apr 28, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a directory traversal and remote code execution flaw in EMC HomeBase Server 6.3.0. Note: This Metasploit module has only been tested against Windows XP SP3 and Windows 2003 SP2.

tags | exploit, remote, code execution
systems | windows, xp
advisories | CVE-2010-0620
MD5 | 665a99f652864b621a656a91306656af
Microsoft Word Record Parsing Buffer Overflow
Posted Apr 17, 2011
Authored by MC, Andrew King | Site metasploit.com

This Metasploit module exploits a record parsing vulnerability in Microsoft Word. The Microsoft advisory detailing this issue is MS-09-027.

tags | exploit, overflow
advisories | CVE-2009-0565, OSVDB-54960
MD5 | f68fd8457f9790470fbdad477d42b9a6
HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow
Posted Mar 25, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted Hostname parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1555, OSVDB-64976
MD5 | 6db126182cecfe4e72e62fd877200199
HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow
Posted Mar 24, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted ICount parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1554
MD5 | 6bca88fc68fdb05750bedbf8007faa1c
HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
Posted Mar 24, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted MaxAge parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2010-1553
MD5 | 903fc0d5ac3e1bc95f9b52339ebc0a9c
HP OpenView Performance Insight Server Backdoor Account Code Execution
Posted Mar 16, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.

tags | exploit, java, arbitrary
advisories | CVE-2011-0276, OSVDB-70754
MD5 | 94a0b60eb2a007fd92a50e19d32074b6
Microsoft WMI Administration Tools ActiveX Buffer Overflow
Posted Dec 22, 2010
Authored by MC, jduck, WooYun | Site metasploit.com

This Metasploit module exploits a memory trust issue in the Microsoft WMI Administration tools ActiveX control. When processing a specially crafted HTML page, the WEBSingleView.ocx ActiveX Control (1.50.1131.0) will treat the 'lCtxHandle' parameter to the 'AddContextRef' and 'ReleaseContext' methods as a trusted pointer. It makes an indirect call via this pointer which leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions.

tags | exploit, arbitrary, code execution, activex
systems | windows
advisories | OSVDB-69942
MD5 | 00b95a388e803290f5b2475e02b2e673
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
Posted Dec 3, 2010
Authored by MC | Site metasploit.com

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).

tags | exploit, remote, arbitrary, activex
advisories | CVE-2008-4830, OSVDB-53680
MD5 | 20da1196f22ba2ee56b1bcd34e2ed22f
ProFTPD-1.3.3c Backdoor Command Execution
Posted Dec 3, 2010
Authored by MC, darkharper2 | Site metasploit.com

This Metasploit module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010.

tags | exploit
MD5 | d21e4905629c6bbe53f36454070c1661
DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
Posted Nov 24, 2010
Authored by Luigi Auriemma, MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10). By sending a specially crafted packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-4142, OSVDB-68812
MD5 | d493a7806336eec108f306948e2815f3
DATAC RealWin SCADA Server Buffer Overflow
Posted Nov 19, 2010
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.1.8.10). By sending a specially crafted packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | a9af290a64abcf7e7c27f3cc405014e4
FreeNAS exec_raw.php Arbitrary Command Execution
Posted Nov 19, 2010
Authored by MC | Site metasploit.com

This Metasploit module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 < rev.5543. When passing a specially formatted URL to the exec_raw.php page, an attacker may be able to execute arbitrary commands. NOTE: This Metasploit module works best with php/meterpreter payloads.

tags | exploit, arbitrary, php
MD5 | 14235d4f1a25d649dc9c4b1d5b2cd5f3
Page 1 of 9
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close