Exploit the possiblities
Showing 1 - 25 of 51 RSS Feed

Files from patrick

First Active1999-08-17
Last Active2015-03-24
WordPress Foxypress uploadify.php Arbitrary Code Execution
Posted Mar 24, 2015
Authored by patrick, Sammy FORGIT | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 3a487527cd2c26d67722a8add1279d90
WordPress plugin Foxypress uploadify.php Arbitrary Code Execution
Posted Jun 12, 2012
Authored by patrick, Sammy FORGIT | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | OSVDB-82652
MD5 | 8c50f2bfa40aad8ebf46982e05fc4018
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
MD5 | ef1be5ec0b7f188d6fc9c5a7adde18d7
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
MD5 | 9439cf75ff414672e154affb4b0b0e49
Webster HTTP Server GET Buffer Overflow
Posted Nov 5, 2010
Authored by patrick | Site metasploit.com

This exploits a stack buffer overflow in the Webster HTTP server. The server and source code was released within an article from the Microsoft Systems Journal in February 1996 titled "Write a Simple HTTP-based Server Using MFC and Windows Sockets".

tags | exploit, web, overflow
systems | windows
advisories | CVE-2002-2268
MD5 | ec0e6f257e84be26272f6a01ac8c01d2
Network Associates PGP KeyServer 7 LDAP Buffer Overflow
Posted Nov 5, 2010
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in the LDAP service that is part of the NAI PGP Enterprise product suite. This Metasploit module was tested against PGP KeyServer v7.0. Due to space restrictions, egghunter is used to find our payload - therefore you may wish to adjust WfsDelay.

tags | exploit, overflow
advisories | CVE-2001-1320
MD5 | 56e8f29c086409858d6151ec98c71a7e
Amlibweb NetOpacs webquery.dll Stack Overflow
Posted Aug 5, 2010
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in Amlib's Amlibweb Library Management System (NetOpacs). The webquery.dll API is available through IIS requests. By specifying an overly long string to the 'app' parameter, SeH can be reliably overwritten allowing for arbitrary remote code execution. In addition, it is possible to overwrite EIP by specifying an arbitrary parameter name with an '=' terminator.

tags | exploit, remote, overflow, arbitrary, code execution
MD5 | f2cd4c0c14c67065bef4033fc47bf8a9
Qbik WinGate WWW Proxy Server URL Processing Overflow
Posted Feb 19, 2010
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in Qbik WinGate version 6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the HTTP proxy service on port 80, a remote attacker could overflow a buffer and execute arbitrary code.

tags | exploit, remote, web, overflow, arbitrary
advisories | CVE-2006-2926
MD5 | 3fb1ecfa9922d452cf006b2e79743e07
RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution
Posted Feb 15, 2010
Authored by patrick | Site metasploit.com

This Metasploit module abuses two flaws - a meta-character injection vulnerability in the HTTP management server of RedHat 6.2 systems running the Piranha LVS cluster service and GUI (rpm packages: piranha and piranha-gui). The vulnerability allows an authenticated attacker to execute arbitrary commands as the Apache user account (nobody) within the /piranha/secure/passwd.php3 script. The package installs with a default user and password of piranha:q which was exploited in the wild.

tags | exploit, web, arbitrary
systems | linux, redhat
advisories | CVE-2000-0322, CVE-2000-0248
MD5 | f67f90a640b118d5d59f7d2fd5dcfd0e
Computer Associates License Client GETCONFIG Overflow
Posted Feb 15, 2010
Authored by patrick, Thor Doomen | Site metasploit.com

This Metasploit module exploits an vulnerability in the CA License Client service. This exploit will only work if your IP address can be resolved from the target system point of view. This can be accomplished on a local network by running the 'nmbd' service that comes with Samba. If you are running this exploit from Windows and do not filter udp port 137, this should not be a problem (if the target is on the same network segment). Due to the bugginess of the software, you are only allowed one connection to the agent port before it starts ignoring you. If it wasn't for this issue, it would be possible to repeatedly exploit this bug.

tags | exploit, local, udp
systems | windows
advisories | CVE-2005-0581
MD5 | 8e470559c88b3e76f25cab2ae19a7470
Computer Associates License Server GETCONFIG Overflow
Posted Feb 15, 2010
Authored by patrick, Thor Doomen | Site metasploit.com

This Metasploit module exploits an vulnerability in the CA License Server network service. By sending an excessively long GETCONFIG packet the stack may be overwritten.

tags | exploit
advisories | CVE-2005-0581
MD5 | e526f917891667036dc6583399fa7bdc
RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow
Posted Feb 15, 2010
Authored by patrick, Trancek | Site metasploit.com

This Metasploit module exploits a stack overflow in RKD Software Barcode Application ActiveX Control 'BarCodeAx.dll'. By sending an overly long string to the BeginPrint method of BarCodeAx.dll v4.9, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-3435
MD5 | 77ac8266976d2a452190c2e194b08434
Sambar 6 Search Results Buffer Overflow
Posted Feb 15, 2010
Authored by H D Moore, patrick, Andrew Griffiths | Site metasploit.com

This Metasploit module exploits a buffer overflow found in the /search/results.stm application that comes with Sambar 6. This code is a direct port of Andrew Griffiths's SMUDGE exploit, the only changes made were to the nops and payload. This exploit causes the service to die, whether you provided the correct target or not.

tags | exploit, overflow
advisories | CVE-2004-2086
MD5 | 2dde7f15d5178a785d5c0f1b9e726fd5
MS03-046 Exchange 2000 XEXCH50 Heap Overflow
Posted Dec 31, 2009
Authored by H D Moore, patrick | Site metasploit.com

This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This Metasploit module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes between one and 100 connection attempts to successfully obtain a shell. This exploit is *very* unreliable.

tags | exploit, overflow, shell
systems | windows, 2k
advisories | CVE-2003-0714
MD5 | 04b5da0fb13c72f42f0f285a8edfb33d
Altap Salamander 2.5 PE Viewer Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a buffer overflow in Altap Salamander <= v2.5. By creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander, the PDB file string is copied onto the stack and the SEH can be overwritten.

tags | exploit, overflow
advisories | CVE-2007-3314
MD5 | 8b0b10257bd6ddb25ec195a14935643f
Apache module mod_rewrite LDAP protocol Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This Metasploit module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.

tags | exploit, overflow, protocol
systems | windows
advisories | CVE-2006-3747
MD5 | 24ecf483512ef6982eb1b227d15ee15a
CA iTechnology iGateway Debug Mode Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a vulnerability in the Computer Associates iTechnology iGateway component. When True is enabled in igateway.conf (non-default), it is possible to overwrite the stack and execute code remotely.

tags | exploit
MD5 | 8978f67ab92426d063102e129c0c84af
CA BrightStor Discovery Service TCP Overflow
Posted Nov 26, 2009
Authored by H D Moore, patrick | Site metasploit.com

This Metasploit module exploits a vulnerability in the CA BrightStor Discovery Service. This vulnerability occurs when a specific type of request is sent to the TCP listener on port 41523. This vulnerability was discovered by cybertronic@gmx.net and affects all known versions of the BrightStor product. This Metasploit module is based on the 'cabrightstor_disco' exploit by Thor Doomen.

tags | exploit, tcp
advisories | CVE-2005-2535
MD5 | f08975a1d4fd37bf025c830b2145d54d
CA BrightStor Discovery Service Overflow
Posted Nov 26, 2009
Authored by H D Moore, patrick | Site metasploit.com

This Metasploit module exploits a vulnerability in the CA BrightStor Discovery Service. This vulnerability occurs when a large request is sent to UDP port 41524, triggering a stack overflow.

tags | exploit, overflow, udp
advisories | CVE-2005-0260
MD5 | 73a5a5752dc68b5bbac67ec85dcbb0c6
D-Link TFTP 1.0 Long Filename Buffer Overflow
Posted Nov 26, 2009
Authored by patrick, LSO | Site metasploit.com

This Metasploit module exploits a stack overflow in D-Link TFTP 1.0. By sending a request for an overly long file name, an attacker could overflow a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2007-1435
MD5 | c5a2e6d1d64f08aeb8a87741001d8a01
IBM Lotus Domino Sametime STMux.exe Stack Overflow
Posted Nov 26, 2009
Authored by patrick, riaf | Site metasploit.com

This Metasploit module exploits a stack overflow in Lotus Domino's Sametime Server. By sending an overly long POST request to the Multiplexer STMux.exe service we are able to overwrite SEH. Based on the exploit by Manuel Santamarina Suarez.

tags | exploit, overflow
advisories | CVE-2008-2499
MD5 | 0da82cb9511b278950e655bb1740a66e
Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in the JuniperSetupDLL.dll library which is called by the JuniperSetup.ocx ActiveX control, as part of the Juniper SSL-VPN (IVE) appliance. By specifying an overly long string to the ProductName object parameter, the stack is overwritten.

tags | exploit, overflow, activex
systems | juniper
advisories | CVE-2006-2086
MD5 | d2a55a7759653c192c9deda8b760dabd
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
Posted Nov 26, 2009
Authored by H D Moore, patrick, muts, xbxice | Site metasploit.com

This is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.

tags | exploit, web
advisories | CVE-2006-5156
MD5 | 20f6347fee8fd448c8404aaf76680f61
MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
Posted Nov 26, 2009
Authored by patrick, Jacopo Cervini | Site metasploit.com

This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli

tags | exploit, overflow, imap
advisories | CVE-2008-1358
MD5 | 08aa7f36b27117177c3b5fd60358dd1b
MDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\\MDaemon\\RawFiles\\*.raw.

tags | exploit, web, overflow, cgi
advisories | CVE-2003-1200
MD5 | c2530c0269bdafb7df3d701fa01955bf
Page 1 of 3
Back123Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    8 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close