exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from riaf

Email addressriaf at mysec.org
First Active2009-10-30
Last Active2010-01-07
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the first one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2007-2280
SHA-256 | 098a37312c7769272d53b6747df73473c2997a18bf5130110137953613125b72
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the second one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2009-3844
SHA-256 | 6077abc4561b8bb88f893fcbc753edd3a1b15ac32e3ac4ebcdc7446ce7360c3c
IBM Lotus Domino Web Server Accept-Language Stack Overflow
Posted Nov 26, 2009
Authored by riaf, Earl Marcus | Site metasploit.com

This Metasploit module exploits a stack overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes.

tags | exploit, web, overflow
advisories | CVE-2008-2240
SHA-256 | 83f6fb7d5ae69011a3539778a65b7fe423e17e94cf8166d8ba3f39790245f70b
IBM Lotus Domino Sametime STMux.exe Stack Overflow
Posted Nov 26, 2009
Authored by patrick, riaf | Site metasploit.com

This Metasploit module exploits a stack overflow in Lotus Domino's Sametime Server. By sending an overly long POST request to the Multiplexer STMux.exe service we are able to overwrite SEH. Based on the exploit by Manuel Santamarina Suarez.

tags | exploit, overflow
advisories | CVE-2008-2499
SHA-256 | dbb922034950b5d503d3b1d3a1d7c5b5c97e423e24541e11f69c20a9ef2b6eba
FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
Posted Nov 26, 2009
Authored by riaf | Site metasploit.com

This Metasploit module exploits a simple stack overflow in FreeFTPd 1.0.10. This flaw is due to a buffer overflow error when handling a specially crafted key exchange algorithm string received from an SSH client. This Metasploit module is based on MC's freesshd_key_exchange exploit.

tags | exploit, overflow
advisories | CVE-2006-2407
SHA-256 | 7edeab39559b786875c2e25515c39c1c952e00229cbdac9c0aa83bf02ea93c48
GlobalSCAPE Secure FTP Server Input Overflow
Posted Nov 26, 2009
Authored by Mati Aharoni, riaf | Site metasploit.com

This Metasploit module exploits a buffer overflow in the GlobalSCAPE Secure FTP Server. All versions prior to 3.0.3 are affected by this flaw. A valid user account ( or anonymous access) is required for this exploit to work.

tags | exploit, overflow
advisories | CVE-2005-1415
SHA-256 | f92b038b30321d1e394a2a78f7f7a4672a2b84c28b02a128fdaf5a46600f586c
SlimFTPd LIST Concatenation Overflow
Posted Nov 26, 2009
Authored by riaf | Site metasploit.com

This Metasploit module exploits a stack overflow in the SlimFTPd server. The flaw is triggered when a LIST command is received with an overly-long argument. This vulnerability affects all versions of SlimFTPd prior to 3.16 and was discovered by Raphael Rigo.

tags | exploit, overflow
advisories | CVE-2005-2373
SHA-256 | 55e26861520e953f85b098982baa1fa9c82fe412aea320df41475c3eba5a0d70
War-FTPD 1.65 Username Overflow
Posted Oct 30, 2009
Authored by riaf | Site metasploit.com

This Metasploit module exploits a buffer overflow found in the USER command of War-FTPD 1.65.

tags | exploit, overflow
advisories | CVE-1999-0256
SHA-256 | 6b9d1bed980a1f2e6457ad141aab577141467851a1a03a4918a6b4390b1dba54
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close