exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from riaf

Email addressriaf at mysec.org
First Active2009-10-30
Last Active2010-01-07
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the first one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2007-2280
SHA-256 | 098a37312c7769272d53b6747df73473c2997a18bf5130110137953613125b72
HP OmniInet.exe MSG_PROTOCOL Buffer Overflow
Posted Jan 7, 2010
Authored by EgiX, jduck, riaf | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the second one.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2009-3844
SHA-256 | 6077abc4561b8bb88f893fcbc753edd3a1b15ac32e3ac4ebcdc7446ce7360c3c
IBM Lotus Domino Web Server Accept-Language Stack Overflow
Posted Nov 26, 2009
Authored by riaf, Earl Marcus | Site metasploit.com

This Metasploit module exploits a stack overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes.

tags | exploit, web, overflow
advisories | CVE-2008-2240
SHA-256 | 83f6fb7d5ae69011a3539778a65b7fe423e17e94cf8166d8ba3f39790245f70b
IBM Lotus Domino Sametime STMux.exe Stack Overflow
Posted Nov 26, 2009
Authored by patrick, riaf | Site metasploit.com

This Metasploit module exploits a stack overflow in Lotus Domino's Sametime Server. By sending an overly long POST request to the Multiplexer STMux.exe service we are able to overwrite SEH. Based on the exploit by Manuel Santamarina Suarez.

tags | exploit, overflow
advisories | CVE-2008-2499
SHA-256 | dbb922034950b5d503d3b1d3a1d7c5b5c97e423e24541e11f69c20a9ef2b6eba
FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
Posted Nov 26, 2009
Authored by riaf | Site metasploit.com

This Metasploit module exploits a simple stack overflow in FreeFTPd 1.0.10. This flaw is due to a buffer overflow error when handling a specially crafted key exchange algorithm string received from an SSH client. This Metasploit module is based on MC's freesshd_key_exchange exploit.

tags | exploit, overflow
advisories | CVE-2006-2407
SHA-256 | 7edeab39559b786875c2e25515c39c1c952e00229cbdac9c0aa83bf02ea93c48
GlobalSCAPE Secure FTP Server Input Overflow
Posted Nov 26, 2009
Authored by Mati Aharoni, riaf | Site metasploit.com

This Metasploit module exploits a buffer overflow in the GlobalSCAPE Secure FTP Server. All versions prior to 3.0.3 are affected by this flaw. A valid user account ( or anonymous access) is required for this exploit to work.

tags | exploit, overflow
advisories | CVE-2005-1415
SHA-256 | f92b038b30321d1e394a2a78f7f7a4672a2b84c28b02a128fdaf5a46600f586c
SlimFTPd LIST Concatenation Overflow
Posted Nov 26, 2009
Authored by riaf | Site metasploit.com

This Metasploit module exploits a stack overflow in the SlimFTPd server. The flaw is triggered when a LIST command is received with an overly-long argument. This vulnerability affects all versions of SlimFTPd prior to 3.16 and was discovered by Raphael Rigo.

tags | exploit, overflow
advisories | CVE-2005-2373
SHA-256 | 55e26861520e953f85b098982baa1fa9c82fe412aea320df41475c3eba5a0d70
War-FTPD 1.65 Username Overflow
Posted Oct 30, 2009
Authored by riaf | Site metasploit.com

This Metasploit module exploits a buffer overflow found in the USER command of War-FTPD 1.65.

tags | exploit, overflow
advisories | CVE-1999-0256
SHA-256 | 6b9d1bed980a1f2e6457ad141aab577141467851a1a03a4918a6b4390b1dba54
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close