what you don't know can hurt you
Showing 1 - 25 of 31 RSS Feed

Files from TecR0c

First Active2010-02-08
Last Active2012-02-29
IBM Personal Communications I-Series Buffer Overflow
Posted Feb 29, 2012
Authored by TecR0c | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in IBM Personal Communications I-Series. The issue affects file parsing in which data copied to a location in memory exceeds the size of the reserved destination area. The buffer is located on the runtime program stack. Versions tested: IBM System i Access for Windows V6R1M0 version 06.01.0001.0000a which bundles pcsws.exe version 5090.27271.709.

tags | exploit, overflow
systems | windows
advisories | CVE-2012-0201
MD5 | 2d5f9b10f02a872dad2c7339ae14ed2a
Plone and Zope Remote CMD Injection Exploit
Posted Dec 28, 2011
Authored by TecR0c, Nick Miles, Plone Security team | Site metasploit.com

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

tags | exploit, remote, arbitrary, python
advisories | CVE-2011-3587
MD5 | 3013603a348129a540fe43fd110026f6
PmWiki 2.2.34 Remote PHP Code Injection Exploit
Posted Dec 23, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.

tags | exploit, arbitrary, php
advisories | CVE-2011-4453, OSVDB-77261
MD5 | e4e50e113930a054f27b8419fa7c20bb
CoDeSys SCADA 2.3 Webserver Stack Buffer Overflow
Posted Dec 13, 2011
Authored by sinn3r, TecR0c, Celil Unuver | Site metasploit.com

This Metasploit module exploits a remote stack buffer overflow vulnerability in 3S-Smart Software Solutions product CoDeSys Scada Web Server Version 1.1.9.9.

tags | exploit, remote, web, overflow
MD5 | 4d6c163dec4e6a936ce6c28e43feda92
Traq 2.3 Authentication Bypass / Remote Code Execution
Posted Dec 13, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.

tags | exploit, arbitrary, php
MD5 | e05bdd8825527e2e70d105042b0dad1c
Viscom Software Movie Player Pro SDK Activex 6.8 Buffer Overflow
Posted Nov 20, 2011
Authored by shinnai, mr_me, TecR0c | Site metasploit.com

Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.

tags | exploit, java, remote, overflow, arbitrary, activex
advisories | CVE-2010-0356, OSVDB-61634
MD5 | ac5ee43cfc0509841b6c9a26de949d06
Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
Posted Nov 17, 2011
Authored by Dr_IDE, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.

tags | exploit, java, overflow, code execution
MD5 | 4682a02bd6d485a684e4c2af85471375
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection
Posted Oct 25, 2011
Authored by EgiX, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.

tags | exploit, php
MD5 | 6ff2f43db9509854e854f8121b45df3e
Real Networks Netzip Classic 7.5.1 86 Buffer Overflow
Posted Oct 17, 2011
Authored by TecR0c, C4SS!0 G0M3S | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, overflow, arbitrary
MD5 | 73f79d377a245b750af3ab179d1550c9
PcVue 10.0 Function Pointer Overwrite
Posted Oct 14, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.

tags | exploit, arbitrary
MD5 | f6b70eb735e3f3aab8779a7d7fc7ff6b
TugZip 3.5 Zip File Parsing Buffer Overflow
Posted Oct 12, 2011
Authored by mr_me, Lincoln, TecR0c, Stefan Marin | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-4779, OSVDB-49371
MD5 | 0ac057d8b5dce6496b4b683ba3aea744
ScriptFTP 3.3 Remote Buffer Overflow
Posted Oct 10, 2011
Authored by mr_me, TecR0c | Site metasploit.com

AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click will result in connecting to our malicious server and perform arbitrary code execution which allows the attacker to gain the same rights as the user running ScriptFTP.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2011-3976, OSVDB-75633
MD5 | e540826b848295b079627e0d679021e3
eSignal / eSignal Pro 10.6.2425.1208 Buffer Overflow
Posted Sep 29, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.

tags | exploit, overflow
advisories | CVE-2011-3494, OSVDB-75456
MD5 | 5fb53a4cce0229cfcf830c27f79a4fbe
Measuresoft ScadaPro 4.0.0 Remote Command Execution
Posted Sep 17, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.

tags | exploit, remote, arbitrary, code execution
MD5 | 3508195d3c887c43db110cb0998ef314
Joomla 1.5 VirtueMart 1.1.7 Blind SQL Injection
Posted Jul 29, 2011
Authored by mr_me, TecR0c | Site metasploit.com

A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.

tags | exploit, sql injection
MD5 | 426ac2c03c6c7e51d370d76153569d7e
If-CMS 2.07 Local File Inclusion
Posted Jun 21, 2011
Authored by TecR0c

If-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.

tags | exploit, local, file inclusion
MD5 | 7a33f7e16da3d52c32353655d347203c
VLC Media Player XSPF Local File Integer Overflow
Posted Jun 9, 2011
Authored by TecR0c

VLC Media Player suffers from an XSPF local file integer overflow in the XSPF playlist parser. Versions 1.1.9 down to 0.8.5 are affected.

tags | exploit, overflow, local
MD5 | 3cfc2105895e00e1fcc0e75ba428e3fc
VisiWave VWR File Parsing Buffer Overflow
Posted May 25, 2011
Authored by mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text', 'Image'), but if a match isn't found, the function that's supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. This Metasploit module was built to bypass ASLR and DEP. NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a victim user to 'double click' the malicious VWR file and execute code.

tags | exploit, arbitrary, code execution
advisories | OSVDB-72464
MD5 | 71310cd3b031f3ad565ea7b5e2e84948
iCMS 1.1 SQL Injection / Bruteforcer
Posted Mar 18, 2011
Authored by TecR0c

iCMS version 1.1 administrative SQL injection / bruteforcing exploit.

tags | exploit, sql injection
MD5 | fe6fa416a6a65b37ee9e365c43bc91d2
If-CMS 2.07 Local File Inclusion
Posted Mar 16, 2011
Authored by TecR0c

If-CMS version 2.07 pre-authentication local file inclusion exploit.

tags | exploit, local, file inclusion
MD5 | 4e0be78b6869f9e2027d0f0d3657c44e
N'CMS 1.1E Pre-Auth Local File Inclusion Code Execution
Posted Mar 11, 2011
Authored by TecR0c

N'CMS version 1.1e pre-authentication local file inclusion remote code execution exploit.

tags | exploit, remote, local, code execution, file inclusion
MD5 | fe27d964f1b7aefcd1bc3b4534e42a5b
Vtiger CRM 5.0.4 Local File Inclusion
Posted Mar 6, 2011
Authored by TecR0c

Vtiger CRM version 5.0.4 pre-authentication local file inclusion exploit.

tags | exploit, local, file inclusion
advisories | CVE-2009-3249
MD5 | 75bef0c87ff264fd394c3c43ce6fed33
FieldNotes 32 5.0 SEH Overwrite
Posted Jun 26, 2010
Authored by TecR0c | Site corelan.be

FieldNotes 32 version 5.0 SEH overwrite local exploit that produces a malicious .dxf file.

tags | exploit, overflow, local
MD5 | 9eece798aba4c3be37cfe04b4c306b8d
Winamp 5.572 EIP / SEH DEP Bypass Buffer Overflow
Posted Jun 19, 2010
Authored by TecR0c | Site corelan.be

Winamp 5.572 local buffer overflow EIP and SEH DEP bypass exploit.

tags | exploit, overflow, local, bypass
MD5 | fca65648a9724d3672fd049df98369dd
ZipExplorer 7.0 Denial Of Service
Posted Jun 2, 2010
Authored by TecR0c | Site corelan.be

ZipExplorer version 7.0 denial of service exploit that creates a malicious .rar file.

tags | exploit, denial of service
MD5 | d54fab469002e0d6fcc0698dce339e04
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close