what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Serge Gorbunov

Open-FTPD 1.2 Arbitrary File Upload

Posted Aug 12, 2013

Authored by Serge Gorbunov | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities found in Open&Compact FTP server. The software contains an authentication bypass vulnerability and a arbitrary file upload vulnerability that allows a remote attacker to write arbitrary files to the file system as long as there is at least one user who has permission. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, arbitrary, vulnerability, code execution, bypass, file upload

systems | windows

advisories | CVE-2010-2620, OSVDB-65687

SHA-256 | 1c6829f3aa5790761fb910b2f802e2c160f810883ffc902bf2614ece3bbacfae

Download | Favorite | View

Open And Compact FTP Server 1.2 Denial Of Service

Posted Jun 19, 2010

Authored by Serge Gorbunov

Open and Compact FTP Server version 1.2 suffers from a denial of service vulnerability.

tags | exploit, denial of service

SHA-256 | 8ea9f2c7bebd4ac4e981c04038d3152c116e290318ce180415ce2099a0b9808f

Download | Favorite | View

Open And Compact FTP Server 1.2 Full System Access

Posted Jun 19, 2010

Authored by Serge Gorbunov

Open and Compact FTP Server version 1.2 suffers from an arbitrary access vulnerability.

tags | exploit, arbitrary

SHA-256 | ed28b128a65965508c42f6f92440fd7c3cfa496228fadd16dc8a8120419563a6

Download | Favorite | View