what you don't know can hurt you
Showing 1 - 25 of 43 RSS Feed

Files from James Fitts

First Active2010-08-30
Last Active2017-09-29
LAquis SCADA 4.1.0.2385 Directory Traversal
Posted Sep 29, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashes (../) to the vulnerable NOME parameter found on the listagem.laquis file. This Metasploit module was tested against version 4.1.0.2385.

tags | exploit, file inclusion
advisories | CVE-2017-6020
MD5 | cc55558411a9a1f9c6a327132bf52ec2
Cloudview NMS 2.00b Writable Directory Traversal Execution
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context 'SYSTEM'.

tags | exploit, remote, arbitrary, code execution, file inclusion
MD5 | f21104622ef288e328fae776f93497a0
Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found within the sync_rserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist during the parsing of the $uuid parameter. This allows for the escaping of a system command allowing for arbitrary command execution as root.

tags | exploit, arbitrary, root
advisories | CVE-2014-3804
MD5 | 43851e427cacf395204816cb1efe891e
Cloudview NMS File Upload
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found within Cloudview NMS versions prior to 2.00b. The vulnerability is triggered by sending specialized packets to the server with directory traversal sequences to browse outside of the web root.

tags | exploit, web, root, file upload
MD5 | 40fbe28e8d4ae70f1b8a4e1f08d7dc1a
Dameware Mini Remote Control 4.0 Username Stack Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2005-2842
MD5 | 234de1e820b0fdb80f85a62eb47fdd59
Carel PlantVisor 2.4.4 Directory Traversal
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

Carel PlantVisor version 2.4.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2011-3487
MD5 | 53c47349d004a5da5be6c028fec32469
Indusoft Web Studio Directory Traversal
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a flaw found in Indusoft Web Studio versions 7.1 and below before SP2 Patch 4. This specific flaw allows users to browse outside of the webroot to download files found on the underlying system.

tags | exploit, web, file inclusion
advisories | CVE-2014-0780
MD5 | 16f7cb4a150432863c9bfba04db5b70a
Carlo Gavazzi Powersoft 2.1.1.1 Directory Traversal
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested

tags | exploit, php, file inclusion
MD5 | 7ead626f719b2712cc6f6e65a79e2c9f
KingScada AlarmServer 3.1.2.13 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in KingScada versions prior to 3.1.2.13. The vulnerability is triggered when sending a specially crafted packet to the 'AlarmServer' (AEserver.exe) service listening on port 12401. During the parsing of the packet the 3rd dword is used as a size value for a memcpy operation which leads to an overflown stack buffer.

tags | exploit, overflow
advisories | CVE-2014-0787
MD5 | 7072f8401b9fac3fe14accabe0513d45
haneWIN DNS Server 1.5.3 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in haneWIN DNS Server versions 1.5.3 and below. The vulnerability is triggered by sending an overly long packet to the victim server. A memcpy function blindly copies user supplied data to a fixed size buffer leading to remote code execution. This Metasploit module was tested against haneWIN DNS 1.5.3.

tags | exploit, remote, overflow, code execution
MD5 | 142625777fcd6e9f8951b76b8c55f08d
Disk Pulse Server 2.2.34 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in libpal.dll of Disk Pulse Server version 2.2.34. The overflow is triggered when sending an overly long 'GetServerInfo' request to the service listening on port 9120.

tags | exploit, overflow
MD5 | 4fe44206eb458c215a59974aae93f192
VIPA Automation WinPLC7 5.0.45.5921 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 versions 5.0.45.5921 and below. The overflow is triggered when WinPLC7 connects to a remote server and accepts a malicious packet. The first 2 bytes of this packet are read in and used as the size value for a later recv function. If a size value of sufficiently large size is supplied a stack buffer overflow will occur

tags | exploit, remote, overflow
advisories | CVE-2017-5177
MD5 | 39206fd7e06dea1d64570049bea1e996
Infinite Automation Mango Automation Command Injection
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation versions 2.5.0 through 2.6.0 beta (builds prior to 430).

tags | exploit
advisories | CVE-2015-7901
MD5 | 8c39a753662f64b44b06cfe64e431576
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection flaw found in the get_log_line function found within Util.pm. The vulnerability is triggered due to an unsanitized $r_file parameter passed to a string which is then executed by the system

tags | exploit
advisories | CVE-2014-3805
MD5 | 97ef73935acc9baa4cbe11cbb3cc3bfd
Sielco Sistemi Winlog 2.07.16 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Sielco Sistemi Winlog versions 2.07.16 and below. The overflow is triggered during the parsing of a maliciously crafted packet

tags | exploit, overflow
MD5 | ec4306b8ccf2288f4354cba8f9ae6667
Motorola Netopia Netoctopus SDCS Stack Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer.

tags | exploit, overflow
MD5 | 3075bf3470fdaa19758f79291cc37b8a
Lockstep Backup For Workgroups 4.0.3 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack buffer overflow found in Lockstep Backup for Workgroups versions 4.0.3 and below. The vulnerability is triggered when sending a specially crafted packet that will cause a login failure.

tags | exploit, overflow
MD5 | 8a7e8f39a1eba2dd2a6292b10da1e438
EMC AlphaStor Device Manager Opcode 0x72 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe service listening on port 3000. During the copying of strings to the stack an unbounded sprintf() function overwrites the return pointer leading to remote code execution.

tags | exploit, remote, overflow, code execution
MD5 | da358008d9761bc06cd638d10f5502ed
EMC AlphaStor Library Manager Opcode 0x4f Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.

tags | exploit, overflow
advisories | CVE-2013-0946
MD5 | f45a624dc0d882bbd6d7709cfcc6d8e7
Fatek Automation PLC WinProladder 3.11 Build 14701 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder version 3.11 Build 14701. The vulnerability is triggered when a client connects to a listening server. The client does not properly sanitize the length of the received input prior to placing it on the stack.

tags | exploit, overflow
advisories | CVE-2016-8377
MD5 | 0f066ad5d0344b486b93512ec51668cb
EMC CMCNE 11.2.1 Inmservlets.war FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition <= 11.2.1. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet found within the Inmservlets.war archive. This allows the attacker to upload a specially crafted file which leads to remote code execution in the context of the server user.

tags | exploit, remote, code execution, file upload
advisories | CVE-2013-6810
MD5 | cd72ecd3b048e4780383c2eed6c03106
EMC CMCNE 11.2.1 FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition versions 11.2.1 and below. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet. This allows the attacker to upload a malicious jsp file to anywhere on the remote file system.

tags | exploit, remote, file upload
advisories | CVE-2013-6810
MD5 | ab12b2fd5352b3d055925d1085609d60
Advantech SUSIAccess 3.0 File Upload
Posted Aug 2, 2017
Authored by James Fitts

Advantech SUSIAccess versions 3.0 and below suffers from a RecoveryMgmt file upload vulnerability.

tags | exploit, file upload
advisories | CVE-2016-9349, CVE-2016-9351
MD5 | 7bdeef14532b16a57b5c3958af561cf9
Advantech SUSIAccess 3.0 Directory Traversal / Information Disclosure
Posted Aug 1, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability found in Advantech SUSIAccess versions 3.0 and below. The vulnerability is triggered when sending a GET request to the server with a series of dot dot slashes (../) in the file parameter.

tags | exploit, file inclusion, info disclosure
advisories | CVE-2016-9349
MD5 | b99b70a5c20733224e88b86d90cc3957
Zpanel 10.1.0 Remote Unauthenticated Code Execution
Posted Oct 20, 2015
Authored by James Fitts, Dawn Isabel, Brent Morris, brad wolfe | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability found in Zpanel versions 10.1.0 and below. The vulnerability is due to a vulnerable version of pChart allowing remote, unauthenticated, users to read arbitrary files found on the filesystem. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.

tags | exploit, remote, arbitrary, code execution, info disclosure
advisories | CVE-2013-2097
MD5 | da0ee10fd034c511e39d2859a8c1c254
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    2 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close