what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

Files from James Fitts

First Active2010-08-30
Last Active2017-09-29
LAquis SCADA 4.1.0.2385 Directory Traversal
Posted Sep 29, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashes (../) to the vulnerable NOME parameter found on the listagem.laquis file. This Metasploit module was tested against version 4.1.0.2385.

tags | exploit, file inclusion
advisories | CVE-2017-6020
SHA-256 | ae0975440fb126f19c5ccc25be557789a6e620a677ff401fc17497d5b023dd68
Cloudview NMS 2.00b Writable Directory Traversal Execution
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context 'SYSTEM'.

tags | exploit, remote, arbitrary, code execution, file inclusion
SHA-256 | 0aa023366398e0b5fe67252f1cd7499e46c8e4acd3c9b630308fd8668c7e3664
Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found within the sync_rserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist during the parsing of the $uuid parameter. This allows for the escaping of a system command allowing for arbitrary command execution as root.

tags | exploit, arbitrary, root
advisories | CVE-2014-3804
SHA-256 | c5d3cc878780fde621fb0eaa9cf72d1a173e80bb8af8c96151703f11d0f99f4d
Cloudview NMS File Upload
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found within Cloudview NMS versions prior to 2.00b. The vulnerability is triggered by sending specialized packets to the server with directory traversal sequences to browse outside of the web root.

tags | exploit, web, root, file upload
SHA-256 | e1827b120d87b6594f212dd5b8a68e00064254f33d0e8e0ade054b8ab686c009
Dameware Mini Remote Control 4.0 Username Stack Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2005-2842
SHA-256 | 2ed851c0d5344e61f6b11707f88d95f097e974d5f1349cbebf251d2984413149
Carel PlantVisor 2.4.4 Directory Traversal
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

Carel PlantVisor version 2.4.4 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2011-3487
SHA-256 | 24843727412d5938ac625ddc4bb6aab5f7d5861d0d325fc6c554bc97ae658cad
Indusoft Web Studio Directory Traversal
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a flaw found in Indusoft Web Studio versions 7.1 and below before SP2 Patch 4. This specific flaw allows users to browse outside of the webroot to download files found on the underlying system.

tags | exploit, web, file inclusion
advisories | CVE-2014-0780
SHA-256 | 69837ade3b0e068ebe61226b3a690e4667a8c0997588612954ef1a13ff2efc5e
Carlo Gavazzi Powersoft 2.1.1.1 Directory Traversal
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested

tags | exploit, php, file inclusion
SHA-256 | 4bbb870204cb160404324362d5f655c2e6ad6e3dcfa95efd62ae7ff34223cedd
KingScada AlarmServer 3.1.2.13 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in KingScada versions prior to 3.1.2.13. The vulnerability is triggered when sending a specially crafted packet to the 'AlarmServer' (AEserver.exe) service listening on port 12401. During the parsing of the packet the 3rd dword is used as a size value for a memcpy operation which leads to an overflown stack buffer.

tags | exploit, overflow
advisories | CVE-2014-0787
SHA-256 | 372002f341dbcef63350dadde1e01f17c8f3958551e72cc9370cf9d47ca6fe34
haneWIN DNS Server 1.5.3 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in haneWIN DNS Server versions 1.5.3 and below. The vulnerability is triggered by sending an overly long packet to the victim server. A memcpy function blindly copies user supplied data to a fixed size buffer leading to remote code execution. This Metasploit module was tested against haneWIN DNS 1.5.3.

tags | exploit, remote, overflow, code execution
SHA-256 | 69375272f6b85af018f67e431cd2eee59a7193612cbbd63b5056a57a70383cd9
Disk Pulse Server 2.2.34 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in libpal.dll of Disk Pulse Server version 2.2.34. The overflow is triggered when sending an overly long 'GetServerInfo' request to the service listening on port 9120.

tags | exploit, overflow
SHA-256 | 89e1fbaa5faa9d128da8744ffe8a79c7dc9dbc91064e2e5d365a74516ab37fc9
VIPA Automation WinPLC7 5.0.45.5921 Buffer Overflow
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 versions 5.0.45.5921 and below. The overflow is triggered when WinPLC7 connects to a remote server and accepts a malicious packet. The first 2 bytes of this packet are read in and used as the size value for a later recv function. If a size value of sufficiently large size is supplied a stack buffer overflow will occur

tags | exploit, remote, overflow
advisories | CVE-2017-5177
SHA-256 | 257f496d5a691e764607b32eaae937eb56dfb812ba9f2eaf3af43286daab4e04
Infinite Automation Mango Automation Command Injection
Posted Sep 15, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation versions 2.5.0 through 2.6.0 beta (builds prior to 430).

tags | exploit
advisories | CVE-2015-7901
SHA-256 | fb92778bf7cda183a3a910fce3a36043c3d1f3d8be5c5e940f23dc69bc468f83
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a command injection flaw found in the get_log_line function found within Util.pm. The vulnerability is triggered due to an unsanitized $r_file parameter passed to a string which is then executed by the system

tags | exploit
advisories | CVE-2014-3805
SHA-256 | 14ebb7003ddd92d32096f32666e2bc54c1e1aace1fdf8a426fd5d68b7e981878
Sielco Sistemi Winlog 2.07.16 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Sielco Sistemi Winlog versions 2.07.16 and below. The overflow is triggered during the parsing of a maliciously crafted packet

tags | exploit, overflow
SHA-256 | b7800da35175855406221f63922413c3f00345939383e69eea5f9f84153c8730
Motorola Netopia Netoctopus SDCS Stack Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a vulnerability within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer.

tags | exploit, overflow
SHA-256 | 7fa33e91d816df5d477c2e8b7d0d36b10a92882d363ab5e703d2da1e002dfcf1
Lockstep Backup For Workgroups 4.0.3 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack buffer overflow found in Lockstep Backup for Workgroups versions 4.0.3 and below. The vulnerability is triggered when sending a specially crafted packet that will cause a login failure.

tags | exploit, overflow
SHA-256 | 613182e151de70de17f950e560dafa0845ff260e64016fcceddf19108d53136c
EMC AlphaStor Device Manager Opcode 0x72 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe service listening on port 3000. During the copying of strings to the stack an unbounded sprintf() function overwrites the return pointer leading to remote code execution.

tags | exploit, remote, overflow, code execution
SHA-256 | 2879d01f8913ead6a90cab85b336de984e013e193a30e5d1247f6989b0fa4674
EMC AlphaStor Library Manager Opcode 0x4f Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version < 4.0 build 910. The overflow is triggered due to a lack of sanitization of the pointers used for two strcpy functions.

tags | exploit, overflow
advisories | CVE-2013-0946
SHA-256 | b127f7dc2ea89cebfead7d38c3b78d175b3375c0034def2f4e3b3e6395d6d22a
Fatek Automation PLC WinProladder 3.11 Build 14701 Buffer Overflow
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder version 3.11 Build 14701. The vulnerability is triggered when a client connects to a listening server. The client does not properly sanitize the length of the received input prior to placing it on the stack.

tags | exploit, overflow
advisories | CVE-2016-8377
SHA-256 | 3f6a8bfbce639093ae67dd696b79c8bcb1d78b6454f530630255e7b1576b6ad6
EMC CMCNE 11.2.1 Inmservlets.war FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition <= 11.2.1. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet found within the Inmservlets.war archive. This allows the attacker to upload a specially crafted file which leads to remote code execution in the context of the server user.

tags | exploit, remote, code execution, file upload
advisories | CVE-2013-6810
SHA-256 | 6bb5591eafa616f5e36341752eb9b1509345a01bc873e86d440ac1a861dcf3a4
EMC CMCNE 11.2.1 FileUploadController Remote Code Execution
Posted Sep 14, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition versions 11.2.1 and below. The file upload vulnerability is triggered when sending a specially crafted filename to the FileUploadController servlet. This allows the attacker to upload a malicious jsp file to anywhere on the remote file system.

tags | exploit, remote, file upload
advisories | CVE-2013-6810
SHA-256 | 3c72a6b492a3a241415f122e7dda5e8764651e326570e7896eb20d1507455311
Advantech SUSIAccess 3.0 File Upload
Posted Aug 2, 2017
Authored by James Fitts

Advantech SUSIAccess versions 3.0 and below suffers from a RecoveryMgmt file upload vulnerability.

tags | exploit, file upload
advisories | CVE-2016-9349, CVE-2016-9351
SHA-256 | 7afddd81c9bc2a2655ff371abde673b9ce3d5c9f80dd813d96f9a3659935c76d
Advantech SUSIAccess 3.0 Directory Traversal / Information Disclosure
Posted Aug 1, 2017
Authored by James Fitts | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability found in Advantech SUSIAccess versions 3.0 and below. The vulnerability is triggered when sending a GET request to the server with a series of dot dot slashes (../) in the file parameter.

tags | exploit, file inclusion, info disclosure
advisories | CVE-2016-9349
SHA-256 | 987feed6e20b7d8688f866350e62c7ccd8559ac0d7a669fdd86a82be99cf233c
Zpanel 10.1.0 Remote Unauthenticated Code Execution
Posted Oct 20, 2015
Authored by James Fitts, Dawn Isabel, Brent Morris, brad wolfe | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability found in Zpanel versions 10.1.0 and below. The vulnerability is due to a vulnerable version of pChart allowing remote, unauthenticated, users to read arbitrary files found on the filesystem. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.

tags | exploit, remote, arbitrary, code execution, info disclosure
advisories | CVE-2013-2097
SHA-256 | e2a78006f6a2c8dd9641e9a3343f7060a143d27b5463d94361969f139f4f5d48
Page 1 of 2
Back12Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close