what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

Files from Aniway

First Active2010-12-15
Last Active2014-10-21
HP Data Protector EXEC_INTEGUTIL Remote Code Execution
Posted Oct 21, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.

tags | exploit, arbitrary, perl, tcp
systems | linux, windows, centos
MD5 | 97b7fba08bd2896683e6299d64a0465b
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
Posted Sep 24, 2014
Authored by Aniway, juan vazquez, Mohsan Farid, Brent Morris, Preston Thornburg | Site metasploit.com

This Metasploit module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This Metasploit module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-0928
MD5 | 045dfd658c58db886aa5402cffda004e
HP Data Protector Backup Client Service Remote Code Execution
Posted Mar 6, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This Metasploit module abuses the Backup Client Service (OmniInet.exe) to achieve remote code execution. The vulnerability exists in the EXEC_BAR operation, which allows to execute arbitrary processes. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2013-2347
MD5 | 08b88f75df71bafc815c57e6e4d06468
EMC AlphaStor Buffer Overflow
Posted Jan 30, 2013
Authored by Aniway | Site emc.com

A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code. EMC AlphaStor version 4.0 prior to build 814 is affected.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2013-0930
MD5 | ff96a235df4515bfa6d8815144ed11b8
EMC AlphaStor 4.0 Code Execution
Posted Jan 21, 2013
Authored by Aniway | Site emc.com

EMC AlphaStor version 4.0 prior to build 800 suffers from code execution and format string vulnerabilities.

tags | advisory, vulnerability, code execution
advisories | CVE-2013-0928, CVE-2013-0929
MD5 | d6fb868fe9261d753c01ee81304564f7
HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
Posted Jan 20, 2012
Authored by sinn3r, Aniway, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2011-3167, OSVDB-76775
MD5 | d931eb96f3799819a223e13af334d81a
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
Posted Nov 6, 2011
Authored by Abysssec, sinn3r, Aniway, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | CVE-2011-0105
MD5 | 52f4fae2645df04c9e459cc1c601657e
iDEFENSE Security Advisory 2010-12-14.2
Posted Dec 15, 2010
Authored by iDefense Labs, Aniway | Site idefense.com

iDefense Security Advisory 12.14.10 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. During the instantiation of multiple ActiveX Controls, a particular object is created along with multiple references that point to the object. The object can be destroyed and its associated references removed. However, a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. Microsoft Internet Explorer 6, 7 and 8 are vulnerable.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2010-3340
MD5 | e63f37c04aa140d486240d927bf0cf17
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close