Email address | private |
---|---|
First Active | 2011-01-14 |
Last Active | 2013-04-11 |
BigAnt Server version 2.97 DDNF username buffer overflow exploit with DEP and ASLR bypass. Binds a shell to port 4444.
513a31355ecebb65aaf7844c30d811d6
This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This Metasploit module exploits a buffer overflow in the handling of the @F506 fields due to the insecure usage of strcpy. This Metasploit module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).
cded5f4f56c57b9c3f4c1bb89e73d638
This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and recipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. This has been fixed in a beta version which will not be pushed to release until May 2013.
4bf23d489c0d688f65c9f79f71d2b939
This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.
f0b95f422498c5d76cc375b1bf3de16b
Sysax FTP Automation Server version 5.33 suffers from a local privilege escalation vulnerability.
be956c3a95b3c3d42a2d02732a9eaf1c
This Metasploit module exploits a vulnerability in ActiveFax Server. The vulnerability is a stack based buffer overflow in the "Import Users from File" function, due to the insecure usage of strcpy while parsing the csv formatted file. The module creates a .exp file that must be imported with ActiveFax Server. The module has been tested successfully on ActFax Server 4.32 over Windows XP SP3 and Windows 7 SP1. In the Windows XP case, when ActFax runs as a service, it will execute as SYSTEM.
3d493b320b659b926b9c741afb1512b5
ActFax version 4.31 local privilege escalation exploit that spawns cmd.exe.
ae9567a53527830bd97ba50d5c8c0da8
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.
30f5d1ae89edf964656238489f35095b
Sysax versions 5.62 ad below administrative interface local buffer overflow exploit that binds a shell to port 4444.
de170a879611e91b63a22a3d444f9b2e
Sysax versions 5.60 and below suffer from a buffer overflow vulnerability when creating an SSL certificate.
5bdf87defa7d4d11143a81bdce063e64
Sysax Multi Server versions 5.57 and below remote directory traversal tool that requires authentication.
8015e6c77bca5ceabb2d04bd597627ff
This Metasploit module exploits a vulnerability found in Sysax's SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. Please note that previous versions (before 5.53) are also affected by this bug.
2e6c4b3c09156f6867a5e4b79066ef1d
Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.
efa4237db0195980bc7a8d07b894b4a8
Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.
9ebc939a18d9148892f51f798563dd37
Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444.
1dd807e4d7167fce435808be2c8b9c29
Campaign Enterprise version 11.0.421 suffers from a remote SQL injection vulnerability.
ec20548ba9402a347c1329c29fcf022c
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.
b7e1d50d58ac543b487151a13f38d70d
Sysax Multi Server version 5.50 create folder buffer overflow exploit with bindshell code for port 4444.
31d14c0cc8f4763ef8a59ac26a9f9443
LiteServe version 2.81 PASV command denial of service proof of concept exploit.
a967d9ca91be1d3306e91dc9b8044a41
Proof of concept denial of service exploit for the Omnicom Alpha 4.0e LPD server.
dd68d531a79c9c3963e76fe90542b16f
Ciscokits version 1.0 TFTP long filename denial of service exploit.
9d6b916a2ea38d519148b5d8c7384054
FreeFloat FTP version 1.0 any non implemented command buffer overflow exploit.
2ae54631644ea4e1d56f08d1dd01bc57
Freefloat FTP version 1.0 ABOR buffer overflow exploit.
2e14b23a633580ff1cb712a88c328ba2
Solar FTP version 2.1.1 PASV command proof of concept buffer overflow exploit.
5a1a4d5a622950c5d1bd20c26bc8d4aa
Avaya IP Office Manager version 8.1 TFTP denial of service exploit.
4619ae971704a116d90106dccebd502b