exploit the possibilities
Showing 1 - 25 of 27 RSS Feed

Files from Craig Freyman

Email addressprivate
First Active2011-01-14
Last Active2013-04-11
View User Profile
BigAnt Server 2.97 Buffer Overflow
Posted Apr 11, 2013
Authored by Craig Freyman

BigAnt Server version 2.97 DDNF username buffer overflow exploit with DEP and ASLR bypass. Binds a shell to port 4444.

tags | exploit, overflow, shell
MD5 | 513a31355ecebb65aaf7844c30d811d6
ActFax 5.01 RAW Server Buffer Overflow
Posted Mar 26, 2013
Authored by corelanc0d3r, Craig Freyman, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This Metasploit module exploits a buffer overflow in the handling of the @F506 fields due to the insecure usage of strcpy. This Metasploit module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).

tags | exploit, overflow, protocol
systems | windows, xp
advisories | OSVDB-89944
MD5 | cded5f4f56c57b9c3f4c1bb89e73d638
ActFax 5.01 RAW Server Buffer Overflow
Posted Feb 6, 2013
Authored by corelanc0d3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages to the fax server without any underlying protocols. To note significant fields in the fax being transfered, like fax number and recipient, you can use ActFax data fields. @F506,@F605, and @F000 are all data fields that are vulnerable. This has been fixed in a beta version which will not be pushed to release until May 2013.

tags | exploit, protocol
MD5 | 4bf23d489c0d688f65c9f79f71d2b939
BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass
Posted Dec 30, 2012
Authored by LiquidWorm, Craig Freyman | Site metasploit.com

This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.

tags | exploit, arbitrary, bypass
advisories | CVE-2006-6199, OSVDB-30770
MD5 | f0b95f422498c5d76cc375b1bf3de16b
Sysax FTP Automation Server 5.33 Privilege Escalation
Posted Nov 5, 2012
Authored by Craig Freyman

Sysax FTP Automation Server version 5.33 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | be956c3a95b3c3d42a2d02732a9eaf1c
ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow
Posted Sep 7, 2012
Authored by Craig Freyman, juan vazquez, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability in ActiveFax Server. The vulnerability is a stack based buffer overflow in the "Import Users from File" function, due to the insecure usage of strcpy while parsing the csv formatted file. The module creates a .exp file that must be imported with ActiveFax Server. The module has been tested successfully on ActFax Server 4.32 over Windows XP SP3 and Windows 7 SP1. In the Windows XP case, when ActFax runs as a service, it will execute as SYSTEM.

tags | exploit, overflow
systems | windows, xp, 7
MD5 | 3d493b320b659b926b9c741afb1512b5
ActFax 4.31 Local Privilege Escalation
Posted Aug 29, 2012
Authored by Craig Freyman

ActFax version 4.31 local privilege escalation exploit that spawns cmd.exe.

tags | exploit, local
MD5 | ae9567a53527830bd97ba50d5c8c0da8
Sysax Multi Server 5.64 Buffer Overflow
Posted Jul 29, 2012
Authored by Craig Freyman, Matt Andreko | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.

tags | exploit, web, overflow
MD5 | 30f5d1ae89edf964656238489f35095b
Sysax 5.62 Admin Interface Local Buffer Overflow
Posted Jun 20, 2012
Authored by Craig Freyman

Sysax versions 5.62 ad below administrative interface local buffer overflow exploit that binds a shell to port 4444.

tags | exploit, overflow, shell, local
MD5 | de170a879611e91b63a22a3d444f9b2e
Sysax 5.60 Create SSL Certificate Buffer Overflow
Posted Jun 4, 2012
Authored by Craig Freyman

Sysax versions 5.60 and below suffer from a buffer overflow vulnerability when creating an SSL certificate.

tags | exploit, overflow
MD5 | 5bdf87defa7d4d11143a81bdce063e64
Sysax Multi Server 5.57 Directory Traversal
Posted Apr 4, 2012
Authored by Craig Freyman

Sysax Multi Server versions 5.57 and below remote directory traversal tool that requires authentication.

tags | exploit, remote
MD5 | 8015e6c77bca5ceabb2d04bd597627ff
Sysax 5.53 SSH Username Buffer Overflow
Posted Mar 5, 2012
Authored by sinn3r, Craig Freyman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Sysax's SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. Please note that previous versions (before 5.53) are also affected by this bug.

tags | exploit, remote, code execution
advisories | OSVDB-79689
MD5 | 2e6c4b3c09156f6867a5e4b79066ef1d
Sysax 5.53 SSH Username Buffer Overflow Exploit
Posted Feb 27, 2012
Authored by Craig Freyman

Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.

tags | exploit, remote, overflow, shell, shellcode, code execution
MD5 | efa4237db0195980bc7a8d07b894b4a8
Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit
Posted Feb 27, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.

tags | exploit, shell, shellcode
MD5 | 9ebc939a18d9148892f51f798563dd37
Sysax Multi Server 5.52 Buffer Overflow
Posted Feb 10, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444.

tags | exploit, overflow, shell, shellcode
MD5 | 1dd807e4d7167fce435808be2c8b9c29
Campaign Enterprise 11.0.421 SQL Injection
Posted Jan 31, 2012
Authored by Craig Freyman

Campaign Enterprise version 11.0.421 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ec20548ba9402a347c1329c29fcf022c
Sysax Multi Server 5.50 Create Folder Buffer Overflow
Posted Jan 26, 2012
Authored by Craig Freyman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.

tags | exploit, web, overflow
MD5 | b7e1d50d58ac543b487151a13f38d70d
Sysax Multi Server 5.50 Buffer Overflow
Posted Jan 18, 2012
Authored by Craig Freyman

Sysax Multi Server version 5.50 create folder buffer overflow exploit with bindshell code for port 4444.

tags | exploit, overflow
MD5 | 31d14c0cc8f4763ef8a59ac26a9f9443
LiteServe 2.81 PASV Denial Of Service
Posted Aug 9, 2011
Authored by Craig Freyman

LiteServe version 2.81 PASV command denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | a967d9ca91be1d3306e91dc9b8044a41
Omnicom Alpha 4.0e LPD Server Denial Of Service
Posted Aug 3, 2011
Authored by Craig Freyman

Proof of concept denial of service exploit for the Omnicom Alpha 4.0e LPD server.

tags | exploit, denial of service, proof of concept
MD5 | dd68d531a79c9c3963e76fe90542b16f
Ciscokits 1.0 TFTP Denial Of Service
Posted Jul 24, 2011
Authored by Craig Freyman

Ciscokits version 1.0 TFTP long filename denial of service exploit.

tags | exploit, denial of service
MD5 | 9d6b916a2ea38d519148b5d8c7384054
FreeFloat FTP 1.0 Any Non Implemented Command Buffer Overflow
Posted Jul 20, 2011
Authored by Craig Freyman

FreeFloat FTP version 1.0 any non implemented command buffer overflow exploit.

tags | exploit, overflow
MD5 | 2ae54631644ea4e1d56f08d1dd01bc57
Freefloat FTP 1.0 ABOR Buffer Overflow
Posted Jul 19, 2011
Authored by Craig Freyman

Freefloat FTP version 1.0 ABOR buffer overflow exploit.

tags | exploit, overflow
MD5 | 2e14b23a633580ff1cb712a88c328ba2
Solar FTP 2.1.1 PASV Buffer Overflow
Posted Jul 13, 2011
Authored by Craig Freyman, Gerardo Iglesias Galvan

Solar FTP version 2.1.1 PASV command proof of concept buffer overflow exploit.

tags | exploit, overflow, proof of concept
MD5 | 5a1a4d5a622950c5d1bd20c26bc8d4aa
Avaya IP Office Manager 8.1 TFTP Denial Of Service
Posted Mar 24, 2011
Authored by Craig Freyman

Avaya IP Office Manager version 8.1 TFTP denial of service exploit.

tags | exploit, denial of service
MD5 | 4619ae971704a116d90106dccebd502b
Page 1 of 2
Back12Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    9 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close