exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files from Brian Gorenc

First Active2012-06-30
Last Active2014-01-21
HP Data Protector Backup Client Service Directory Traversal
Posted Jan 21, 2014
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists at the Backup Client Service (OmniInet.exe) when parsing packets with opcode 42. This Metasploit module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2013-6194
SHA-256 | e7a3d21e3865ca5079635e091b85f2ee54310e84b996a25d7bb03ee3a94397c1
ABB MicroSCADA wserver.exe Remote Code Execution
Posted Nov 30, 2013
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The issue is due to the handling of unauthenticated EXECUTE operations on the wserver.exe component, which allows arbitrary commands. The component is disabled by default, but required when a project uses the SCIL function WORKSTATION_CALL. This Metasploit module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, remote, overflow, arbitrary
systems | windows
SHA-256 | 0bdf9a94501d5619a20ed028d746c3734042d2dd9d819b70fa7fbb4ef414fa5d
HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution
Posted Sep 4, 2013
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.

tags | exploit, arbitrary, activex
systems | windows
advisories | CVE-2013-4798, OSVDB-95642
SHA-256 | 4190aaee2f0f7797aa2729616b04019ec0f364bcd4a09603637a82a20624f5f6
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
Posted Aug 7, 2012
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).

tags | exploit, java, web, overflow, code execution, activex
advisories | CVE-2012-0549, OSVDB-81439
SHA-256 | d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution
Posted Jun 30, 2012
Authored by HP DVLabs, Brian Gorenc | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle AutoVue. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AutoVueX.ocx ActiveX object. There exists a method SetMarkupMode() that takes an unbounded string as an argument and copies it to a fixed-length buffer on the stack. This can lead to memory corruption which can be leveraged to execute code under the context of the process.

tags | advisory, remote, arbitrary, activex
SHA-256 | d0b8d50ce085b0435944a0735fd5ffce0d7e03f8b5c5b4f151b32a911007ff7a
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close