Files from Patrick Webster

Personal Background

Paessler PRTG Traffic Grapher 6.2.1.945 Cross Site Scripting

Posted Jun 9, 2010

Authored by Patrick Webster

Paessler PRTG Traffic Grapher version 6.2.1.945 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 9928e64f93990e4430c1392f78428745b7beef46d2ffe1131f889e1ac13a103d

Download | Favorite | View

IgnitionSuite Web CMS Unauthenticated Unsubscription

Posted Jun 8, 2010

Authored by Patrick Webster

IgnitionSuite Web CMS version 3.0 suffers an unauthenticated unsubscription vulnerability.

tags | exploit, web, bypass

SHA-256 | 15b54c101ce1ddf265e130b5db810ef62dd06464fa8dd0c934fada5ceb3f7051

Download | Favorite | View

phpBB viewtopic.php Arbitrary Code Execution

Posted Dec 31, 2009

Authored by H D Moore, Val Smith, Patrick Webster | Site metasploit.com

This Metasploit module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace().

tags | exploit, arbitrary, php, code execution

advisories | CVE-2005-2086, CVE-2004-1315

SHA-256 | 3a2382adc10594ee42ff1bd0b49855a630ee0af65a53e90bd2f33b29bcbe9542

Download | Favorite | View

BolinTech Dream FTP Server 1.02 Format String

Posted Nov 27, 2009

Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits a format string overflow in the BolinTech Dream FTP Server version 1.02. Based on the exploit by SkyLined.

tags | exploit, overflow

advisories | CVE-2004-2074

SHA-256 | 63c84ac9c90cdd1cd404d2b1f022ad37deeeee6983215b7f45cdb61d9ec25e5d

Download | Favorite | View

GAMSoft TelSrv 1.5 Username Buffer Overflow

Posted Nov 26, 2009

Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits a username sprintf stack overflow in GAMSoft TelSrv 1.5. Other versions may also be affected. The service terminates after exploitation, so you only get one chance!

tags | exploit, overflow

advisories | CVE-2000-0665

SHA-256 | bfbc833e65270019d840fbfcd6e70dac6677788a965836dafaaafb7b81a9b917

Download | Favorite | View

Allied Telesyn TFTP Server 1.9 Long Filename Overflow

Posted Nov 26, 2009

Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits a stack overflow in AT-TFTP v1.9, by sending a request (get/write) for an overly long file name.

tags | exploit, overflow

advisories | CVE-2006-6184

SHA-256 | c485cdfe9f1d2432b1537fb84ec5ea7062f793592929aba3668b651348caba32

Download | Favorite | View

CCProxy <= v6.2 Telnet Proxy Ping Overflow

Posted Nov 26, 2009

Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits the YoungZSoft CCProxy <= v6.2 suite Telnet service. The stack is overwritten when sending an overly long address to the 'ping' command.

tags | exploit

advisories | CVE-2004-2416

SHA-256 | 7455e352f49dbbe4d2b5d04873599a32a9fb5fd9d939ae9a66d3af527947f5c9

Download | Favorite | View

LeapWare LeapFTP v2.7.3.600 PASV Reply Client Overflow

Posted Nov 26, 2009

Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits a buffer overflow in the LeapWare LeapFTP v2.7.3.600 client that is triggered through an excessively long PASV reply command. This Metasploit module was ported from the original exploit by drG4njubas with minor improvements.

tags | exploit, overflow

advisories | CVE-2003-0558

SHA-256 | 5e8788d89e903af1ee598af2630dba9de9b353c7d92cd67665efa427f0b0368d

Download | Favorite | View

TABS MailCarrier v2.51 SMTP EHLO Overflow

Posted Nov 26, 2009

Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits the MailCarrier v2.51 suite SMTP service. The stack is overwritten when sending an overly long EHLO command.

tags | exploit

advisories | CVE-2004-1638

SHA-256 | 9def8c6bc7afd6b37a54cfbd536ef1dbea1bda259a7ed818e65302d2b275cfe8

Download | Favorite | View

PSO Proxy v0.91 Stack Overflow

Posted Nov 26, 2009

Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits a buffer overflow in the PSO Proxy v0.91 web server. If a client sends an excessively long string the stack is overwritten.

tags | exploit, web, overflow

advisories | CVE-2004-0313

SHA-256 | 14b9822c74da49cf7af56a475e42ce92e396aa6bc52ab6df3008ec29fb1e9489

Download | Favorite | View

SonicWALL Format String Vulnerability

Posted May 30, 2009

Authored by Patrick Webster | Site aushack.com

The SonicWALL SSL-VPN suffers from a format string vulnerability.

tags | exploit

SHA-256 | d61874b0bac8b2bad842cad6c3610da76702cb7908add80b69b4de89d2f5e1b8

Download | Favorite | View

ContentKeeper Command Execution

Posted Apr 2, 2009

Authored by Patrick Webster | Site aushack.com

ContentKeeper versions 125.09 and below suffer from remote command execution and privilege escalation vulnerabilities.

tags | advisory, remote, vulnerability

SHA-256 | 7b0e6a68dec445f1b9b8ea919e24acdff1c5f7fa8262df16f7e2bff2161cb2c6

Download | Favorite | View

ConnX SQL Injection

Posted Apr 2, 2009

Authored by Patrick Webster | Site aushack.com

ConnX version 4.0.20080606 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | a6fbf4350f943105c85f2528b5b3bb0e393500377b3bdb74b5113fc48e753300

Download | Favorite | View

200806-msiexec.txt

Posted Jun 3, 2008

Authored by Patrick Webster | Site aushack.com

Microsoft's Windows Installer (msiexec.exe) suffers from a stack overflow vulnerability in versions 4.5.6001.22159 and 3.1.4000.1823.

tags | advisory, overflow

systems | windows

SHA-256 | 7fb9685e586619f79ce94dc12fde63c4d3015dff0841b6555bf5e7d120a7bcfb

Download | Favorite | View

tumbleweed-overflow.txt

Posted Apr 8, 2008

Authored by Patrick Webster | Site aushack.com

Tumbleweed SecureTransport FileTransfer ActiveX related buffer overflow exploit. Exploit code included that will launch calc.exe.

tags | exploit, overflow, activex

SHA-256 | b45dafaa856f8da5afe711457f7de4e2840e56072228b9aee96b16e3cf02f9b1

Download | Favorite | View

ccproxy-meta.txt

Posted Sep 5, 2007

Authored by Patrick Webster

This Metasploit module exploits the YoungZSoft CCProxy suite versions 6.2 and below Telnet service. The stack is overwritten when sending an overly long address to the 'ping' command.

tags | exploit

advisories | CVE-2004-2416

SHA-256 | 52024f7370a1424ff76db38bd57f234310a16730342fb87c67eea957054c84f9

Download | Favorite | View

glue-lfi.txt

Posted Apr 12, 2007

Authored by Patrick Webster

The webMethods Glue Management Console versions 6.5.1 and below suffers from local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion

SHA-256 | 857892240222bf87fe3f46f6bd16518e820656f3c7db0c05c0ec4d7dc5d2691f

Download | Favorite | View

gmini-4.4.102.M.36.txt

Posted Oct 2, 2006

Authored by Patrick Webster | Site aushack.com

The Google Mini appliance 4.4.102.M.36 and below suffers from an information disclosure vulnerability.

tags | advisory, info disclosure

SHA-256 | f4f6c11bf54f8d829a99af3d79cb2f36eb0984d1145da99cfa6975774016da6b

Download | Favorite | View

MySourceMatrix3.8.txt

Posted Oct 2, 2006

Authored by Patrick Webster | Site aushack.com

MySource Matrix versions 3.8 and below and MySource 2.x may be used as an unauthorized HTTP proxy.

tags | advisory, web

SHA-256 | 9e44da0c3056acc315f38f8bf87e5f99cd7b2cc75d4f87e766cb0933ad2bbf9e

Download | Favorite | View

ContentKeeper-123.25.txt

Posted Oct 2, 2006

Authored by Patrick Webster | Site aushack.com

ContentKeeper 123.25 and below suffers from a design flaw in the user administration interface which reveals account passwords inside the HTML source code. Any authenticated user with appropriate access to the user administration page may use this information to compromise the accounts on other systems.

tags | advisory

SHA-256 | 7fadf9fa09f5f30be956b15ebca46178ed641e6a8ee2f3737f361a88553df408

Download | Favorite | View