Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
902c4d348e0eb89f02c1aff016e36bb2f309e424dad941285a19cf704212a739This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
ff98b933de5295139e90a1985be85c50e19987cebb121f5874c995e6d229d3eeThis Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.
e1b54786a4e2d61486487555756f54e0b3b67f845210590ec4291fbcedf138f3This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
9cec135d4cf28788b201ff76bbf8e4da5b3898cae8eca25fb07c606afc723f80This Metasploit module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.
dfd1d434ab7742db844f4361a73baede359a856715df5794ad3d96c86362e269AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click will result in connecting to our malicious server and perform arbitrary code execution which allows the attacker to gain the same rights as the user running ScriptFTP.
83a230051d7cd6708a4d86afbe83ebbe437a5ab42fac5587f0c6034133b2f3f5eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239Cogent Datahub versions 7.1.1.63 and below remote unicode buffer overflow exploit.
b1a1fdfc109ba113353c2d3449719feaaa4bf7570bf06bc28a5f1ddb73a33455This Metasploit module exploits a stack buffer overflow in Azeotech's DaqFactory product. The specific vulnerability is triggered when sending a specially crafted 'NETB' request to port 20034. Exploitation of this vulnerability may take a few seconds due to the use of egghunter. This vulnerability was one of the 14 releases discovered by researcher Luigi Auriemma.
f768d01949d1c55ca3bfc13b8651ff570985496cb1e98d04e3b557ddfbf40e5eThis Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.
802baf0283f3035901e556177c67bc14ff8b62fa5e4ccd9e691b0fd5740792beThis Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.
e57c5d7bb2afa78df530127adc494c09c01ecf0da39129aaa47ac10c126368d3This Metasploit module exploits a vulnerability in the coreservice.exe component of Proycon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a small buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record on the stack, allowing for unauthenticated remote code execution. Also, after the payload exits, Coreservice.exe should automatically recover.
6b02358e406abc5384ec6cc6943c4b62bf2bebc540cf1b912151572b9b5615e2ScadaTEC ModbusTagServer and ScadaPhone .zip buffer overflow exploit.
cbbeba00551a7acf00290f33c40296471b59c8afa1c855d3463416b5e09e01f3Mozilla Firefox version 3.6.16 mChannel Object use-after-free exploit for Windows 7.
1e44b9126b0d7869d8928eb0f6c65977f1d59a9eb27da3b8a266464e729e227dThis Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
9ac4cb3d8e02245f69a92b4f78d9802c882058e8f202f2a60824a2aa9d040b60TeeChart Professional suffers from an integer overflow vulnerability.
11a5c0e59ad7bf75e294c9be9be2fc042be47fd83700edf3a665816921877a4aThis Metasploit module exploits a stack-based buffer overflow in Actfax FTP Server versions 4.27 and earlier. Actfax fails to check input size when parsing 'USER' command. This vulnerability results in arbitrary code execution. This Metasploit module has been designed to bypass DEP under Windows Server 2003 SP2/R2.
4130d9d9091328eaf7da7f5eb01c8fa922c77d44b6eab4ba976a6220a96c83afA vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecbThis Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
c654011b0b3147d7a6b19b80df3e17b7fd597bafa54d127293006bedf2615b9dThis Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
865b5dfcca02d2a6aa7a695fab5ecd9bed1fd762899a653cfbd3f158ed37c831Black Ice Fax Voice SDK version 12.6 remote code execution exploit.
b74e8d9fa16afc7c5be868647ea87134dbc15594a5e17358904cc7728f7d2012This Metasploit module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text', 'Image'), but if a match isn't found, the function that's supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. This Metasploit module was built to bypass ASLR and DEP. NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a victim user to 'double click' the malicious VWR file and execute code.
3771df4f4d30f18e8cb453cb8d601bc178761d31e4917dee0ed0a0b741354001This Metasploit module exploits a stack buffer overflow in version 2 of the Kolibri HTTP server.
5149ddbaf7b1d3d9357540ac0e57dbcd18547c2741a0e179a370629a91a6669bLinux NTP query client version 4.2.6p1 suffers from a heap overflow vulnerability.
e94b04905dfb456cbe05f623dfb3db397887c73011b11cdd9f155c4178156f9fMaian Weblog versions 4.0 and below remote blind SQL injection exploit.
73ba1a574a86ea1ad9e8cbff7e75e94df2524208fd8ea29df94e9f2fc5b16c1f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed