exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 51 RSS Feed

Files from patrick

First Active1999-08-17
Last Active2015-03-24
CA BrightStor ARCserve Message Engine Buffer Overflow
Posted Nov 26, 2009
Authored by patrick, MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2007-0169
SHA-256 | 38992c01beb75cb04dd805a9bcadb1dab7921b19db704a8f59418f9d845fc536
mIRC <= 6.34 PRIVMSG Handling Stack Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be necessary. This Metasploit module is based on the code by SkD.

tags | exploit, overflow
advisories | CVE-2008-4449
SHA-256 | 30d07ff1b1f16f654610067329e7a88dbd7d7e9e8ba0fc52c40272152afc1314
Microsoft IIS Phone Book Service Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This Metasploit module has only been tested against Windows 2000 SP1.

tags | exploit
systems | windows
advisories | CVE-2000-1089
SHA-256 | 0e561c8f11c38a6ebd0de7aa176eab37b866399106f3bb7dd08428cdcb0ccc69
Netcat v1.10 NT Stack Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in Netcat v1.10 NT. By sending an overly long string we are able to overwrite SEH. The vulnerability exists when netcat is used to bind (-e) an executable to a port in doexec.c. This Metasploit module tested successfully using "c:\\>nc -L -p 31337 -e ftp".

tags | exploit, overflow
advisories | CVE-2004-1317
SHA-256 | 86cb3709aec7d4ad9e7245bc4d2f9a70dc54e270dbc1a38e9c690f7cf760dcb8
KarjaSoft Sami FTP Server v2.02 USER Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the KarjaSoft Sami FTP Server version 2.02 by sending an excessively long USER string. The stack is overwritten when the administrator attempts to view the FTP logs. Therefore, this exploit is passive and requires end-user interaction. Keep this in mind when selecting payloads. When the server is restarted, it will re-execute the exploit until the logfile is manually deleted via the file system.

tags | exploit
advisories | CVE-2006-0441, CVE-2006-2212
SHA-256 | 6cb784d4845ea1b6c196d1d46a851dc0d49ed8612c10d4a74bad8cb59def8b7e
Sasser Worm avserve FTP PORT Buffer Overflow
Posted Nov 26, 2009
Authored by patrick, Val Smith, chamuco | Site metasploit.com

This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.

tags | exploit, worm
SHA-256 | 5d5c22dfbd84d41c7c21a45e5676f648dbcc83cd3302d47b1a95c27ace3b87f0
Savant 3.1 Web Server Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in Savant 3.1 Web Server. The service supports a maximum of 10 threads (for a default install). Each exploit attempt generally causes a thread to die whether successful or not. Therefore you only have 10 chances (unless non-default).

tags | exploit, web, overflow
advisories | CVE-2002-1120
SHA-256 | 1f461383f78f47fe2f00e5abe2ca66139e2cfbaf4d140c81fe32ed074fb9b33b
CA BrightStor ARCserve Tape Engine Buffer Overflow
Posted Nov 26, 2009
Authored by patrick, MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2006-6076
SHA-256 | b82183fa2a09d3a5482cc306c364322d40242df99e1e3992dcd5cd3e945a082c
TFTPDWIN v0.4.2 Long Filename Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the ProSysInfo TFTPDWIN threaded TFTP Server. By sending an overly long file name to the tftpd.exe server, the stack can be overwritten.

tags | exploit
advisories | CVE-2006-4948
SHA-256 | da334dbdd70713ab5aff350fda0560b9757917bcc711695a97c00417a5ad86e4
Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in the vcst_eu.dll FileTransfer Module (1.0.0.5) ActiveX control in the Tumbleweed SecureTransport suite. By sending an overly long string to the TransferFile() 'remotefile' function, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2008-1724
SHA-256 | 9e9817e9723fe74518b0f6dd9cbdba9836698f2c7c791efd01d8aeeaa3909001
URSoft W32Dasm Disassembler Function Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a buffer overflow in W32Dasm <= v8.93. By creating a malicious file and convincing a user to disassemble the file with a vulnerable version of W32Dasm, the Imports/Exports function is copied to the stack and arbitrary code may be executed locally as the user.

tags | exploit, overflow, arbitrary
advisories | CVE-2005-0308
SHA-256 | b1a5819d5300021fafb0d2cd7439585a01f7a8de4f04712d0dcb699656fba131
WinVNC Web Server <= v3.3.3r7 GET Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a buffer overflow in the AT&T WinVNC version <= v3.3.3r7 web server. When debugging mode with logging is enabled (non-default), an overly long GET request can overwrite the stack. This exploit does not work well with VNC payloads!

tags | exploit, web, overflow
advisories | CVE-2001-0168
SHA-256 | e60e2463612241b5d250ec99282d27dcc0164a4adda748d12edd57defd01c5fc
Xitami 2.5c2 Web Server If-Modified-Since Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.

tags | exploit, web, overflow
advisories | CVE-2007-5067
SHA-256 | 8670dc144729b546f2f7c3e942e7920a361bac99f06359655848174beb3c468d
Zinf Audio Player 2.2.1 (PLS File) Stack Overflow.
Posted Nov 26, 2009
Authored by patrick, Trancek | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Zinf Audio Player 2.2.1. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extension is registered to Zinf. This functionality has not been tested in this module.

tags | exploit, overflow
advisories | CVE-2004-0964
SHA-256 | ce73f204a7c39ce17aa59a98ab75c05c4e5a425c620c828d042446194e557785
Matt Wright guestbook.pl Arbitrary Command Execution
Posted Oct 30, 2009
Authored by patrick | Site metasploit.com

The Matt Wright guestbook.pl versions 2.3.1 and below CGI script contains a flaw that may allow arbitrary command execution. The vulnerability requires that HTML posting is enabled in the guestbook.pl script, and that the web server must have the Server-Side Include (SSI) script handler enabled for the '.html' file type. By combining the script weakness with non-default server configuration, it is possible to exploit this vulnerability successfully.

tags | exploit, web, arbitrary, cgi
advisories | CVE-1999-1053
SHA-256 | 26b2a5cfa6b66f8d6bb54e4789d46d124f024ac705b068c7f1634ce064aeee9b
AWStats migrate Remote Command Execution
Posted Oct 30, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWstats configuration file (non-default).

tags | exploit, arbitrary, cgi, perl
advisories | CVE-2006-2237
SHA-256 | eacfafaff42c9aa135b638a8e9838be33a68a7ed46514068c7b106f69fe2ac10
ClamAV Milter Blackhole-Mode Remote Code Execution
Posted Oct 28, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to 0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.

tags | exploit
advisories | CVE-2007-4560
SHA-256 | 043b522739cdc7453582b55c2d84f10b6d62ae02178d5c618b7212a148347eb0
SpamAssassin spamd Remote Command Execution
Posted Oct 28, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a flaw in the SpamAssassin spamd service by specifying a malicious vpopmail User header, when running with vpopmail and paranoid modes enabled (non-default). Versions prior to 3.1.3 are vulnerable.

tags | exploit
advisories | CVE-2006-2447
SHA-256 | eab32845da0d59fc9f4ab3c4fe32f5ea16cbdf7d908c0e6e672c02b104b4425c
ContentKeeper Web Remote Command Execution
Posted Oct 28, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the ContentKeeper Web Appliance. Versions prior to 125.10 are affected. This module exploits a combination of weaknesses to enable remote command execution as the Apache user. Following exploitation it is possible to abuse an insecure PATH call to 'ps' etc in setuid 'benetool' to escalate to root.

tags | exploit, remote, web, root
SHA-256 | 629ee439ef17eb790dc0b4ecfd87cba6375f929234dd537ad09b296c1e24dcec
NTPd Buffer Overflow
Posted Oct 27, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique.

tags | exploit, overflow
advisories | CVE-2001-0414
SHA-256 | 009c6a0959755d8609b7f6680a3f93f21f0a42a6559a05ef0c29a657384e5fbd
VERITAS NetBackup Remote Command Execution
Posted Oct 27, 2009
Authored by patrick | Site metasploit.com

This Metasploit module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.

tags | exploit, arbitrary, root
advisories | CVE-2004-1389
SHA-256 | a9bae98e0bcab8691966ff788261cc6dfa84dda7135a36c18d0e75e0eb5ee9ef
HP OpenView OmniBack II Command Execution
Posted Oct 27, 2009
Authored by H D Moore, patrick | Site metasploit.com

This Metasploit module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module.

tags | exploit, arbitrary
advisories | CVE-2001-0311
SHA-256 | 26c2c37df75303f2969c51dda36bcd7fb1d2c0584d3a1792600f47b04b5512d6
GLD (Greylisting Daemon) Postfix Buffer Overflow
Posted Oct 27, 2009
Authored by patrick

This Metasploit module exploits a stack overflow in the Salim Gasmi GLD versions 1.4 and below greylisting daemon for Postfix. By sending an overly long string the stack can be overwritten.

tags | exploit, overflow
advisories | CVE-2005-1099
SHA-256 | ea6d90f755fe4ab12b60f16218193025e81969e9398ec2a4ad48e9c30e700753
UoW IMAP Server LSUB Buffer Overflow
Posted Oct 27, 2009
Authored by patrick

This Metasploit module exploits a buffer overflow in the 'LSUB' command of the University of Washington IMAP service. This vulnerability can only be exploited with a valid username and password.

tags | exploit, overflow, imap
advisories | CVE-2000-0284
SHA-256 | ed074262b944617dd05f31cfbad7fdb4bc44dbc72e181c6afa6bc59ed9e6d14a
Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution
Posted Oct 27, 2009
Authored by patrick

This Metasploit module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary commands by specifying shell metacharacters as the 'user' within the 'ping' action to obtain 'httpd' user access. This module only supports command line payloads, as the httpd process kills the reverse/bind shell spawn after the HTTP 200 OK response.

tags | exploit, web, arbitrary, shell
advisories | CVE-2007-3010
SHA-256 | 5f729c464589be1bd553b1af7b924cba42e213fffa0fc22238f2714175028981
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close