what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files from TecR0c

First Active2010-02-08
Last Active2012-02-29
IBM Personal Communications I-Series Buffer Overflow
Posted Feb 29, 2012
Authored by TecR0c | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in IBM Personal Communications I-Series. The issue affects file parsing in which data copied to a location in memory exceeds the size of the reserved destination area. The buffer is located on the runtime program stack. Versions tested: IBM System i Access for Windows V6R1M0 version 06.01.0001.0000a which bundles pcsws.exe version 5090.27271.709.

tags | exploit, overflow
systems | windows
advisories | CVE-2012-0201
SHA-256 | 466e2459c3b7c7835607910609c5997d620ec132852f11a98e5e4ee4f42e0214
Plone and Zope Remote CMD Injection Exploit
Posted Dec 28, 2011
Authored by TecR0c, Nick Miles, Plone Security team | Site metasploit.com

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

tags | exploit, remote, arbitrary, python
advisories | CVE-2011-3587
SHA-256 | d488e05390fc02274354b9eb2deb35cb28a9702082aeccf1b3d64435758ea353
PmWiki 2.2.34 Remote PHP Code Injection Exploit
Posted Dec 23, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.

tags | exploit, arbitrary, php
advisories | CVE-2011-4453, OSVDB-77261
SHA-256 | 2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3
CoDeSys SCADA 2.3 Webserver Stack Buffer Overflow
Posted Dec 13, 2011
Authored by sinn3r, TecR0c, Celil Unuver | Site metasploit.com

This Metasploit module exploits a remote stack buffer overflow vulnerability in 3S-Smart Software Solutions product CoDeSys Scada Web Server Version 1.1.9.9.

tags | exploit, remote, web, overflow
SHA-256 | 9380ae1d770450dec8ad28bbf0b92b9e420e8cda38119169c69b13c41f6b845a
Traq 2.3 Authentication Bypass / Remote Code Execution
Posted Dec 13, 2011
Authored by EgiX, TecR0c | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.

tags | exploit, arbitrary, php
SHA-256 | dffc7356e911b26d771f5011bfe215352e628f842cedc4e8945c25cf29569ed8
Viscom Software Movie Player Pro SDK Activex 6.8 Buffer Overflow
Posted Nov 20, 2011
Authored by shinnai, mr_me, TecR0c | Site metasploit.com

Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.

tags | exploit, java, remote, overflow, arbitrary, activex
advisories | CVE-2010-0356, OSVDB-61634
SHA-256 | 902c4d348e0eb89f02c1aff016e36bb2f309e424dad941285a19cf704212a739
Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
Posted Nov 17, 2011
Authored by Dr_IDE, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.

tags | exploit, java, overflow, code execution
SHA-256 | ff98b933de5295139e90a1985be85c50e19987cebb121f5874c995e6d229d3ee
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection
Posted Oct 25, 2011
Authored by EgiX, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.

tags | exploit, php
SHA-256 | e1b54786a4e2d61486487555756f54e0b3b67f845210590ec4291fbcedf138f3
Real Networks Netzip Classic 7.5.1 86 Buffer Overflow
Posted Oct 17, 2011
Authored by TecR0c, C4SS!0 G0M3S | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, overflow, arbitrary
SHA-256 | 7c9d830274420e19564984899e0366cab20392b76e994a6b0e384e9de02b5a0a
PcVue 10.0 Function Pointer Overwrite
Posted Oct 14, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.

tags | exploit, arbitrary
SHA-256 | 9cec135d4cf28788b201ff76bbf8e4da5b3898cae8eca25fb07c606afc723f80
TugZip 3.5 Zip File Parsing Buffer Overflow
Posted Oct 12, 2011
Authored by mr_me, Lincoln, TecR0c, Stefan Marin | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-4779, OSVDB-49371
SHA-256 | dfd1d434ab7742db844f4361a73baede359a856715df5794ad3d96c86362e269
ScriptFTP 3.3 Remote Buffer Overflow
Posted Oct 10, 2011
Authored by mr_me, TecR0c | Site metasploit.com

AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click will result in connecting to our malicious server and perform arbitrary code execution which allows the attacker to gain the same rights as the user running ScriptFTP.

tags | exploit, remote, overflow, arbitrary, code execution
advisories | CVE-2011-3976, OSVDB-75633
SHA-256 | 83a230051d7cd6708a4d86afbe83ebbe437a5ab42fac5587f0c6034133b2f3f5
eSignal / eSignal Pro 10.6.2425.1208 Buffer Overflow
Posted Sep 29, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.

tags | exploit, overflow
advisories | CVE-2011-3494, OSVDB-75456
SHA-256 | 45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239
Measuresoft ScadaPro 4.0.0 Remote Command Execution
Posted Sep 17, 2011
Authored by Luigi Auriemma, mr_me, TecR0c | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.

tags | exploit, remote, arbitrary, code execution
SHA-256 | 802baf0283f3035901e556177c67bc14ff8b62fa5e4ccd9e691b0fd5740792be
Joomla 1.5 VirtueMart 1.1.7 Blind SQL Injection
Posted Jul 29, 2011
Authored by mr_me, TecR0c | Site metasploit.com

A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.

tags | exploit, sql injection
SHA-256 | 77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecb
If-CMS 2.07 Local File Inclusion
Posted Jun 21, 2011
Authored by TecR0c

If-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.

tags | exploit, local, file inclusion
SHA-256 | 54e0d5a2b5475f09684e3d5e161e928ef2258de0b02c152c7f1fffea225f343d
VLC Media Player XSPF Local File Integer Overflow
Posted Jun 9, 2011
Authored by TecR0c

VLC Media Player suffers from an XSPF local file integer overflow in the XSPF playlist parser. Versions 1.1.9 down to 0.8.5 are affected.

tags | exploit, overflow, local
SHA-256 | 327fb012113f085e2d29934a59a41059f4a43c75746929006f19c0dcd0cdb1b8
VisiWave VWR File Parsing Buffer Overflow
Posted May 25, 2011
Authored by mr_me, TecR0c | Site metasploit.com

This Metasploit module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text', 'Image'), but if a match isn't found, the function that's supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. This Metasploit module was built to bypass ASLR and DEP. NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a victim user to 'double click' the malicious VWR file and execute code.

tags | exploit, arbitrary, code execution
advisories | OSVDB-72464
SHA-256 | 3771df4f4d30f18e8cb453cb8d601bc178761d31e4917dee0ed0a0b741354001
iCMS 1.1 SQL Injection / Bruteforcer
Posted Mar 18, 2011
Authored by TecR0c

iCMS version 1.1 administrative SQL injection / bruteforcing exploit.

tags | exploit, sql injection
SHA-256 | 664ef55883072a27146eead51eef8b3372cff6806f2389b33281b2bef7dc7b7b
If-CMS 2.07 Local File Inclusion
Posted Mar 16, 2011
Authored by TecR0c

If-CMS version 2.07 pre-authentication local file inclusion exploit.

tags | exploit, local, file inclusion
SHA-256 | effbd0aca372596920d6df8b67edc7f332a4e12d63e420f2f049f6be68e1c9a5
N'CMS 1.1E Pre-Auth Local File Inclusion Code Execution
Posted Mar 11, 2011
Authored by TecR0c

N'CMS version 1.1e pre-authentication local file inclusion remote code execution exploit.

tags | exploit, remote, local, code execution, file inclusion
SHA-256 | 85f321d6979321a817b65af7ce2caf7b767d603efd57204140b22cb3876fc47d
Vtiger CRM 5.0.4 Local File Inclusion
Posted Mar 6, 2011
Authored by TecR0c

Vtiger CRM version 5.0.4 pre-authentication local file inclusion exploit.

tags | exploit, local, file inclusion
advisories | CVE-2009-3249
SHA-256 | 068b740a9aa359d25a9e002faa5fdf223de8b36ef0f7818b288c7f28177a52e4
FieldNotes 32 5.0 SEH Overwrite
Posted Jun 26, 2010
Authored by TecR0c | Site corelan.be

FieldNotes 32 version 5.0 SEH overwrite local exploit that produces a malicious .dxf file.

tags | exploit, overflow, local
SHA-256 | f75c21baa55aab7b4a56e64265927e5c83a13dfe8d7b75f74e3384b105fabf2d
Winamp 5.572 EIP / SEH DEP Bypass Buffer Overflow
Posted Jun 19, 2010
Authored by TecR0c | Site corelan.be

Winamp 5.572 local buffer overflow EIP and SEH DEP bypass exploit.

tags | exploit, overflow, local, bypass
SHA-256 | fb782d54f780e79c14f53a9397d02e994ff5fa0e7fa8279c9d55629976d69269
ZipExplorer 7.0 Denial Of Service
Posted Jun 2, 2010
Authored by TecR0c | Site corelan.be

ZipExplorer version 7.0 denial of service exploit that creates a malicious .rar file.

tags | exploit, denial of service
SHA-256 | 1f3600ca656cca15e957a5a74968bd9eb2758ebecd6f2b6818ffd55ef2774749
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close