what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 294 RSS Feed

Files from juan vazquez

First Active2011-06-27
Last Active2022-01-12
Lexmark MarkVision Enterprise Arbitrary File Upload
Posted Jan 12, 2015
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-8741
SHA-256 | 1983d15e14382b842439b7a8129d4ce859b00fbd289876ecee0e865564af878c
MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
Posted Nov 14, 2014
Authored by Haifei Li, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. Please keep in mind that some other setups such as those using Office 2010 SP1 may be less stable, and may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

tags | exploit, arbitrary, code execution, python
systems | windows
advisories | CVE-2014-6352
SHA-256 | 98f844496d43dbf5a1ce7018422d72a76de82b8bafeead5008c67a30054879fd
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Posted Nov 13, 2014
Authored by Haifei Li, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-6352
SHA-256 | 22d50e4cf87dbb4ac9f6d51a9b1c21edb0ba7405f489b927842967eda685d577
Visual Mining NetCharts Server Remote Code Execution
Posted Nov 7, 2014
Authored by juan vazquez, sghctoma | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.

tags | exploit, web, arbitrary, vulnerability
advisories | CVE-2014-8516
SHA-256 | 8a3b765845b48b56bd638e90b38b71b9b937f492e8f972a8b7552ad9f1f4c4ec
Citrix NetScaler SOAP Handler Remote Code Execution
Posted Nov 6, 2014
Authored by juan vazquez, Bradley Austin | Site metasploit.com

This Metasploit module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config server can send a specially crafted response in order to trigger a memory corruption and overwrite data in the stack, to finally execute arbitrary code with the privileges of the web server running the SOAP handler. This Metasploit module has been tested successfully on the NetScaler Virtual Appliance 450010.

tags | exploit, web, arbitrary
SHA-256 | bbd94c2938c7acadc669fd040b87af734ca8b8359c12bfca9b43d24c4a997c1d
Windows TrackPopupMenu Win32k NULL Pointer Dereference
Posted Oct 28, 2014
Authored by Spencer McIntyre, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-4113
SHA-256 | 41b7d988b197d4b07886ef236a76dda4482ef1d09d5d87eb2dbc440af8850897
Centreon SQL / Command Injection
Posted Oct 23, 2014
Authored by juan vazquez, MaZ | Site metasploit.com

This Metasploit module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid session registered in the centreon.session table. In order to have a valid session, all it takes is a successful login from anybody. The exploit itself does not require any authentication. This Metasploit module has been tested successfully on Centreon Enterprise Server 2.2.

tags | exploit, arbitrary, php, vulnerability, sql injection
advisories | CVE-2014-3828, CVE-2014-3829
SHA-256 | 8809b442b4ed7e090f87d00c54c5b7bdd1ab5b1b01a8996dfc1c2404ff0bb501
HP Data Protector EXEC_INTEGUTIL Remote Code Execution
Posted Oct 21, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.

tags | exploit, arbitrary, perl, tcp
systems | linux, windows, centos
SHA-256 | 532410fb174f7f3d0672bb77c79174e37f6739ffde13774940b5b666f7c88240
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Posted Oct 18, 2014
Authored by sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-4114
SHA-256 | 204194de715b57d2c50a8f59365b64bfc7f2ab16e20add9ad3d4be4efaca222f
HP Network Node Manager I PMD Buffer Overflow
Posted Sep 30, 2014
Authored by juan vazquez, d(-_-)b | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.

tags | exploit, overflow
advisories | CVE-2014-2624
SHA-256 | ed8dcf6077fc962dee63928b9374f08f765d9613b6097985fa09b44f33f8d338
Apache mod_cgi Bash Environment Variable Code Injection
Posted Sep 26, 2014
Authored by juan vazquez, wvu, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | bddccc35d3cda611c86307a7ce0074fc7d74f100f9a6dea0b6e39a478138e054
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
Posted Sep 24, 2014
Authored by Aniway, juan vazquez, Mohsan Farid, Brent Morris, Preston Thornburg | Site metasploit.com

This Metasploit module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This Metasploit module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-0928
SHA-256 | 3e993a7e854efa86fb910cf5ae6005aed96bf8fef7a6b5ff28fe00ff12003031
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
Posted Sep 24, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2014-2364
SHA-256 | 2c87a396ae651d2548218234d6c075460d07bc9f8c985df84efe8276828e073e
SolarWinds Storage Manager Authentication Bypass
Posted Sep 12, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This Metasploit module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.

tags | exploit, remote, code execution, bypass, file upload
systems | linux, windows
SHA-256 | 8e0158bd6ed6894515f4b2ee12c6dea89374d232c9a98949f115bcf2c61c7927
VirtualBox 3D Acceleration Virtual Machine Escape
Posted Aug 14, 2014
Authored by Francisco Falcon, juan vazquez, Florian Ledoux | Site metasploit.com

This Metasploit module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This Metasploit module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.

tags | exploit, remote
systems | windows
advisories | CVE-2014-0983
SHA-256 | 86c260fb68e437881ab16b483c4e49b6bc21fe1b4a46b94f446e6d346cda9dda
Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
Posted Jul 7, 2014
Authored by juan vazquez, Julian Vilas | Site metasploit.com

This Metasploit module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the service BKFSim_vhfd.exe when using malicious user-controlled data to create logs using functions like vsprintf and memcpy in a insecure way. This Metasploit module has been tested successfully on Yokogawa Centum CS3000 R3.08.50 over Windows XP SP3.

tags | exploit, overflow
systems | windows
advisories | CVE-2014-3888
SHA-256 | db93fbf33e9788d81fe33dcce19468109935bbe2f51ee46720d0e3980569bb49
Oracle Event Processing FileUploadServlet Arbitrary File Upload
Posted Jul 6, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty Application Server without JSP support, which limits the attack to WbemExec. The current WbemExec technique only requires arbitrary write to the file system, but at the moment the module only supports Windows 2003 SP2 or older.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2014-2424
SHA-256 | 354b179956fa5730561cdacb3cb83ea87cbbaf8af2b2d69f7b545cc36d2d4223
HP AutoPass License Server File Upload
Posted Jun 27, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-6221
SHA-256 | dd2fd87c80023443848e47bf145fc594ce2617436c0759a85eb64c8248dbcdb7
MS14-009 .NET Deployment Service IE Sandbox Escape
Posted Jun 27, 2014
Authored by juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module abuses a process creation policy in the Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The problem exists in the .NET Deployment Service (dfsvc.exe), which can be run as Medium Integrity Level. Further interaction with the component allows to escape the Enhanced Protected Mode and execute arbitrary code with Medium Integrity.

tags | exploit, arbitrary
advisories | CVE-2014-0257
SHA-256 | 566f2c34ce894a344de48e60acdf38825db4478f6732a3bdd3039b0e32d1cda3
MS13-097 Registry Symlink IE Sandbox Escape
Posted Jun 27, 2014
Authored by juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module exploits a vulnerability in Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The vulnerability exists in the IESetProtectedModeRegKeyOnly function from the ieframe.dll component, which can be abused to force medium integrity IE to user influenced keys. By using registry symlinks it's possible force IE to add a policy entry in the registry and finally bypass Enhanced Protected Mode.

tags | exploit, registry
advisories | CVE-2013-5045
SHA-256 | c9f9dc448204fe8efbcb3d05352d9e8dff208d0ff120536098d4e6f8b8305895
Cogent DataHub Command Injection
Posted Jun 25, 2014
Authored by John Leitch, juan vazquez | Site metasploit.com

This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.

tags | exploit, arbitrary, asp
systems | windows
advisories | CVE-2014-3789
SHA-256 | ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3
AlienVault OSSIM av-centerd Command Injection
Posted Jun 19, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.

tags | exploit, web, perl, code execution
advisories | CVE-2014-3804
SHA-256 | f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8
Ericom AccessNow Server Buffer Overflow
Posted Jun 19, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Ericom AccessNow Server. The vulnerability is due to an insecure usage of vsprintf with user controlled data, which can be triggered with a malformed HTTP request. This Metasploit module has been tested successfully with Ericom AccessNow Server 2.4.0.2 on Windows XP SP3 and Windows 2003 Server SP2.

tags | exploit, web, overflow
systems | windows
advisories | CVE-2014-3913
SHA-256 | ebcadf3ecbef96b23f35bdc1801d697a19ccfe4ec12a013d2b6a82b0e6e572b2
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
Posted Jun 17, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module abuses several directory traversal flaws in Rocket Servergraph Admin Center for Tivoli Storage Manager. The issues exist in the fileRequestor servlet, allowing a remote attacker to write arbitrary files and execute commands with administrative privileges. This Metasploit module has been tested successfully on Rocket ServerGraph 1.2 over Windows 2008 R2 64 bits, Windows 7 SP1 32 bits and Ubuntu 12.04 64 bits.

tags | exploit, remote, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2014-3914
SHA-256 | 6e5d60b2a820df1fa23141aca83b453d17a395a8fac173dda8ddc42205721c6f
ElasticSearch Dynamic Script Arbitrary Java Execution
Posted May 30, 2014
Authored by juan vazquez, Alex Brasetvik, Bouke van der Bijl | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the REST API, which requires no authentication or authorization, where the search function allows dynamic scripts execution, and can be used for remote attackers to execute arbitrary Java code. This Metasploit module has been tested successfully on ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.

tags | exploit, java, remote, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2014-3120
SHA-256 | c25b90194192ece4e2507d09180295dea5fba7ac37136f5c31b76e2291ebeeb2
Page 2 of 12
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close