This Metasploit module exploits a buffer overflow in RealServer 7/8/9 and was based on Johnny Cyberpunk's THCrealbad exploit. This code should reliably exploit Linux, BSD, and Windows-based servers.
a791dcf6b910dbfe084dccfc98c7268472ca44ed28cf5a7e685b3074addfcfe7
Mandriva Linux Security Advisory 2009-289 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service vulnerabilities.
9babe556d8283b253ed966788d3377e9f40ffcfb77f3fdc39643b95c68956950
VMware Security Advisory - VMware hosted products and ESX patches resolve two security issues.
8a6dabf23ceea7040d69ab75fbd444328ec53f5a0c451789e2a8b710ca4322bc
VMWare Workstation Virtual 8086 Linux Local ring0 exploit.
8104afbfcccb8e58dfb2979ea634a0801853cd451040e803ba52fb9281ac036d
The Wowd Search Client version 1.3.0 suffers from cross site scripting vulnerabilities.
9807eed58c800fd1707b12be371d05dd395abd117fae53448210f94b3ae35398
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
11c29fabf08ae4daa09a057ae1fa390aba9f0849c7c159c81902263c3415d832
Aruba Networks Security Advisory - A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures. A malformed 802.11 association request frame causes a crash on the Access Point (AP) causing a temporary DoS condition for wireless clients. Prior successful security association with the wireless network is not required to cause this condition. The AP recovers automatically by restarting itself.
264b95b7689f6326fded006384a190b94d4d410ee035835d686d13a47aec04f7
Boloto Media Player version 1.0.0.9 local crash proof of concept exploit that creates a malicious .pls file.
6a901ac053ed7ae3865f920867a1003d0f4fc947a6b68e9f1e75e6868ce4b8e1
This Metasploit module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension.
436f0bc029967671da472d8ca912c40b8636846cfd3d8f81e3a0fd1d8a030e1f
This Metasploit module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique.
009c6a0959755d8609b7f6680a3f93f21f0a42a6559a05ef0c29a657384e5fbd
This Metasploit module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.
a9bae98e0bcab8691966ff788261cc6dfa84dda7135a36c18d0e75e0eb5ee9ef
This Metasploit module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module.
26c2c37df75303f2969c51dda36bcd7fb1d2c0584d3a1792600f47b04b5512d6
This Metasploit module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.
42ae033dbe425fc32ab38f3fc3b946e80a302b5e5f4cecc84aa56930c3a7467d
Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.
8ee97c6c137b092fb141c1b73dea46bcc91809906758777dbdcce9e2f67b0d2b
Opera web browser in versions 9.10 and below allows unrestricted script access to its configuration page, opera:config, allowing an attacker to change settings and potentially execute arbitrary code.
49e993c1845aba7518aa32a60d82abce0089da8a074bf31055de0b5ae0995d50
This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed.
caa5d6f2c25885cd4fffdb12407195b2e4d778c8692372a40b3bbd7e922eccbb
This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.
b867c0785b780e6498eb0c3b8d27c20f4cec51a630404edc8bd0c545b8e1e652
This Metasploit module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The effected Java versions are JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier (SDK and JRE 1.3.1 are not affected).
c3a3d070353114691fd1636dc19113fd8a51770f2e7febb5144445c81db0b5e4
This Metasploit module exploits a code execution vulnerability in the Mozilla Firefox browser. To reliably exploit this vulnerability, we need to fill almost a gigabyte of memory with our nop sled and payload. This module has been tested on OS X 10.3 with the stock Firefox 1.5.0 package.
68da1f78d3e93ac5d6c2f0d52c01784d5f629a3336fadd2e30ee6f133cbb252e
This Metasploit module exploits a memory corruption vulnerability in the Mozilla Firefox browser. This flaw occurs when a bug in the javascript interpreter fails to preserve the return value of the escape() function and results in uninitialized memory being used instead. This module has only been tested on Windows, but should work on other platforms as well with the current targets.
75461b3604d7de9a5061250da61718b0530a361f488c044deeac02eedaaaaf74
This Metasploit module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method (credit Ramon and Adriano), which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher than "2".
acbb395a5906b68e89713da5a3ab475ec88cd94e22beb4896d17409571772f54
This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.
c43f943216a1703933afd0ce0708c0542f099b2ad7ed5a159c445291d16c2bc5
This is an exploit for the Poptop negative read overflow. This will work against versions prior to 1.1.3-b3 and 1.1.3-20030409.
2ac91eabba3f6978d3496332fe3a3b556afc0dd62339633aa241ff0f48843290
This Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL versions 6.0 and below. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.
06f5a48bebc46ac67880ab01c20b9c8364bb1d058a880b53cb7c21ec66b5eedf
This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted attach request.
de6fac96fd0b6aa3c602b0926ac2f071a06c826a31b79903cd842f5737f7b63f