what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 68 RSS Feed

Files Date: 2009-10-27

RealServer Describe Buffer Overflow
Posted Oct 27, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a buffer overflow in RealServer 7/8/9 and was based on Johnny Cyberpunk's THCrealbad exploit. This code should reliably exploit Linux, BSD, and Windows-based servers.

tags | exploit, overflow
systems | linux, windows, bsd
SHA-256 | a791dcf6b910dbfe084dccfc98c7268472ca44ed28cf5a7e685b3074addfcfe7
Mandriva Linux Security Advisory 2009-289
Posted Oct 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-289 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2908, CVE-2009-3290
SHA-256 | 9babe556d8283b253ed966788d3377e9f40ffcfb77f3fdc39643b95c68956950
VMware Security Advisory 2009-0015
Posted Oct 27, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware hosted products and ESX patches resolve two security issues.

tags | advisory
advisories | CVE-2009-2267, CVE-2009-3733
SHA-256 | 8a6dabf23ceea7040d69ab75fbd444328ec53f5a0c451789e2a8b710ca4322bc
VMWare Workstation Virtual 8086 Linux Local ring0
Posted Oct 27, 2009
Authored by Tavis Ormandy, Julien Tinnes

VMWare Workstation Virtual 8086 Linux Local ring0 exploit.

tags | exploit, local
systems | linux
advisories | CVE-2009-2267
SHA-256 | 8104afbfcccb8e58dfb2979ea634a0801853cd451040e803ba52fb9281ac036d
Wowd Search Client XSS
Posted Oct 27, 2009
Authored by Lostmon | Site lostmon.blogspot.com

The Wowd Search Client version 1.3.0 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9807eed58c800fd1707b12be371d05dd395abd117fae53448210f94b3ae35398
Mandos Encrypted File System Unattended Reboot Utility 1.0.14
Posted Oct 27, 2009
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This release enables building without -pie and -fPIE if BROKEN_PIE is set.
tags | remote, root
systems | linux
SHA-256 | 11c29fabf08ae4daa09a057ae1fa390aba9f0849c7c159c81902263c3415d832
Aruba Networks Security Advisory - 102609
Posted Oct 27, 2009
Site arubanetworks.com

Aruba Networks Security Advisory - A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures. A malformed 802.11 association request frame causes a crash on the Access Point (AP) causing a temporary DoS condition for wireless clients. Prior successful security association with the wireless network is not required to cause this condition. The AP recovers automatically by restarting itself.

tags | advisory, denial of service
SHA-256 | 264b95b7689f6326fded006384a190b94d4d410ee035835d686d13a47aec04f7
Boloto Media Player 1.0.0.9 Crash
Posted Oct 27, 2009
Authored by Dr_IDE

Boloto Media Player version 1.0.0.9 local crash proof of concept exploit that creates a malicious .pls file.

tags | exploit, denial of service, local, proof of concept
SHA-256 | 6a901ac053ed7ae3865f920867a1003d0f4fc947a6b68e9f1e75e6868ce4b8e1
PHP 4 unserialize() ZVAL Reference Counter Overflow
Posted Oct 27, 2009
Authored by H D Moore, Stefan Esser, GML | Site metasploit.com

This Metasploit module exploits an integer overflow vulnerability in the unserialize() function of the PHP web server extension.

tags | exploit, web, overflow, php
advisories | CVE-2007-1286
SHA-256 | 436f0bc029967671da472d8ca912c40b8636846cfd3d8f81e3a0fd1d8a030e1f
NTPd Buffer Overflow
Posted Oct 27, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique.

tags | exploit, overflow
advisories | CVE-2001-0414
SHA-256 | 009c6a0959755d8609b7f6680a3f93f21f0a42a6559a05ef0c29a657384e5fbd
VERITAS NetBackup Remote Command Execution
Posted Oct 27, 2009
Authored by patrick | Site metasploit.com

This Metasploit module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address.

tags | exploit, arbitrary, root
advisories | CVE-2004-1389
SHA-256 | a9bae98e0bcab8691966ff788261cc6dfa84dda7135a36c18d0e75e0eb5ee9ef
HP OpenView OmniBack II Command Execution
Posted Oct 27, 2009
Authored by H D Moore, patrick | Site metasploit.com

This Metasploit module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module.

tags | exploit, arbitrary
advisories | CVE-2001-0311
SHA-256 | 26c2c37df75303f2969c51dda36bcd7fb1d2c0584d3a1792600f47b04b5512d6
Apple QTJava toQTPointer() Arbitrary Memory Access
Posted Oct 27, 2009
Authored by H D Moore, Kevin Finisterre, Dino A. Dai Zovi | Site metasploit.com

This Metasploit module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.

tags | exploit, java, arbitrary
advisories | CVE-2007-2175
SHA-256 | 42ae033dbe425fc32ab38f3fc3b946e80a302b5e5f4cecc84aa56930c3a7467d
Opera historysearch XSS
Posted Oct 27, 2009
Authored by Aviv Raff, Roberto Suggi Liverani

Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.

tags | exploit, arbitrary
advisories | CVE-2008-4696
SHA-256 | 8ee97c6c137b092fb141c1b73dea46bcc91809906758777dbdcce9e2f67b0d2b
Opera 9 Configuration Overwrite
Posted Oct 27, 2009

Opera web browser in versions 9.10 and below allows unrestricted script access to its configuration page, opera:config, allowing an attacker to change settings and potentially execute arbitrary code.

tags | exploit, web, arbitrary
SHA-256 | 49e993c1845aba7518aa32a60d82abce0089da8a074bf31055de0b5ae0995d50
Mozilla Suite/Firefox Navigator Object Code Execution
Posted Oct 27, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit requires the Java plugin to be installed.

tags | exploit, java, code execution
advisories | CVE-2006-3677
SHA-256 | caa5d6f2c25885cd4fffdb12407195b2e4d778c8692372a40b3bbd7e922eccbb
Mozilla Firefox Code Execution
Posted Oct 27, 2009
Authored by H D Moore, Aviv Raff | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.

tags | exploit, code execution
advisories | CVE-2005-2265
SHA-256 | b867c0785b780e6498eb0c3b8d27c20f4cec51a630404edc8bd0c545b8e1e652
Sun Java Calendar Deserialization
Posted Oct 27, 2009
Authored by H D Moore, sf | Site metasploit.com

This Metasploit module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The effected Java versions are JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier (SDK and JRE 1.3.1 are not affected).

tags | exploit, java, shell
advisories | CVE-2008-5353
SHA-256 | c3a3d070353114691fd1636dc19113fd8a51770f2e7febb5144445c81db0b5e4
Firefox location.QueryInterface() Code Execution
Posted Oct 27, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the Mozilla Firefox browser. To reliably exploit this vulnerability, we need to fill almost a gigabyte of memory with our nop sled and payload. This module has been tested on OS X 10.3 with the stock Firefox 1.5.0 package.

tags | exploit, code execution
systems | apple, osx
advisories | CVE-2006-0295
SHA-256 | 68da1f78d3e93ac5d6c2f0d52c01784d5f629a3336fadd2e30ee6f133cbb252e
Firefox 3.5 escape() Return Value Memory Corruption
Posted Oct 27, 2009
Authored by H D Moore, Simon Berry-Byrne

This Metasploit module exploits a memory corruption vulnerability in the Mozilla Firefox browser. This flaw occurs when a bug in the javascript interpreter fails to preserve the return value of the escape() function and results in uninitialized memory being used instead. This module has only been tested on Windows, but should work on other platforms as well with the current targets.

tags | exploit, javascript
systems | windows
SHA-256 | 75461b3604d7de9a5061250da61718b0530a361f488c044deeac02eedaaaaf74
Samba lsa_io_trans_names Heap Overflow
Posted Oct 27, 2009
Authored by Adriano Lima | Site risesecurity.org

This Metasploit module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method (credit Ramon and Adriano), which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher than "2".

tags | exploit, overflow
advisories | CVE-2007-2446
SHA-256 | acbb395a5906b68e89713da5a3ab475ec88cd94e22beb4896d17409571772f54
Squid NTLM Authenticate Overflow
Posted Oct 27, 2009
Authored by skape

This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.

tags | exploit, overflow
advisories | CVE-2004-0541
SHA-256 | c43f943216a1703933afd0ce0708c0542f099b2ad7ed5a159c445291d16c2bc5
Poptop Negative Read Overflow
Posted Oct 27, 2009
Authored by spoonm

This is an exploit for the Poptop negative read overflow. This will work against versions prior to 1.1.3-b3 and 1.1.3-20030409.

tags | exploit, overflow
advisories | CVE-2003-0213
SHA-256 | 2ac91eabba3f6978d3496332fe3a3b556afc0dd62339633aa241ff0f48843290
MySQL yaSSL SSL Hello Message Buffer Overflow
Posted Oct 27, 2009
Authored by MC

This Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL versions 6.0 and below. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-0226
SHA-256 | 06f5a48bebc46ac67880ab01c20b9c8364bb1d058a880b53cb7c21ec66b5eedf
Borland InterBase PWD_db_aliased() Buffer Overflow
Posted Oct 27, 2009
Authored by Adriano Lima | Site risesecurity.org

This Metasploit module exploits a stack overflow in Borland InterBase by sending a specially crafted attach request.

tags | exploit, overflow
advisories | CVE-2007-5243
SHA-256 | de6fac96fd0b6aa3c602b0926ac2f071a06c826a31b79903cd842f5737f7b63f
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close