what you don't know can hurt you
Showing 1 - 25 of 301 RSS Feed

Files Date: 2009-11-26

GAMSoft TelSrv 1.5 Username Buffer Overflow
Posted Nov 26, 2009
Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits a username sprintf stack overflow in GAMSoft TelSrv 1.5. Other versions may also be affected. The service terminates after exploitation, so you only get one chance!

tags | exploit, overflow
advisories | CVE-2000-0665
MD5 | 81c0ca72a3bf52428d3463f2bd1c3c6f
3Com 3CDaemon 2.0 FTP Username Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a vulnerability in the 3Com 3CDaemon FTP service. This package is being distributed from the 3Com web site and is recommended in numerous support documents. This Metasploit module uses the USER command to trigger the overflow.

tags | exploit, web, overflow
advisories | CVE-2005-0277
MD5 | e239adfc397826851ade8a440f39721d
ACDSee XPM File Section Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in ACDSee 9.0. When viewing a malicious XPM file with the ACDSee product, a remote attacker could overflow a buffer and execute arbitrary code.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2007-2193
MD5 | 6eeadc6c451782b8faeb52b6fe8d2a03
activePDF WebGrabber ActiveX Control Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in activePDF WebGrabber 3.8. When sending an overly long string to the GetStatus() method of APWebGrb.ocx (3.8.2.0) an attacker may be able to execute arbitrary code. This control is not marked safe for scripting, so choose your attack vector accordingly.

tags | exploit, overflow, arbitrary
MD5 | 759b1bf3c64ad3a6991c7beb56cfe9e5
Adobe Collab.collectEmailInfo() Buffer Overflow
Posted Nov 26, 2009
Authored by MC, Didier Stevens | Site metasploit.com

This Metasploit module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo() call, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2007-5659
MD5 | dfc63320a3e857a6b265b1889566df3b
Adobe Collab.getIcon() Buffer Overflow
Posted Nov 26, 2009
Authored by MC, jduck, Didier Stevens | Site metasploit.com

This Metasploit module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.4. By creating a specially crafted pdf that a contains malformed Collab.getIcon() call, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2009-0927
MD5 | 1f2320eef87406c95ea5b7edbe4b85eb
Adobe JBIG2Decode Memory Corruption Exploit
Posted Nov 26, 2009
Authored by redsand, Russell Sanford, MC, Didier Stevens, natron | Site metasploit.com

This Metasploit module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This Metasploit module relies upon javascript for the heap spray.

tags | exploit, javascript
MD5 | 19c89751bf0373e4af9b9aa3630c9a20
Adobe PDF Embedded EXE Social Engineering
Posted Nov 26, 2009
Authored by Colin Ames | Site metasploit.com

This Metasploit module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack.

tags | exploit
MD5 | 9d5bf734432f0c2bcea426977e592d45
Adobe RoboHelp Server 8 Arbitrary File Upload and Execute.
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a authentication bypass vulnerability which allows remote attackers to upload and execute arbitrary code.

tags | exploit, remote, arbitrary, bypass
advisories | CVE-2009-3068
MD5 | 0e773fbe21185160e80f9dad6116e67e
Adobe util.printf() Buffer Overflow
Posted Nov 26, 2009
Authored by MC, Didier Stevens | Site metasploit.com

This Metasploit module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-2992
MD5 | 9be8b233672ca2f0bc7d59c93c556e68
AOL Instant Messenger goaway Overflow
Posted Nov 26, 2009
Authored by skape, thief | Site metasploit.com

This Metasploit module exploits a flaw in the handling of AOL Instant Messenger's 'goaway' URI handler. An attacker can execute arbitrary code by supplying a overly sized buffer as the 'message' parameter. This issue is known to affect AOL Instant Messenger 5.5.

tags | exploit, arbitrary
advisories | CVE-2004-0636
MD5 | 4fae910f9a5bd3cc5c5719545a2c7926
AIM Triton 1.0.4 CSeq Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in AOL's AIM Triton 1.0.4. By sending an overly long CSeq value, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the affected application.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2006-3524
MD5 | a5d945c220a5e95dc0306e44c6ef4a60
EMC AlphaStor Agent Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in EMC AlphaStor 3.1. By sending a specially crafted message, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-2158
MD5 | 162e1a23d366db63d95be99eb8532767
Altap Salamander 2.5 PE Viewer Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a buffer overflow in Altap Salamander <= v2.5. By creating a malicious file and convincing a user to view the file with the Portable Executable Viewer plugin within a vulnerable version of Salamander, the PDB file string is copied onto the stack and the SEH can be overwritten.

tags | exploit, overflow
advisories | CVE-2007-3314
MD5 | 8b0b10257bd6ddb25ec195a14935643f
Alt-N WebAdmin USER Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.

tags | exploit, overflow, code execution
advisories | CVE-2003-0471
MD5 | 074b91fb379203291975a7da1395ab4a
Amaya Browser v11.0 bdo tag overflow
Posted Nov 26, 2009
Authored by Rob Carter, dookie | Site metasploit.com

This Metasploit module exploits a stack overflow in the Amaya v11 Browser. By sending an overly long string to the "bdo" tag, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2009-0323
MD5 | 6e4b64402e5782329a0fbdb9390c9f91
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
Posted Nov 26, 2009
Authored by H D Moore, skape | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-0038, CVE-2007-1765
MD5 | 894c8dd4988bc61b523bf1b4fe614257
AOL Radio AmpX ActiveX Control ConvertFile() Buffer Overflow
Posted Nov 26, 2009
Authored by rgod, Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in AOL IWinAmpActiveX class (AmpX.dll) version 2.4.0.6 installed via AOL Radio website. By setting an overly long value to 'ConvertFile()', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
MD5 | d4dc59c45b216b5b0e5026124d44c045
America Online ICQ ActiveX Control Arbitrary File Download and Execute.
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module allows remote attackers to download and execute arbitrary files on a users system via the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control.

tags | exploit, remote, arbitrary, activex
advisories | CVE-2006-5650
MD5 | 14f3b45b733f30fd8e7b04a04f7fac35
Apache Win32 Chunked Encoding
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apache (Oracle 8i, 9i, IBM HTTPD, etc). You will need to use the Check() functionality to determine the exact target version prior to launching the exploit. The version of Apache bundled with Oracle 8.1.7 will not automatically restart, so if you use the wrong target value, the server will crash.

tags | exploit
systems | windows
advisories | CVE-2002-0392
MD5 | e3d3d24a04a5fa710ddd92b1a78239b0
Apache module mod_rewrite LDAP protocol Buffer Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This Metasploit module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.

tags | exploit, overflow, protocol
systems | windows
advisories | CVE-2006-3747
MD5 | 24ecf483512ef6982eb1b227d15ee15a
Apple ITunes 4.7 Playlist Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.

tags | exploit, remote, overflow, arbitrary
systems | apple
advisories | CVE-2005-0043
MD5 | 2f0010313c0494bc25e2563cadffc6da
Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
systems | apple
advisories | CVE-2007-6166
MD5 | 53ef97f1a29b0a357f71238f64bf8af4
Apple QuickTime 7.1.3 RTSP URI Buffer Overflow
Posted Nov 26, 2009
Authored by MC, egypt | Site metasploit.com

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.1.3. This Metasploit module was inspired by MOAB-01-01-2007. The Browser target for this module was tested against IE 6 and Firefox 1.5.0.3 on Windows XP SP0/2; Firefox 3 blacklists the QuickTime plugin.

tags | exploit, overflow
systems | windows, apple, xp
advisories | CVE-2007-0015
MD5 | d2ab9eb9d899356379e076fe8e98c51f
Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Ask.com Toolbar 4.0.2.53. An attacker may be able to execute arbitrary code by sending an overly long string to the "ShortFormat()" method in askbar.dll.

tags | exploit, overflow, arbitrary
advisories | CVE-2007-5107
MD5 | 6468ef0292a337f26024734a3db1ef31
Page 1 of 13
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close