exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files Date: 2009-10-28 to 2009-10-29

ClamAV Milter Blackhole-Mode Remote Code Execution
Posted Oct 28, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' (Sendmail mail filter). Versions prior to 0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call.

tags | exploit
advisories | CVE-2007-4560
SHA-256 | 043b522739cdc7453582b55c2d84f10b6d62ae02178d5c618b7212a148347eb0
SpamAssassin spamd Remote Command Execution
Posted Oct 28, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits a flaw in the SpamAssassin spamd service by specifying a malicious vpopmail User header, when running with vpopmail and paranoid modes enabled (non-default). Versions prior to 3.1.3 are vulnerable.

tags | exploit
advisories | CVE-2006-2447
SHA-256 | eab32845da0d59fc9f4ab3c4fe32f5ea16cbdf7d908c0e6e672c02b104b4425c
DistCC Daemon Command Execution
Posted Oct 28, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module uses a documented security weakness to execute arbitrary commands on any system running distccd.

tags | exploit, arbitrary
advisories | CVE-2004-2687
SHA-256 | 0a769db2554d6e63eed260b8856d24d30fee9b9bc7f06f56160f29c66e421927
ContentKeeper Web Remote Command Execution
Posted Oct 28, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits the ContentKeeper Web Appliance. Versions prior to 125.10 are affected. This module exploits a combination of weaknesses to enable remote command execution as the Apache user. Following exploitation it is possible to abuse an insecure PATH call to 'ps' etc in setuid 'benetool' to escalate to root.

tags | exploit, remote, web, root
SHA-256 | 629ee439ef17eb790dc0b4ecfd87cba6375f929234dd537ad09b296c1e24dcec
Solaris in.telnetd TTYPROMPT Buffer Overflow
Posted Oct 28, 2009
Authored by MC, cazz

This Metasploit module uses a buffer overflow in the Solaris 'login' application to bypass authentication in the telnet daemon.

tags | exploit, overflow
systems | solaris
advisories | CVE-2001-0797
SHA-256 | 1922fca1702919a985e0d03cd6e813a1ab64a1125cad7362097ca409173defa5
Sun Solaris Telnet Remote Authentication Bypass
Posted Oct 28, 2009
Authored by MC

This Metasploit module exploits the argument injection vulnerability in the telnet daemon (in.telnetd) of Solaris 10 and 11.

tags | exploit
systems | solaris
advisories | CVE-2007-0882
SHA-256 | 179d8ac56af2b7e7a41f6d04b7d0d59e4a7e59ad60dfdcae4e994920a57db02a
Solaris ypupdated Command Execution
Posted Oct 28, 2009
Authored by I)ruid

This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request.

tags | exploit, shell
advisories | CVE-1999-0209
SHA-256 | 7c27019bedb0e26575dc7a9ad1810a98487a76f946e66dee2a85a79237351e19
Solaris sadmind Command Execution
Posted Oct 28, 2009
Authored by H D Moore, cazz, vlad902 | Site metasploit.com

This exploit targets a weakness in the default security settings of the sadmind RPC application. This server is installed and enabled by default on most versions of the Solaris operating system. Vulnerable systems include solaris 2.7, 8, and 9.

tags | exploit
systems | solaris
advisories | CVE-2003-0722
SHA-256 | 14557b273499a2ea3ee86d39d208d2b582a750cf286e96ff62c3dd367eac0d64
Sun Solaris sadmind adm_build_path() Buffer Overflow
Posted Oct 28, 2009
Authored by Adriano Lima | Site risesecurity.org

This Metasploit module exploits a buffer overflow vulnerability in adm_build_path() function of sadmind daemon.

tags | exploit, overflow
advisories | CVE-2008-4556
SHA-256 | 18dec71a8c83fcf83504b2fddb72739d0a61a63af0287624b6f0d47b893416c4
Debian Linux Security Advisory 1922-1
Posted Oct 28, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1922-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3382
SHA-256 | a220a510e52acdc35e63b91c7fafa29b451ce1d41d75745b324d947eec52a426
Cherokee 0.5.4 Directory Traversal
Posted Oct 28, 2009
Authored by Dr_IDE

Cherokee versions 0.5.4 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | e98d286121b0854950d5c8ad20255bbe19675d7c7fec7efd3126c5b4d9d701fe
Solaris LPD Command Execution
Posted Oct 28, 2009
Authored by H D Moore, Dino A. Dai Zovi | Site metasploit.com

This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Sun Solaris up to and including 8.0. This module uses a technique discovered by Dino Dai Zovi to exploit the flaw without needing to know the resolved name of the attacking system.

tags | exploit, arbitrary
systems | solaris
advisories | CVE-2001-1583
SHA-256 | 01345783ba4c62397f1139311948fa659b914f7f6b890eea025ca4a22a9c86f9
Wireshark Analyzer 1.2.3
Posted Oct 28, 2009
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple vulnerabilities have been addressed. Various other fixes.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 5515ba01277773a2f9c97599d4d28d0898d8b1d7afd5c8942cab087306c28703
iDEFENSE Security Advisory 2009-10-28.1
Posted Oct 28, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

Remote exploitation of a buffer overflow in the Mozilla Foundation's libpr0n image processing library allows attackers to execute arbitrary code. The libpr0n GIF parser was designed using a state machine which is represented as a series of switch/case statements. One particularly interesting state, 'gif_image_header', is responsible for interpreting a single image/frame description record. A single GIF file may contain many images, each with a different color map associated. The problem lies in the handling of changes to the color map of subsequent images in a multiple-image GIF file. Memory reallocation is not managed correctly and can result in an exploitable heap overflow condition. iDefense confirmed the existence of this vulnerability using Mozilla Firefox versions 3.0.13 and 3.5.2 on 32-bit Windows XP SP3. Other versions, and potentially other applications using libpr0n, are suspected to be vulnerable.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2009-3373
SHA-256 | 2586d2a113c390f692bd4a3a7b5d2efa7e97552fe0c5a23297e4dd9eebfa000a
Oscailt 3.3 Local File Inclusion
Posted Oct 28, 2009
Authored by s4r4d0

Oscailt CMS version 3.3 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 62cc89dcaa822c8aacccf2326a30726ab50fc22820b678b1198ee5566f5b10b6
Mozilla Firefox 3.5.3 Local Download Manager Exploit
Posted Oct 28, 2009
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Mozilla Firefox version 3.5.3 local download manager exploit that demonstrates a temporary file creation vulnerability.

tags | exploit, local
SHA-256 | c57f747c188be90e736885f8d76cc1b16b4e1cbbc6eee9473f672dc486c86f84
Opera RSS Hijacking
Posted Oct 28, 2009
Authored by Inferno from Secure Thoughts

Small write up called Hijacking Opera's Native Page Using Malicious RSS Payloads.

tags | advisory
SHA-256 | c291ffa51806c7d5f361262a1cb308612da9ac85545f1e4435e49c40c2a46aa1
Mariposa Botnet C+C Decryption Plugin
Posted Oct 28, 2009
Site code.google.com

This is the Mariposa Botnet C+C decryption plugin for wireshark.

tags | tool, sniffer
SHA-256 | 02744e4d60616adfc90d84a092087327326970be4d7a91ce0993dd6a4d1564a3
Solaris dtspcd Heap Overflow
Posted Oct 28, 2009
Authored by noir | Site metasploit.com

This is a port of noir's dtspcd exploit. This Metasploit module should work against any vulnerable version of Solaris 8 (sparc). The original exploit code was published in the book Shellcoder's Handbook.

tags | exploit, shellcode
systems | solaris
advisories | CVE-2001-0803
SHA-256 | 19e9ec7b08522229c2b19b1bd544a7ff36ddfd0fd2e0f93cbccac310943ae853
Samba trans2open Overflow
Posted Oct 28, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.

tags | exploit, overflow
systems | apple, osx
advisories | CVE-2003-0201
SHA-256 | 50174bffbefca0cbfd2b222f0748f7fe7215d1eab4b35f5294d146713fed1392
MacOS X QuickTime RTSP Content-Type Overflow
Posted Oct 28, 2009
Site metasploit.com

This Metasploit module exploits the Mac OS X Quicktime RTSP Content-Type overflow.

tags | exploit, overflow
systems | apple, osx
SHA-256 | ad4d5f783ef4db1db560df2a1efd3229f2003c31ec35d1990be07b5c88e2e8fc
Mac OS X mDNSResponder UPnP Location Overflow
Posted Oct 28, 2009
Site metasploit.com

This Metasploit module exploits the Mac OS X mDNSResponder UPnP location overflow.

tags | exploit, overflow
systems | apple, osx
SHA-256 | da2a1ca7bcbe9b0fd674cad76635052bd827bdcd654c1294987ae687132ffa6f
WebSTAR FTP Server USER Overflow
Posted Oct 28, 2009
Authored by H D Moore, Dino A. Dai Zovi | Site metasploit.com

This Metasploit module exploits a stack overflow in the logging routine of the WebSTAR FTP server. Reliable code execution is obtained by a series of hops through the System library.

tags | exploit, overflow, code execution
advisories | CVE-2004-0695
SHA-256 | b70f8769835947ea2b66253db1f6add42a0554c1ea76331961806fbfff635676
Mail.app Image Attachment Command Execution
Posted Oct 28, 2009
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5.

tags | exploit
systems | apple, osx
advisories | CVE-2006-0395, CVE-2007-6165
SHA-256 | aa4bc52d99a5375b0d0710ee2d12fe495a795c13691639ec782fff6ffddc4ede
Safari Archive Metadata Command Execution
Posted Oct 28, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should be opened by Terminal.app. This module depends on the 'zip' command-line utility.

tags | exploit, shell
advisories | CVE-2006-0848
SHA-256 | 8c4311240e8171f3f9f4e554f0f29aa8dd421640cd7dc1296331a5d14e3d441f
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close