This Metasploit module allows remote attackers to download and execute arbitrary files on a users system via the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control.
8c48ffbf1406cda705db3856a1f59070d8db0942626e09b6ac356cac87f546f0
This Metasploit module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apache (Oracle 8i, 9i, IBM HTTPD, etc). You will need to use the Check() functionality to determine the exact target version prior to launching the exploit. The version of Apache bundled with Oracle 8.1.7 will not automatically restart, so if you use the wrong target value, the server will crash.
02caca0c3ef84c379c6053e31707b4b6389939755466b8435f5f2edee463d9f2
This Metasploit module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This Metasploit module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.
96b871a0195d2591844969f9bba63abc59813d3e7296ce6634f95d37eb06d859
This Metasploit module exploits a stack overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.
60c5b0f8c0b2bae758156348e4c8ec79ad1ee0f66b1e62f0f5b340492a94c0c6
This Metasploit module exploits a stack overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code.
21574fbd6e00724523d7a5f9074376708ca42fdee7cfd7358724cf3a988c22ab
This Metasploit module exploits a buffer overflow in Apple QuickTime 7.1.3. This Metasploit module was inspired by MOAB-01-01-2007. The Browser target for this module was tested against IE 6 and Firefox 1.5.0.3 on Windows XP SP0/2; Firefox 3 blacklists the QuickTime plugin.
0b2ce5d40bcda714f7eeb620c09554a9625b558fd3dd638b89ff17d6190c2eee
This Metasploit module exploits a stack overflow in Ask.com Toolbar 4.0.2.53. An attacker may be able to execute arbitrary code by sending an overly long string to the "ShortFormat()" method in askbar.dll.
0249fa5425f66e515b44963220de048bef1629fae9fdbbac12b1b044adf57ee6
This Metasploit module exploits a stack overflow in Asus Dpcroxy version 2.0.0.19. It should be vulnerable until version 2.0.0.24.
2fe9f48d3f15c7789afc7a9cb89d4e8460d9728364df7e30ee77cc43757e5323
This Metasploit module exploits a stack overflow in AtHocGov IWSAlerts. When sending an overly long string to the CompleteInstallation() method of AtHocGovTBr.dll (6.1.4.36) an attacker may be able to execute arbitrary code. This vulnerability was silently patched by the vendor.
3be437f260772dff9eaa53d584553434d04c820e8403f838ccbefca9b4d9967c
This Metasploit module exploits a stack overflow in AT-TFTP v1.9, by sending a request (get/write) for an overly long file name.
c485cdfe9f1d2432b1537fb84ec5ea7062f793592929aba3668b651348caba32
This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.
ed9e481ead1489a1daf2b9cee8648d7e139f01c0d32d6ba6537f09d38141d0c1
This is a stack overflow exploit for BadBlue version 2.5.
0d475fde99075c9ad6bf634410f200dc2f13e92c479178bd8bcfe8964c45e884
This Metasploit module exploits a stack overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier.
3eddde82736d0b0ecfca5d1b0b9308d95d9ce454cf159801e881a87590afdd43
This Metasploit module exploits a heap overflow in the BakBone NetVault Process Manager service. This code is a direct port of the netvault.c code written by nolimit and BuzzDee.
abb3356d348f4bf759c98838cbffce838b11685877ba40eb30c6f1e41e563425
This Metasploit module exploits a 0day in the JSESSION cookie value when clustering is configured.
86c77b3be0f72a80cfacf3a893a4763093c6a54c14bc80ae50b93d61caa6c5a5
This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. This vulnerability exists in the error reporting for unknown Transfer-Encoding headers. You may have to run this twice due to timing issues with handlers.
ba8f35f7d7e08834aa8e9aaa62c2d259a6ba632f79794a0647b915f1830dfd5c
This Metasploit module exploits a stack overflow in the NCTAudioFile2.Audio ActiveX Control provided by BearShare 6.0.2.26789. By sending a overly long string to the "SetFormatLikeSample()" method, an attacker may be able to execute arbitrary code.
391ea9701aa5c2824c8c010a33a3a53acf2d8878b0d3537d082c8d39edb32328
This Metasploit module exploits a stack overflow in Belkin Bulldog Plus 4.0.2 build 1219. When sending a specially crafted http request, an attacker may be able to execute arbitrary code.
45aad35b5ab2c8331fdf0a21c06b843600a233e78d2d32e79556240e5698d21e
This exploits a stack overflow in the BigAnt Messaging Service, part of the BigAnt Server product suite. This Metasploit module was tested successfully against version 2.50 SP1.
a6efaa655fbca2207d1e6a66a1c5c9d6fb68fe09f3765724c03c9f340169fcf3
This Metasploit module exploits a stack overflow in BigAnt Server 2.2. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.
b28a87380ea46061fdb7f0aba074ed8113eaa87be493b1d7c807546ef8032c68
This Metasploit module exploits a stack overflow in the ISS products that use the iss-pam1.dll ICQ parser (Blackice/RealSecure). Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast address. The ISS exception handler will recover the process after each overflow, giving us the ability to bruteforce the service and exploit it multiple times.
d67c5051b25bd521627ed2f0b421e431d2c7a7bc79507cd2dd85cb4525447b2a
This Metasploit module exploits a buffer overflow in the Blue Coat Systems WinProxy service by sending a long port value for the Host header in a HTTP request.
82c80e9e59b7ee8805196b11f4141db3c2560f793a7da0edf8e9f6abaa27dc32
This Metasploit module exploits a stack buffer overflow in Bomberclone 0.11.6 for Windows. The return address is overwritten with lstrcpyA memory address, the second and third value are the destination buffer, the fourth value is the source address of our buffer in the stack. This exploit is like a return in libc. ATTENTION The shellcode is exec ONLY when someone try to close bomberclone.
1f188f97f389b0404fc041c1871d2fe7bd68b27ac86eb20c50950042743fad29
This Metasploit module exploits a stack overflow in Bopup Communications Server 3.2.26.5460. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.
4ff32d726ad735b55296a2b8480eb5333f6064cacce8f3c7061985db1f52ba1f
This Metasploit module exploits a stack overflow in Borland Interbase 2007. By sending a specially crafted create-request packet, a remote attacker may be able to execute arbitrary code.
4c2a6868ee123f5c6ac4d4af4662087424172ee39e6bfc56d8e204f412e56e81