This Metasploit module exploits a stack-based buffer overflow in Millenium MP3 Studio 2.0. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extension is registered to Millenium MP3 Studio. This functionality has not been tested in this module.
06d85f2491d1615ca33ae611b3a98c687a542e8e52b5e87ca2f1e88fad8e5e4dThis Metasploit module exploits a stack overflow in Media Jukebox 8.0.400. By creating a specially crafted m3u or pls file, an attacker may be able to execute arbitrary code.
fef83dcc625d462c8b805f2c638c713780ca2eb54695b17cff8d6771f57a07b6This Metasploit module exploits a stack overflow in Xenorate 2.50 By creating a specially crafted xpl file, an an attacker may be able to execute arbitrary code.
55d0fc5c30e52b4fa3196de380c9ba074f6b1b00caae59fe14a607e2123f1414This Metasploit module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
7d4d1c9d8fe1d36f17d6776c8b9cbcf05cf5f1144bc437fe3eb1909f688d2b15This Metasploit module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
db8a3aadb83130b870e5a70ed5ba3a3aafb3ba7ade242ba5744bcd8251b74f40This Metasploit module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.
b1f8cfeb14bd0899045d104a6e8573a0f4d05407352329432a77e25d99ebb260This Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
328118791df64b5b6d6ab27dc8882d52301e5fc9ac482a046dc54015346ec0eeThis Metasploit module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions before 9.2.
52cfb9936f28bcd82db14be3f1433d97ac01c53395207cf875242f47e7ad9043This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on Solaris SPARC systems that do not have the noexec stack option set. Big thanks to MC and valsmith for resolving a problem with the beta version of this module.
48fe6c9e19f75786c1b1abb6aa3114673fe6ce806ec1a7f209d21ef0aa51d85aThis exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems.
0a81c70c55c5b626382aa3846753c3ac0bbcbc83db3ba6ea2a26b8367e01106cThis Metasploit module exploits a stack overflow in Mini-Stream 3.0.1.1 By creating a specially crafted pls file, an an attacker may be able to execute arbitrary code.
4192232f4608503f3384466b334e0ca938b1481a1a306823bf6f3b3b10595f7dThis Metasploit module exploits a stack overflow in SafeNet SoftRemote Security Policy Editor <= 10.8.5. When an attacker creates a specially formatted security policy with an overly long GROUPNAME argument, it is possible to execute arbitrary code.
893bb506f38fcf79c614bcd9b25bd833d1a8b2c40de37392ae61cd670aa1a7fcThis Metasploit module exploits a stack overflow in HTML Help Workshop 4.74. By creating a specially crafted hhp file, an an attacker may be able to execute arbitrary code.
82e01542fb818ed7b5e9120ef5f8dd54a33c4cfbb41b7de8c7a3d88ba717a6a9This Metasploit module exploits a stack overflow in HTML Help Workshop 4.74 By creating a specially crafted hhp file, an an attacker may be able to execute arbitrary code.
40bdbca4a822c1c8a058b1ad97daee10c5ee39712e47900750b8a660df207251This is an exploit for the Exchange 2000 heap overflow. Due to the nature of the vulnerability, this exploit is not very reliable. This Metasploit module has been tested against Exchange 2000 SP0 and SP3 running a Windows 2000 system patched to SP4. It normally takes between one and 100 connection attempts to successfully obtain a shell. This exploit is *very* unreliable.
26a51fce399b6448d8c4a7690d9c8391601cf7dd1c9478bdf2b4167db5d655eeThis exploit connects to a system's modem over dialup and provides the user with a readout of the login banner.
6e01f6b1ed3484659805eb43e03eb97a23a6273485669abbe6a07c7362a7a728This Metasploit module exploits a format string vulnerability in versions of the Washington University FTP server older than 2.6.1. By executing specially crafted SITE EXEC or SITE INDEX commands containing format specifiers, an attacker can corrupt memory and execute arbitrary code.
17811a8ac377764adfb49c164f93cdcf698df0df9d68af1e9617fc9029a4ec99This Metasploit module exploits a flaw in the setDiffICM function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
15c0e94e60ddaf304a0db8722ab90a4346f35a28d6a122802f19e8681d79283fThis Metasploit module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
18334e64c1ccbeb5a3f96e1e9a81a3c6475589d69aefabd8ff1d29aa8ad74a99This Metasploit modules exploits a stack-based buffer overflow in iTunes itms:// URL parsing. It is accessible from the browser and in Safari, itms urls will be opened in iTunes automatically. Because iTunes is multithreaded, only vfork-based payloads should be used.
3cb12bf18862a6b8d19ec162dc207e19cb5f515c8eb78c636ca9c004868e964dThis Metasploit module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.1.7, and < 9.2. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.
fdb0c241722cd2aa67d4eb9f05c46f52ce09ac8fae6eb7afb1cb35f20897926eThis Metasploit module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means for this exploit to work.
31bbe100ffdd2f91eaedeff7614f1752ef8f6fb3e51341837b95b2b328745b19This Metasploit module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace().
3a2382adc10594ee42ff1bd0b49855a630ee0af65a53e90bd2f33b29bcbe9542osCommerce is a popular open source E-Commerce application. The admin console contains a file management utility that allows administrators to upload, download, and edit files. This could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.
e74aaeea615a430a6f4a22d1a117d3048d29172d6f0b6fb720906609e397a0ffThis Metasploit module exploits a vulnerability in PhpMyAdmin's setup feature which allows an attacker to inject arbitrary PHP code into a configuration file. The original advisory says the vulnerability is present in phpMyAdmin versions 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1; this module was tested on 3.0.1.1. The file where our payload is written (phpMyAdmin/config/config.inc.php) is not directly used by the system, so it may be a good idea to either delete it or copy the running config (phpMyAdmin/config.inc.php) over it after successful exploitation.
c6dcd3c567ac45d96e97a2bc40e1b5ef02017edab7e4eb3995b6fbcd852cad26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed