Twenty Year Anniversary
Showing 1 - 25 of 197 RSS Feed

Operating System: Windows 7

Microsoft Windows FxCop 12 XXE Injection
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.

tags | exploit, local
systems | windows, 7, 10
MD5 | e4970e9fdb7dbc2ea52471b6d0a8c531
PlaySMS import.php Code Execution
Posted May 7, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php (aka the Phonebook import feature). Authenticated Users can upload a CSV file containing a malicious payload via vectors involving the User-Agent HTTP header and PHP code in the User-Agent. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.

tags | exploit, remote, web, php, code execution, file upload
systems | windows, 7
advisories | CVE-2017-9101
MD5 | f976c4045dcaba09573750799d5fb25a
PlaySMS sendfromfile.php Code Execution
Posted May 7, 2018
Authored by Touhid M.Shaikh, DarkS3curity | Site metasploit.com

This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This Metasploit module was tested against PlaySMS 1.4 on VulnHub's Dina 1.0 machine and Windows 7.

tags | exploit, php, file upload
systems | windows, 7
advisories | CVE-2017-9080
MD5 | 2580a04744c23352ceb458505fd66e3d
Windows WMI Recieve Notification
Posted May 4, 2018
Authored by smmrootkit, de7ec7ed | Site metasploit.com

This Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64.

tags | exploit
systems | windows, 7
advisories | CVE-2016-0040
MD5 | bf78fbf975425db0dad45532ab61033f
ProcessMaker Plugin Code Execution
Posted Apr 3, 2018
Authored by Brendan Coles | Site metasploit.com

This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.

tags | exploit, web, php
systems | linux, windows, debian, 7
MD5 | 62ca13841303372ebfe7885ec8e1b271
Apple Security Advisory 2018-3-29-8
Posted Mar 30, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-3-29-8 - iCloud for Windows 7.4 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | windows, apple, 7
advisories | CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4121, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4130, CVE-2018-4144, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165
MD5 | 5159368594b492a7a1fa30f912b8bb64
ClipBucket beats_uploader Unauthenticated Arbitrary File Upload
Posted Mar 26, 2018
Authored by Touhid M.Shaikh | Site metasploit.com

This Metasploit module exploits a vulnerability found in ClipBucket versions before 4.0.0 (Release 4902). A malicious file can be uploaded using an unauthenticated arbitrary file upload vulnerability. It is possible for an attacker to upload a malicious script to issue operating system commands. This issue is caused by improper session handling in /action/beats_uploader.php file. This Metasploit module was tested on ClipBucket before 4.0.0 - Release 4902 on Windows 7 and Kali Linux.

tags | exploit, arbitrary, php, file upload
systems | linux, windows, 7
MD5 | d2275d600b73e806af00c2c4d704c496
Disk Savvy Enterprise 10.4.18 Buffer Ovreflow
Posted Feb 23, 2018
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, overflow, x86
systems | windows, 7
MD5 | bfeae1744c34384854bd5326b5010471
CloudMe Sync 1.10.9 Buffer Overflow
Posted Feb 23, 2018
Authored by Daniel Teixeira, hyp3rlinx | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, overflow, x86
systems | windows, 7
advisories | CVE-2018-6892
MD5 | 41dab942f2886640903e2e9e54f5e2e7
Apple Security Advisory 2018-1-23-7
Posted Jan 25, 2018
Authored by Apple | Site apple.com

Apple Security Advisory 2018-1-23-7 - iCloud for Windows 7.3 is now available and addresses code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple, 7
advisories | CVE-2018-4088, CVE-2018-4096
MD5 | 7f66fa9c1925323303df6c448d12a4cf
ALLMediaServer 0.95 Stack Buffer Overflow
Posted Jan 12, 2018
Authored by Mario Kartone Ciccarelli

ALLMediaServer version 0.95 stack buffer overflow exploit with DEP bypass on Windows 7 x64.

tags | exploit, overflow
systems | windows, 7
advisories | CVE-2017-17932
MD5 | 15321ab5b12699493b877fadfdf25da1
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows, 7
advisories | CVE-2017-5817
MD5 | 252d40a332488ae10b75261fe5cefc7d
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows, 7
advisories | CVE-2017-5816
MD5 | 5919ea7fa37b5b123d15780fb9eca50b
Microsoft Windows Kernel Ring-0 Address Leak
Posted Dec 20, 2017
Authored by Google Security Research, mjurczyk

It was discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit.

tags | exploit, kernel
systems | windows, 7
MD5 | 4bb20d0c4e7b2208fd33f054d9383332
Apple Security Advisory 2017-12-13-3
Posted Dec 16, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.

tags | advisory, code execution
systems | windows, apple, 7
advisories | CVE-2017-13856, CVE-2017-13864, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-7157
MD5 | 4a311c787e7cbdff236c940b272c076a
Apple Security Advisory 2017-10-31-7
Posted Nov 1, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-10-31-7 - iCloud for Windows 7.1 is now available and addresses multiple code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | windows, apple, 7
advisories | CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788, CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802, CVE-2017-13803
MD5 | 26891f75fd57c0122ac654f4a17c984c
Apple Security Advisory 2017-09-25-2
Posted Sep 28, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-09-25-2 - iCloud for Windows 7 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | windows, apple, 7
advisories | CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7106, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7127
MD5 | 4e44e4b681ebf9ba18ffaf6ae1da2982
Demystifying Windows Kernel Exploitation By Abusing GDI Objects
Posted Aug 8, 2017
Site sensepost.com

Demystifying Windows Kernel Exploitation by Abusing GDI Objects. This has the Windows 7 SP1 x86 exploit demonstrated at Defcon 25.

tags | exploit, x86, kernel
systems | windows, 7
MD5 | 52d4377ede9d242df50d7a38f59a4d4d
Metasploit RPC Console Command Execution
Posted Jul 22, 2017
Authored by Brendan Coles | Site metasploit.com

This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.

tags | exploit
systems | windows, 7
MD5 | b76c5685a0298b752e8aaaf4f214e190
Microsoft Windows 7 SP1 x86 GDI Palette Objects Local Privilege Escalation
Posted Jul 19, 2017
Authored by Saif

Microsoft Windows 7 SP1 x86 GDI palette objects local privilege escalation exploit that leverages the vulnerability as described in MS17-017.

tags | exploit, x86, local
systems | windows, 7
MD5 | ab4d0df9332bcf2c1c566cf56cc2b9ab
Microsoft Internet Explorer 11 CMarkup::DestroySplayTree Memory Corruption
Posted Jul 18, 2017
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.

tags | exploit
systems | windows, 7
advisories | CVE-2017-8594
MD5 | cdc2215843df74b066e451921f6fea5c
EternalBlue Exploit Analysis And Port To Microsoft Windows 10
Posted Jun 7, 2017
Authored by Sean Dillon, Dylan Davis

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The toolkit was allegedly written by the Equation Group, a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA). The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on Microsoft Windows XP (Server 2003) and Microsoft Windows 7 (Server 2008 R2). In this paper, the RiskSense Cyber Security Research team analyzes how using wrong-sized CPU registers leads to a seemingly innocuous mathematical miscalculation. This causes a chain reaction domino effect ultimately culminating in code execution, making ETERNALBLUE one of the most complex exploits ever written. They will discuss what was necessary to port the exploit to Microsoft Windows 10, and future mitigations Microsoft has already deployed, which can prevent vulnerabilities of this class from being exploited in the future. The FUZZBUNCH version of the exploit contains an Address Space Layout Randomization (ASLR) bypass, and the Microsoft Windows 10 version required an additional Data Execution Prevention (DEP) bypass not needed in the original exploit.

tags | paper, remote, kernel, vulnerability, code execution
systems | windows, xp, 7
MD5 | 0e04e472a5f9e98389f5f1e13ec2bf50
VX Search Enterprise GET Buffer Overflow
Posted May 23, 2017
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of VX Search Enterprise v9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, web, overflow, x86
systems | windows, 7
MD5 | d253f613c50ab1d748ea4f581c269908
Sync Breeze Enterprise GET Buffer Overflow
Posted May 20, 2017
Authored by Daniel Teixeira | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

tags | exploit, web, overflow, x86
systems | windows, 7
MD5 | f3556ba8acc91d809655f9aaf8017697
Microsoft Windows 7/2008 R2 x64 EternalBlue Remote Code Execution
Posted May 20, 2017
Authored by sleepya

Microsoft Windows 7/2008 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.

tags | exploit, remote, code execution
systems | windows, 7
advisories | CVE-2017-0144
MD5 | 376497a061ce1620c9f18e1a8d725067
Page 1 of 8
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    6 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close