what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 6,763 RSS Feed

Operating System: Windows

Microsoft Windows DWM Core Library Privilege Escalation
Posted Sep 9, 2024
Authored by ricnar456 | Site github.com

Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.

tags | exploit, overflow, proof of concept
systems | windows
advisories | CVE-2024-30051
SHA-256 | ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0d
Backdoor.Win32.Symmi.qua MVID-2024-0692 Buffer Overflow
Posted Sep 4, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Symmi.qua malware suffers from a buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 0bc924461f903a4b4b69a0e094001ae59f6aed7881aa5a2aff5dfa55c34905b6
HackTool.Win32.Freezer.br (WinSpy) MVID-2024-0691 Insecure Credential Storage
Posted Sep 4, 2024
Authored by malvuln | Site malvuln.com

HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.

tags | exploit
systems | windows
SHA-256 | 574e327046bc7ed7b91b795a2eebcc7e87a001021d334845c357d1bc082517f0
Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential
Posted Sep 4, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.

tags | exploit
systems | windows
SHA-256 | 8c8ad33e111ebd91632229baa25c24e2eb3101bf3951d070074c5b4618e78fcf
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution
Posted Sep 4, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) malware suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
SHA-256 | efd34490081822962a9907289feb284b29b116cd83a6df573fe5cae3f6d09fb1
Backdoor.Win32.PoisonIvy.ymw MVID-2024-0688 Insecure Credential Storage
Posted Sep 4, 2024
Authored by malvuln | Site malvuln.com

Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.

tags | exploit
systems | windows
SHA-256 | 2a0b97e3b01f0c3a9c85e1a96ede18240c61b21ee538261305346eec34828cd5
Vivavis HIGH-LEIT 4 / 5 Privilege Escalation
Posted Sep 3, 2024
Authored by Lukas Krieg | Site schutzwerk.com

Vivavis HIGH-LEIT versions 4 and 5 allow attackers to execute arbitrary code as local system on systems where the "HL-InstallService-hlxw" or "HL-InstallService-hlnt" Windows service is running. Authentication is necessary for successful exploitation. The execution of the exploit is trivial and might affect other systems if the applications folder is shared between multiple systems in which case the vulnerability can be used for lateral movement.

tags | advisory, arbitrary, local
systems | windows
advisories | CVE-2024-38456
SHA-256 | 71cbb32e8ea719c5b85e740cf97e165e4dd92083376eab16d2fff22074ac5216
Novell ZENworks Configuration Management Preboot Service Remote File Access
Posted Sep 1, 2024
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted PROXY_CMD_FTP_FILE (opcode 0x21) packet to the 998/TCP port. This Metasploit module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and SP3 over Windows.

tags | exploit, tcp
systems | windows
advisories | CVE-2012-2215
SHA-256 | c8558ecefbfe751f2fc66900fb57a9cf3f672074e3a5a9c539be4d79127c10fb
EasyCafe Server Remote File Access
Posted Sep 1, 2024
Authored by Brendan Coles, R-73eN | Site metasploit.com

This Metasploit module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This Metasploit module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.

tags | exploit, tcp
systems | windows, xp, 7
SHA-256 | 33d40a2aa040357554a8308847a479cb0f61d14ed8afe5d9bd0a74c18bb67185
HP Intelligent Management ReportImgServlt Directory Traversal
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the ReportImgServlt, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2012-5203
SHA-256 | fc011d457e4acf956275035f4b8a0451d41e2e13f19438085bac537923b7fe5d
Apache ActiveMQ Directory Traversal
Posted Sep 1, 2024
Authored by AbdulAziz Hariri, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in Apache ActiveMQ 5.3.1 and 5.3.2 on Windows systems. The vulnerability exists in the Jettys ResourceHandler installed with the affected versions. This Metasploit module has been tested successfully on ActiveMQ 5.3.1 and 5.3.2 over Windows 2003 SP2.

tags | exploit
systems | windows
SHA-256 | e4fc1de226b239cc42c11119b2ecd2130fccf09146aabb316d9690fa9c3b4d15
ManageEngine Support Center Plus Directory Traversal
Posted Sep 1, 2024
Authored by xistence | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in ManageEngine Support Center Plus build 7916 and lower. The module will create a support ticket as a normal user, attaching a link to a file on the server. By requesting our own attachment, its possible to retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows this is always with SYSTEM privileges.

tags | exploit
systems | windows
advisories | CVE-2014-100002
SHA-256 | 35b8dac6ec6fd06ffaa3710cabb29f95752a8d44def4cc96ddba9c8ac1b115e9
HP Intelligent Management FaultDownloadServlet Directory Traversal
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the FaultDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2012-5202
SHA-256 | 4afa0137a506369a61e2db708c38b69ad4ed8789d747da63b132480ec19c7b07
ManageEngine ServiceDesk Plus Path Traversal
Posted Sep 1, 2024
Authored by xistence | Site metasploit.com

This Metasploit module exploits an unauthenticated path traversal vulnerability found in ManageEngine ServiceDesk Plus build 9110 and lower. The module will retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows, files can be retrieved with SYSTEM privileges. The issue has been resolved in ServiceDesk Plus build 91111 (issue SD-60283).

tags | exploit
systems | windows
SHA-256 | 8fad34674f4012b03f791e1ba3e184199e99b0489423de032233027145143f6c
MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure
Posted Sep 1, 2024
Authored by sinn3r, Rich Whitcroft, Sunny Neo | Site metasploit.com

This Metasploit module dumps memory contents using a crafted Range header and affects only Windows 8.1, Server 2012, and Server 2012R2. Note that if the target is running in VMware Workstation, this module has a high likelihood of resulting in BSOD; however, VMware ESX and non-virtualized hosts seem stable. Using a larger target file should result in more memory being dumped, and SSL seems to produce more data as well.

tags | exploit
systems | windows
advisories | CVE-2015-1635
SHA-256 | 4a0a7232721b04275d17b16891f2475537a84cfaad2597bb4398fc1c09c5c025
HP SiteScope SOAP Call GetSiteScopeConfiguration Configuration Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The HP SiteScope Configuration is retrieved as file containing Java serialization data. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, java, bypass
systems | linux, windows, centos
SHA-256 | 49a6293f49b3d88908408822f05f60de61f16258c0921f50adecb84a90811493
HP SiteScope SOAP Call LoadFileContent Remote File Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary text file from the remote server. It is accomplished by calling the loadFileContent operation available through the APIMonitorImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, remote, arbitrary, bypass
systems | linux, windows, centos
SHA-256 | 70fba2e746b60b36e7ed3d2efbabee053f81db339cfb2580347bd710629b238d
HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the FileDownloadServlet from the SOM component, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.2_E0401 with SOM 5.2 E0401 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4826
SHA-256 | 1850a191353250b7a4f39ae00758d5a46a4b1b6e1c9ca0c3c46852217064aebe
Microsoft IIS HTTP Internal IP Disclosure
Posted Sep 1, 2024
Authored by Matthew Dunn, Heather Pilkington | Site metasploit.com

Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions.

tags | exploit
systems | windows
advisories | CVE-2000-0649, CVE-2002-0422
SHA-256 | f5cd05c837ee40cc8d76e4b5fce64d92ed540c8b1d92111ed48c20b1a0540540
Dicoogle PACS Web Server Directory Traversal
Posted Sep 1, 2024
Authored by h00die, Carlos Avila | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful against Windows targets.

tags | exploit, java, web, arbitrary
systems | windows
SHA-256 | 8f2ecf1201b59abdcaedb189bb29a75443dfe162b8acf3116d81747473b35059
WildFly Directory Traversal
Posted Sep 1, 2024
Authored by Roberto S. Soares | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web server running on port 8080, named JBoss Undertow. The vulnerability only affects to Windows systems.

tags | exploit, web
systems | windows
advisories | CVE-2014-7816
SHA-256 | b3760631a87f3e436e20e7b356c52d0936d8d4d7d95fbe9135a1a1acc0029f27
Atlassian Crowd XML Entity Expansion Remote File Access
Posted Sep 1, 2024
Authored by juan vazquez, Will Caput, Trevor Hartman, Thaddeus Bogner | Site metasploit.com

This Metasploit module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. This Metasploit module has been tested successfully on Linux and Windows installations of Crowd.

tags | exploit, remote
systems | linux, windows
advisories | CVE-2012-2926
SHA-256 | 75935ac70e77d2ed62ac0e96af0d4e5b93fa4b3bb3efd5ddaf65a718cf03dd38
Apache ActiveMQ JSP Files Source Disclosure
Posted Sep 1, 2024
Authored by Veerendra G.G, juan vazquez | Site metasploit.com

This Metasploit module exploits a source code disclosure in Apache ActiveMQ. The vulnerability is due to the Jettys ResourceHandler handling of specially crafted URIs starting with //. It has been tested successfully on Apache ActiveMQ 5.3.1 over Windows 2003 SP2 and Ubuntu 10.04.

tags | exploit
systems | linux, windows, ubuntu
advisories | CVE-2010-1587
SHA-256 | ede3496420e2c26c1f98f2ec9c2985c39b539632810d4d9851f54502743fb0ff
HP SiteScope SOAP Call GetFileInternal Remote File Access
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary file from the remote server. It is accomplished by calling the getFileInternal operation available through the APISiteScopeImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.

tags | exploit, remote, arbitrary, bypass
systems | linux, windows, centos
SHA-256 | ac2a6c8b7ee1032f4592faca207812805ca78af0323e9f167ee599f82c2b95f3
HP Intelligent Management BIMS DownloadServlet Directory Traversal
Posted Sep 1, 2024
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the DownloadServlet from the BIMS component, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 with BIMS 5.1 E0201 over Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4823
SHA-256 | dd399cbd46c56431b6335bb7af600f7a8b07fbe5b5343567170606df7df666bb
Page 1 of 271
Back12345Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close