exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

RealPlayer 1.1.4 Memory Corruption
Posted Mar 24, 2012
Authored by Senator of Pirates

RealPlayer SP1 versions 1.1.4 Build 12.0.0.756 and below suffer from a memory corruption vulnerability.

tags | exploit
SHA-256 | ddd9e040f4b7eafed5ff80ef2b389fd0a0d7384cbf7bae93936c186a876e915b

Related Files

Sysax Multi Server 5.64 Buffer Overflow
Posted Jul 29, 2012
Authored by Craig Freyman, Matt Andreko | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.

tags | exploit, web, overflow
SHA-256 | 121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57
Photodex ProShow Producer 5.0.3256 Buffer Overflow
Posted Jul 26, 2012
Authored by mr.pr0n, Julien Ahrens, juan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | OSVDB-83745
SHA-256 | bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
Simple Web Server Connection Header Buffer Overflow
Posted Jul 23, 2012
Authored by mr.pr0n, juan | Site metasploit.com

This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.

tags | exploit, remote, web, overflow, arbitrary, code execution
systems | windows
SHA-256 | ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34c
ALLMediaServer 0.8 Buffer Overflow
Posted Jul 16, 2012
Authored by modpr0be, juan vazquez, motaz reda | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability is caused due to a boundary error within the handling of HTTP request. While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't reliable across virtual (VMWare, VirtualBox) and physical environments. Because of this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default DEP is OptIn and AllMediaServer won't run with DEP.

tags | exploit, web, overflow
systems | windows
SHA-256 | cd224eb091bd83cac2f6867238fdeea0e253250295ed9b0257c0173e71de0311
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows
SHA-256 | a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow
Posted Jun 2, 2012
Authored by alino, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020006 (GetObjetsRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.

tags | exploit, remote, overflow, udp, code execution
systems | windows
advisories | OSVDB-75780
SHA-256 | e3c0a6f5b3a3f26ed4fb9bebaf9f0c8831cc32e99feb9f9583bae8d17e4829c2
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow
Posted Jun 2, 2012
Authored by alino, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020002 (GetFooterRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.

tags | exploit, remote, overflow, udp, code execution
systems | windows
advisories | OSVDB-75780
SHA-256 | 95742b6130c01a360fcb07725b756b00b4f683ebbfffb07615e116c0dbccde5f
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020004 Buffer Overflow
Posted Jun 2, 2012
Authored by alino, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020004 (GetBootRecordRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.

tags | exploit, remote, overflow, udp, code execution
systems | windows
advisories | OSVDB-75780
SHA-256 | 48a0910b2afcd24f3d4c665d8c997a2e0fe577dffb6bca3c0ecace91c10b120f
Laoy8! 3.0sp1 Cross Site Scripting
Posted Mar 24, 2012
Authored by Ali.Erroor

Laoy8! CMS version 3.0sp1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4930a19b764cac7eda59e68e1a8624d9d7c53390ff842362f47a4b2479ea53cc
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
Posted Feb 10, 2012
Authored by AbdulAziz Hariri | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.

tags | exploit, remote, overflow, udp
systems | windows
advisories | OSVDB-75780
SHA-256 | 5d732951640be5f0d7a3bbb2123ba314dbfea24dfb6b7fe3d4aa47cf4fcea31a
Exploit Next Generation SQL Fingerprint 1.12.120115/RC0
Posted Jan 16, 2012
Authored by Nelson Brito

The Exploit Next Generation® SQL Fingerprint tool uses well-known techniques based on several public tools capable of identifying the Microsoft SQL Server version (such as: SQLping and SQLver), but, instead of showing only the "raw version" (i.e., Microsoft SQL Version 10.00.2746), the Exploit Next Generation® SQL Fingerprint shows the mapped Microsoft SQL Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).

tags | tool, scanner
systems | windows
SHA-256 | bf4a7c2d83f70c89142fb442c4c5a64539b4f8b6d26e806e53e2c6a7329d4ac4
Bypassing Windows 7 Kernel ASLR
Posted Oct 12, 2011
Authored by Stefan Le Berre

Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1.

tags | paper, kernel, bypass
systems | windows
SHA-256 | 5c3994059d8384faf17163e5cb49cd471cedb061f14e2c2b7ef3cdb5ce5724aa
Orion SolarWinds 10.1.2 Cross Site Scripting
Posted Sep 12, 2011
Authored by Gustavo

Orion SolarWinds version 10.1.2-SP1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fdd0399b1492e10c58ab627852ef2be1e2971ed2b7f7f0375473bf6d303e2dee
Inline Hooking In Windows
Posted Sep 8, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

This document is the second of a series of five articles relating to the art of hooking. As a test environment they will use an english Windows Seven SP1 operating system distribution.

tags | paper
systems | windows
SHA-256 | 02012b744a4c170a554406666f1561e871e40b64e03fab4557959d93d6ba3e92
Microsoft Report Viewer Cross Site Scripting
Posted Aug 25, 2011
Authored by Adam Bixby | Site gdssecurity.com

Microsoft Report Viewer controls suffer from a cross site scripting vulnerability. Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual Studio 2005 Service Pack 1 are affected.

tags | exploit, xss
advisories | CVE-2011-1976
SHA-256 | 4d9788bddcd51301180727fdb8f1bfb7d0282f2267bc50035868014db7f5b3e7
Microsoft Windows 7 Ultimate RPC Denial Of Service
Posted Aug 16, 2011
Authored by Michael Burgbacher, Thomas Unterleitner | Site barracudanetworks.com

Microsoft Windows 7 Ultimate SP1 32 bit and 64 bit suffers from a RPC denial of service vulnerability due to mishandling of malformed DHCPv6 packets.

tags | advisory, denial of service
systems | windows
SHA-256 | c5dce36fdf75da8e6e2691aa8865253724e1cb7f7bd8fe3cf50839029dafad31
Userland Hooking In Windows
Posted Aug 16, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.

tags | paper
systems | windows
SHA-256 | 14893704b2ff4c3c7c7d92d60513c25bdb78d545d4d5a830b05d02acc259c996
Wonderware InBatch 9.0sp1 Buffer Overflow
Posted Dec 8, 2010
Authored by Luigi Auriemma | Site aluigi.org

Wonderware InBatch versions 9.0sp1 and below suffer from a buffer overflow vulnerability. Use the related file to exploit it.

tags | advisory, overflow
SHA-256 | 2b75b40f8b5d10b1aad656254bc228553139874595ce2d6695d6663ecfb75d50
Web.config Download Proof Of Concept
Posted Oct 4, 2010
Authored by Giorgio Fedon | Site blog.mindedsecurity.com

Proof of concept exploit that demonstrates the downloading of Web.config. This affects unpatched versions of .NET framework 3.5 Sp1. Full details are available on the homepage.

tags | exploit, web, proof of concept
SHA-256 | c2bff02b5943229b67a2c7bfe0e791c38fd61cecc58a739443381625fa85ed4b
Secunia Security Advisory 41599
Posted Sep 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the SUSE Linux Enterprise 11 SP1 kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
SHA-256 | b3d9fc46407ea350316e81baf6f6e2f70175f6db9a301d0913c2b3a53ce6c664
RSA enVision Denial Of Service
Posted Aug 6, 2010
Site emc.com

RSA enVision versions prior 3.7 SP1 may contain potential denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2010-2634
SHA-256 | 7566319f767757867865456f7784400be8a8be03606701a7b11d6e60fb586707
Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)
Posted Jul 26, 2010
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This Metasploit module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. This Metasploit module exploits the RPC service using the \\\\DNSSERVER pipe available via SMB. This pipe requires a valid user account to access, so the SMBUSER and SMBPASS options must be specified.

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1748
SHA-256 | e9b0527ebdd2cf04d5a8b77d31a915ef02a016adafac8d7e3310e2c2e5502c34
Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)
Posted Jul 26, 2010
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This Metasploit module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2.

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1748
SHA-256 | 9b7e6f209365505dfcd113a948db7bfb7bbb370bb024a1d2ca6fb2feabc1c1cf
Windows Seven Pro SP1 64 Fr Beep Shellcode
Posted May 28, 2010
Authored by agix

39 bytes small Windows Seven pro SP1 64 Fr beep shellcode.

tags | shellcode
systems | windows
SHA-256 | 24307bb3c3c728366360f1218ac97d687929e2b512e6f659bb8b5915797fecd3
iDEFENSE Security Advisory 2010-03-09.4
Posted Mar 10, 2010
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0260
SHA-256 | 0ce96e514152fd2e39a14f6d90a2f11df679f07a29a783acaf69ad7b35b46079
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close