exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 96 RSS Feed

Files

Milton Webdav 2.7.0.1 XXE Injection
Posted Nov 2, 2015
Authored by Mikhail Egorov

Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7326
SHA-256 | 46b29fcbd281a787022982aa5892c003ff7312833ef3f70e1d8febb584ffcc1a

Related Files

Real Player 20.1.0.312 / 20.0.3.317 DLL Hijacking
Posted Jun 3, 2022
Authored by Eduardo Braun Prado | Site github.com

The Player application and the Recording Manager of Real Player versions 20.1.0.312 and 20.0.3.317 are prone to a remote DLL hijack (binary planting) issue because of an unsafe search for non-existent DLLs. To exploit the issue attackers would have to convince the target to open a media file from a WebDAV or SMB share. Update - It has been noted that as of April 17, 2023, version 22.0.2.306 is also affected by this issue.

tags | exploit, remote
systems | windows
SHA-256 | cdec3264c1dfb6072227ec32f752253561a495967fe39b8f043c7c2b09f4d8af
Microsoft .diagcab Directory Traversal / Code Execution
Posted Jan 18, 2020
Authored by Imre Rad

A flaw in the implementation of Microsoft's Troubleshooter technology could lead to remote code execution if a crafted .diagcab file is opened by the victim. The exploit leverages a rogue webdav server to trick MSDT to drop files to attacker controller locations on the file system.

tags | exploit, remote, code execution
SHA-256 | cbe54b81542a05ea1e6eca61a96e5a5cf9a912e2b9399db4856ff9dcd2335482
Jalios JCMS 10 Backdoor Account / Authentication Bypass
Posted Nov 20, 2019
Authored by Ricardo Jose Ruiz Fernandez

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password.

tags | advisory
advisories | CVE-2019-19033
SHA-256 | 4829f8ae23e18fce86bba81501fecaf37b995626d52f739665df9e76cff8be4a
Huawei eSpace 1.1.11.103 DLL Hijacking
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
advisories | CVE-2014-9416
SHA-256 | 9aea69b662c8d5265e392a312f1101654a587b68b47e8265d432fd5d1e6f36d7
Atlassian Confluence SSRF / Remote Code Execution
Posted Mar 25, 2019
Authored by Atlassian

Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.

tags | advisory, remote, code execution
advisories | CVE-2019-3395, CVE-2019-3396
SHA-256 | 6815f5ede86e6165662c3fa9e98b1bc174808159c2c011d507237ad6bf678d74
NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution
Posted Mar 11, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. Version 2.8.0 is affected.

tags | exploit, remote, arbitrary
SHA-256 | 9b25608e33db31ec854a322eef7e473af8343e6f2015169f26412c7df6c6542f
WebDAV Server Serving DLL
Posted Dec 13, 2018
Authored by Ryan Hanson, James Cook | Site metasploit.com

This Metasploit module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotely and execute the provided export function. The export function needs to be valid, but the default meterpreter function can be anything. The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV but does not load the dll from that location. This file should be removed after execution. The extension can be anything you'd like, but you don't have to use one. Two files will be written to disk. One named the requested name and one with a dll extension attached.

tags | exploit, local
systems | windows
SHA-256 | ffc4442915ecf93d8cc559e8f07b68a8fa8aa6fc9f12c43ac4f3ae5d931ac495
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Posted May 11, 2017
Authored by Dominic Chell, FireFart, Zhiniang Peng, Chen Wu, zcgonvh, Rich Whitcroft | Site metasploit.com

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2017-7269
SHA-256 | dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
EXPLODINGCAN 2.0.2 Microsoft IIS 6 Exploit
Posted Apr 15, 2017

EXPLODINGCAN is an exploit for Microsoft IIS 6 that leverages WebDAV and works on 2003 only. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.

tags | exploit, web
SHA-256 | 2d29211219806e7a08f3a5f698230796b4681542694e0bd5b0ea60b287739cb2
MS IIS 6.0 Buffer Overflow NSE Script
Posted Apr 8, 2017
Authored by Rewanth Cool

This NSE script for Nmap exploits a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.

tags | exploit, overflow
systems | windows
advisories | CVE-2017-7269
SHA-256 | 453e63883fdaffb5ec618ef53ef8f9b005dad44b6e71f23b25a260104dacbeaa
Microsoft IIS 6.0 WebDAV ScStoragePathFromUrl Buffer Overflow
Posted Mar 27, 2017
Authored by Zhiniang Peng, Chen Wu

Microsoft IIS version 6.0 suffers from a WebDAV ScStoragePathFromUrl buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-7269
SHA-256 | 6863dfccb5afdbb2b68e4e352d69d7475a42a362ead4a48025220cdbd740e6d3
DLL Side Loading In VMware Host Guest Client Redirector
Posted Aug 11, 2016
Authored by Yorick Koster | Site metasploit.com

A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.

tags | exploit, arbitrary
advisories | CVE-2016-5330
SHA-256 | 77b0507ce09c87acf67f7f51e1ec6e8edf574e2564f337de61f2167599efd712
VMware Host Guest Client Redirector DLL Hijacking
Posted Aug 6, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.

tags | advisory, arbitrary
systems | windows
SHA-256 | a9ebf159096d5d370785b483c89286e459f55701477990b573fb428d268cfcc8
Windows Local WebDAV NTLM Reflection Elevation Of Privilege
Posted Jun 23, 2016
Authored by Google Security Research, forshaw

A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system.

tags | exploit, local
systems | linux, windows
advisories | CVE-2016-3225
SHA-256 | 38a08b6ee37889a0cd9d35ed8ee32279823b97688768df81253865add1d05bf8
.NET Framework 4.6 DLL Hijacking
Posted Apr 12, 2016
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the .NET Framework version 4.6 when running on Windows Vista or Windows 7. This issue can be exploited by luring a victim into opening an Office document from the attacker's share. An attacker can use this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet. This issue can be exploited even if the Office document is opened in Protected View.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2016-0148
SHA-256 | 1fb365836205d5377a82bf14506445c9d12b9a1770f630bfeaefcc48a647ab60
Microsoft Windows WebDAV BSoD Proof Of Concept
Posted Feb 12, 2016
Authored by koczkatamas

Microsoft Windows WebDAV blue screen of death denial of service proof of concept exploit that leverages the vulnerability outlined in MS16-016.

tags | exploit, denial of service, proof of concept
systems | windows
advisories | CVE-2016-0051
SHA-256 | c468b723ba71e8296d1930ad5140d0ff9bb039c160c504c1d3db155a684a0264
Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution
Posted Jan 18, 2016
Authored by LiquidWorm | Site zeroscience.mk

FluidDraw suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (siappdll.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application files (.PRJ, .CIRC, .CT, .DXF, .SYM) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
SHA-256 | b888668e78f26bf616638590d347cf1fd8f42e29ffb93324610bb72e0beb7d10
Debian Security Advisory 3298-1
Posted Jul 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3298-1 - It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http(s)" or "file". Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.

tags | advisory, web, xxe
systems | linux, debian
advisories | CVE-2015-1833
SHA-256 | d091fdea4958a8151a20ee1e53c260ff67a24262ac3e41f169fd462922e71faf
Jackrabbit WebDAV XXE Injection
Posted May 21, 2015
Authored by Mikhail Egorov

Jackrabbit versions 2.x suffer from a WebDAV XXE injection vulnerability. Included are details and patches.

tags | exploit, xxe
systems | linux
advisories | CVE-2015-1833
SHA-256 | 6408e65868c52858ab9e20f4d7de9fc89e4df4439e5fa505f752b7ed50030fc8
WebDAV Uploading Script
Posted Apr 10, 2015
Authored by AdeRoot

Simple PHP script that explores WebDAV vulnerable sites that allow arbitrary uploads.

tags | tool, arbitrary, scanner, php, file upload
systems | unix
SHA-256 | 82096e8ddc00f8baec5d02ce1a0576b3e0253c168398a7b80b0b02473a331d36
Microsoft Windows Local WebDAV NTLM Reflection Privilege Escalation
Posted Mar 24, 2015
Authored by James Forshaw

A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system. It can also be used to escape application sandboxes if TCP socket access is not blocked. Microsoft will not fix this issue.

tags | advisory, local, tcp
systems | windows
SHA-256 | d7f65f0f6fcfb1538cdd107180c364c1d5d666cadc19162e231ebc624660d51a
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
Posted Feb 28, 2014
Authored by juan vazquez, Z0mb1E, amisto0x07 | Site metasploit.com

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE. The last one can be executed remotely through the WebView server. This Metasploit module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded CimWebServer. This Metasploit module starts a WebDAV server to provide the malicious BCL files. When the target hasn't the WebClient service enabled, an external SMB service is necessary.

tags | exploit, remote, arbitrary
advisories | CVE-2014-0750
SHA-256 | b26303cb1fa471041439c64a8b439bb47d11b4fd3e3adb2f2cd74c8afe861e4f
Mandriva Linux Security Advisory 2013-244
Posted Sep 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-244 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation. The updated packages have been patched to correct this issue.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2013-4362
SHA-256 | af7482beeb30b5336944896057c8df7f6c9b5cb4480241b35162b432c91c28d1
Debian Security Advisory 2765-1
Posted Sep 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2765-1 - Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation.

tags | advisory, root
systems | linux, debian
advisories | CVE-2013-4362
SHA-256 | 3903ec4ccc79432967878e89f87d6fdeefddcd86cea4d6f09148d0d4af7e6b8b
Copy To WebDAV 1.1 LFI / Shell Upload / Command Injection
Posted Aug 15, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Copy to WebDAV version 1.1 for iOS suffers from local file inclusion, command injection, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
systems | cisco, ios
SHA-256 | 23dcf46f528554d76be9439abab500204ea1dfc338b343174897859c0b85f712
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close