exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 96 RSS Feed

Files

Milton Webdav 2.7.0.1 XXE Injection
Posted Nov 2, 2015
Authored by Mikhail Egorov

Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7326
SHA-256 | 46b29fcbd281a787022982aa5892c003ff7312833ef3f70e1d8febb584ffcc1a

Related Files

Microsoft Windows Shell Graphics BMP "width" Integer Overflow
Posted Feb 14, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the "width" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.

tags | advisory, remote, overflow, shell
systems | windows
SHA-256 | 424e76ac6176134b9620fc780ea75da7e66aee6adb5388e91cf75fdc7beeb515
Microsoft Windows Shell LNK Code Execution
Posted Aug 5, 2010
Authored by H D Moore, jduck, B_H | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This Metasploit module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2010-2568
SHA-256 | 9da276a24a186e88eecee809f9c847b33c7567cfb9d16ca26be2ac512e489408
Mac OS X WebDAV Kernel Extension Denial Of Service
Posted Jul 26, 2010
Authored by Dan Rosenberg

The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation.

tags | advisory, denial of service, kernel, local
systems | apple, osx
advisories | CVE-2010-1794
SHA-256 | d6f15be99289fd0bcf6c81b9793b54371556cccddb48c1a7ecd9884a927c66d7
Microsoft Windows Shell LNK Code Execution
Posted Jul 21, 2010
Authored by H D Moore, jduck | Site metasploit.com

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This Metasploit module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2010-2568
SHA-256 | 02b7a4d416053d7ead37976f6d7d16df09d4d947e59b569a8c904c94108c01af
Sun Java System Web Server WebDAV OPTIONS Buffer Overflow
Posted May 3, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sun Java Web Server prior to version 7 Update 8. By sending an "OPTIONS" request with an overly long path, attackers can execute arbitrary code. In order to reach the vulnerable code, the attacker must also specify the path to a directory with WebDAV enabled. This exploit was tested and confirmed to work on Windows XP SP3 without DEP. Versions for other platforms are vulnerable as well. The vulnerability was originally discovered and disclosed by Evgeny Legerov of Intevydis.

tags | exploit, java, web, overflow, arbitrary
systems | windows
advisories | CVE-2010-0361
SHA-256 | c3475168b519e0a4d79aa02d77825b2c1bfbe2132656b22f2313752701602378
Sun Java Web Start Plugin Command Line Argument Injection
Posted Apr 19, 2010
Authored by jduck | Site metasploit.com

This Metasploit module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as discussed by Ruben Santamarta, an attacker can execute arbitrary code in the context of an unsuspecting browser user. This vulnerability was originally discovered independently by both Ruben Santamarta and Tavis Ormandy. Tavis reported that all versions since version 6 Update 10 "are believed to be affected by this vulnerability." In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.

tags | exploit, java, web, arbitrary, root
advisories | CVE-2010-0886
SHA-256 | aed095959e7fb49ead9d940a99e35f4900f138562041229b74340d7ea5e82167
Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
Posted Apr 15, 2010
Authored by H D Moore, Solar Eclipse, skape | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.

tags | exploit, overflow
advisories | CVE-2007-0038
SHA-256 | 77a69a99c5c235c2339e0f087749f6b147c5953684914f6479b3edef34269f9a
Internet Explorer Winhlp32.exe MsgBox Code Execution
Posted Apr 15, 2010
Authored by Maurycy Prodeus | Site metasploit.com

This Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.

tags | exploit, web, code execution
advisories | CVE-2010-0483
SHA-256 | 78422f19ea0d8bce6a74c02e6e26e1840301ad3c5fdd0f923caed537a2c47c13
IE Winhlp32.exe MsgBox F1
Posted Mar 3, 2010
Authored by Maurycy Prodeus | Site metasploit.com

This Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.

tags | exploit, web, code execution
SHA-256 | f83f40fb588e34999fbe38619333368187e38c873789888c011448074585069e
Microsoft IIS WebDAV Write Access Code Execution
Posted Feb 10, 2010
Site metasploit.com

This Metasploit module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script using a WebDAV PUT request.

tags | exploit, asp
SHA-256 | 4ec5b093ab1cb3f7824fc0789935b123c05d0f352410b2d130c1546774dfb524
Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This exploits a buffer overflow in NTDLL.dll on Windows 2000 through the SEARCH WebDAV method in IIS. This particular module only works against Windows 2000. It should have a reasonable chance of success against any service pack.

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0109
SHA-256 | 4caf806bf3d6f77c4656950f84e53b18fa51e99928ad15a38f88eb4cb5dc4dad
Microsoft Private Communications Transport Overflow
Posted Nov 26, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an application that uses SSL. The only application protocol supported at this time is SMTP. You only have one chance to select the correct target, if you are attacking IIS, you may want to try one of the other exploits first (WebDAV). If WebDAV does not work, this more than likely means that this is either Windows 2000 SP4+ or Windows XP (IIS 5.0 vs IIS 5.1). Using the wrong target may not result in an immediate crash of the remote system.

tags | exploit, remote, overflow, protocol
systems | windows
advisories | CVE-2003-0719
SHA-256 | ac057a3cda069d28dca0c494d2f34be73d1c4eeab49fc99c9b71b71226f4849e
Subversion Date Overflow
Posted Oct 28, 2009
Authored by spoonm

This is a Metasploit exploit for the Subversion date parsing overflow. This exploit is for the svnserve daemon (svn:// protocol) and will not work for Subversion over webdav (http[s]://). This exploit should never crash the daemon, and should be safe to do multi-hits.

tags | exploit, web, overflow, protocol
advisories | CVE-2004-0397
SHA-256 | c81084cf41376c203360dc2c4fd7badff87c3c33602d948682a6905bafe517a2
nginx 0.7.61 Directory Traversal
Posted Sep 24, 2009
Authored by Kingcope

nginx version 0.7.61 suffers from a WebDAV copy/move method directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 7b4a38163573c74eaf582034e58861d28cafc0a15ba48b2128977ec6ff7ac759
WebTuff IIS 6.0 WebDAV Authentication Bypass
Posted May 27, 2009
Authored by Raviv Raz

WebTuff is a tool to test for the IIS 6.0 WebDAV authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 962b69de61490a46ff34f5d84021349fb8293ca003948bee1457d57d305ba85d
Microsoft IIS 6.0 WebDAV Bypass
Posted May 27, 2009
Authored by ka0x

Microsoft IIS version 6.0 WebDAV remote authentication bypass exploit.

tags | exploit, remote, bypass
SHA-256 | 5462129e3f7a6bcfbbaec18c09a484954d4d67cfb29c59ddc206e5dafdbd4c4c
Microsoft IIS 6.0 Bypass
Posted May 24, 2009
Authored by racle

Microsoft IIS 6.0 WebDAV remote authentication bypass exploit written in PHP.

tags | exploit, remote, php, bypass
SHA-256 | 31ac50020928f3960dfa0af71324c8271a44751cd4ba45c85f2db8096870c9b0
Microsoft IIS 6.0 WebDAV Bypass
Posted May 21, 2009
Authored by Andrew Orr, Ron Bowes | Site skullsecurity.org

Remote authentication bypass exploit for the WebDAV vulnerability in Microsoft IIS 6.0.

tags | exploit, remote, bypass
SHA-256 | 58794bad254c95a52a4aff02ec52eb753d9e24ebc75be5de3d39aa371b956db2
Microsoft IIS 6.0 WebDAV Bypass
Posted May 16, 2009
Authored by Kingcope

Microsoft IIS version 6.0 suffers from a WebDAV remote authentication bypass vulnerability.

tags | exploit, remote, bypass
SHA-256 | ed317aa9d45ad84a8984658e30b3b9bad93a6b391762859bbceb67cb7aa1cb6b
Insomnia Security Vulnerability Advisory ISVA-081209.1
Posted Dec 10, 2008
Authored by Brett Moore | Site insomniasec.com

Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.

tags | advisory
SHA-256 | 0ebee2503764c3f44cce43818618fb05a3255230042be4a70fb22d4b93f6b573
Zero Day Initiative Advisory 08-087
Posted Dec 9, 2008
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 08-087 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 7 on the Microsoft Vista operating system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a WebDAV fetch of a document from a path containing a large number of characters. Mishandling of cached content results in a heap corruption which can be leveraged to execute arbitrary code under the context of the current instance of Internet Explorer.

tags | advisory, arbitrary
advisories | CVE-2008-4259
SHA-256 | b7e31f5172a842f8f18ffa92303a19af6f2fd3be8bec591aff3b4c8e6630bf3f
Gentoo Linux Security Advisory 200711-3
Posted Nov 1, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-03 - Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Versions less than 2.2.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4650
SHA-256 | f857448a23e6195c33b2b0f3e69cb9bbfc03e823b58f162e265e8de4dec66f71
tomcatwebdav-disclose.txt
Posted Oct 22, 2007
Authored by h3rcul3s

Apache Tomcat with WEBDAV remote file disclosure exploit that has SSL support.

tags | exploit, remote, info disclosure
SHA-256 | c8197e01da4f8f5ec83aec7a08aed8290e4c514153bf573a492020ff2651cd93
apache-disclose.txt
Posted Oct 15, 2007
Authored by eliteb0y

Apache Tomcat WEBDAV remote file disclosure exploit.

tags | exploit, remote, info disclosure
SHA-256 | 457bbb176a21d5dce419c9522a72dc2d4a60fe33fb45bc26dd0437cc22ca667f
Secunia Security Advisory 18857
Posted Feb 14, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in Web Client Service the handling of WebDAV messages.

tags | advisory, web, local
systems | windows
SHA-256 | fbc5f721ea7a0a4fe40eb70d726a7f4b07ce45e553327c4777991b7967891787
Page 3 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close