what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Microsoft IIS 6.0 WebDAV ScStoragePathFromUrl Buffer Overflow
Posted Mar 27, 2017
Authored by Zhiniang Peng, Chen Wu

Microsoft IIS version 6.0 suffers from a WebDAV ScStoragePathFromUrl buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-7269
SHA-256 | 6863dfccb5afdbb2b68e4e352d69d7475a42a362ead4a48025220cdbd740e6d3

Related Files

Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows
SHA-256 | a969edd9061df64ff92c55db7b277da617626bfa9448eab4978dfbd56a0d42bb
Microsoft IIS Tilde Character Name Disclosure / Denial Of Service
Posted Jul 2, 2012
Authored by Soroush Dalili

Microsoft IIS suffers from a short file/folder name disclosure vulnerability when handling tilde characters. The .NET framework may also suffer from a denial of service condition relating to the handling of tilde. Proof of concept scanner included.

tags | exploit, denial of service, proof of concept
systems | linux
SHA-256 | ac7e17676655fc32991058e316c32da4c4a71a9100a0f1c88e9530581b4638c8
Microsoft IIS 6.0 / 7.5 Authentication Bypass
Posted Jun 11, 2012
Authored by Kingcope

Microsoft IIS versions 6.0 and 7.5 suffer from various authentication bypass vulnerabilities. 7.5 also suffers from a source code disclosure flaw.

tags | exploit, vulnerability, bypass
SHA-256 | 31f691d3442ef019996f5131a36d46a349b82fb445d8c3c399201566683d7edb
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
SHA-256 | 5b8f51f6304db9028ffb31a8630bc9126a8b59e8dff7370fae1e12b8fd591199
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
SHA-256 | 382234f494b3e6be1ceaa9dc39e8b06bf8faad703997a8f0eec9259b5d187113
Microsoft IIS FTP Server 7.0 Stack Exhaustion
Posted Jul 3, 2011
Authored by Kingcope, Myo Soe | Site metasploit.com

This Metasploit module triggers a denial of service condition in the Microsoft Internet Information Services (IIS) FTP Server versions 5.0 through 7.0 via a list (ls) -R command containing a wildcard. This exploit is especially meant for the service which is configured as "manual" mode in startup type.

tags | exploit, denial of service
advisories | CVE-2009-2521, OSVDB-57753
SHA-256 | 575fed5c9101b9e2345bf64ca7b5f2b1ca4205c300ba8af0446db71f25d0eed2
ISSA Ireland Security Conference 2011 Call For Papers
Posted Mar 29, 2011
Site issaireland.org

The ISSA Ireland Security Conference (IISC) 2011 call for papers has been announced. It will be held from May 11th through the 12th, 2011 in The Royal College of Physicians Ireland on Kildare Street, Dublin.

tags | paper, conference
SHA-256 | cc742e348803b4bebccc7e0c52ac2c3b04a64d189f3658425747a6b6c29779ab
Tor's Hammer - Slow POST Denial Of Service Testing Tool
Posted Mar 2, 2011
Authored by entropy | Site phiral.net

Tor's Hammer is a slow post dos testing tool written in Python. It can also be run through the Tor network to be anonymized. If you are going to run it with Tor it assumes you are running Tor on 127.0.0.1:9050. Kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads.

tags | web, denial of service, python
systems | linux
SHA-256 | 00127b3a7c45407764e28730a9732e9e09810e26b1733841424227c6b35ae4f8
Microsoft IIS 6 Parsing Vulnerability
Posted Jan 25, 2011
Authored by Pouya Daneshmand

The author of this file claims that naming a directory with a .asp extension on IIS 6 will causing all files inside of it to be executed as such.

tags | advisory, asp
SHA-256 | 7d3a817a22ee42fe51d188e334502eb335489a020414bfe1d8e9ebcb14d8ed1f
Secunia Security Advisory 42713
Posted Dec 23, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matthew Bergin has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service
SHA-256 | edd767a5893eeeb01941313ae638e6b924a5700beb11f16fbf9ce02403c92dff
Windows 7 IIS 7.5 FTPSVC Denial Of Service
Posted Dec 23, 2010
Authored by Matthew Bergin

Windows 7 IIS 7.5 FTPSVC UNAUTH'd remote denial of service proof of concept exploit.

tags | exploit, remote, denial of service, proof of concept
systems | windows
SHA-256 | bf3d69d355c66e3e955e2862bb09f3c60727ae26cf9f11b90c48aeb059e0be13
Zero Day Initiative Advisory 10-221
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.

tags | advisory, remote, arbitrary, sql injection, asp
advisories | CVE-2010-0112
SHA-256 | aa84e124106e38044201acc658964bf70d81a2b24ca030fc5cbbdc9da2d4118a
Zero Day Initiative Advisory 10-220
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.

tags | advisory, remote, arbitrary, sql injection, asp
advisories | CVE-2010-0112
SHA-256 | 510fb503338ecbfca13adb7cacbe14f877aeedd8c76b5d0dae0ef34e9387165d
Zero Day Initiative Advisory 10-225
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdPageImlogic.aspx page which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'DetailReportGroup' an attacker can force the server to load the DetailReportGroup.lgx definition file. This file contains SQL injections within multiple parameters. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.

tags | advisory, remote, web, arbitrary, sql injection
advisories | CVE-2010-0112
SHA-256 | 7178e80358422215dfcb5e13ab812b85882bff6721703e9d1f5c9201442d1865
Zero Day Initiative Advisory 10-224
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'SummaryReportGroup' an attacker can force the server to load the SummaryReportGroup.lgx definition file. This file contains multiple SQL injections within the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.

tags | advisory, remote, web, arbitrary, sql injection
advisories | CVE-2010-0112
SHA-256 | 5afe335679de5f033e5e0a1a662607fc21b3e926d2aee1e4691d33b4ad33c86e
Zero Day Initiative Advisory 10-223
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx and rdPage.aspx pages which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'LoggedInUsers' an attacker can force the server to load the LoggedInUSers.lgx definition file. This file contains multiple SQL injections within the following parameters: 'loginTimeStamp', 'dbo', 'dateDiffParam' and 'whereClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.

tags | advisory, remote, web, arbitrary, sql injection
advisories | CVE-2010-0112
SHA-256 | ceb74fd58c461aa0e284d9ade21196015768b8397e112aefb567c5900c3a68a9
Zero Day Initiative Advisory 10-222
Posted Oct 28, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-222 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. This page does not properly filter the arguments to the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.

tags | advisory, remote, web, arbitrary
advisories | CVE-2010-0112
SHA-256 | 68f2d97d3e125f5189468d6de7f56e3cb443df79990296aa6526bb203d2d6aef
Microsoft IIS FTP Server NLST Response Overflow
Posted Oct 6, 2010
Authored by H D Moore, Kingcope | Site metasploit.com

This Metasploit module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).

tags | exploit, overflow
advisories | CVE-2009-3023
SHA-256 | 03dd84b1fa133f23eef6c093613e5dc4647bab107afd312e34d65559564a1da3
Microsoft IIS 6 Denial Of Service
Posted Oct 1, 2010
Authored by Kingcope

Microsoft IIS 6 suffers from an ASP denial of service stack overflow vulnerability.

tags | exploit, denial of service, overflow, asp
SHA-256 | 968ad700fa412b03b08cda7cfb16f28e1648859ba12d1924d7d64d6a0139aeb6
Rapid7 Security Advisory 36
Posted Aug 30, 2010
Authored by H D Moore, Rapid7, Will Vandevanter | Site rapid7.com

Rapid7 Security Advisory - FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulnerability has been confirmed on FCKEditor 2.5.1 and 2.6.6.

tags | exploit, remote, code execution, asp
advisories | CVE-2009-4444
SHA-256 | d7ff7819bc5c1b9397d022f19065769fe00e58d1169b50c1ef3b83d03e7b2950
Amlibweb NetOpacs webquery.dll Stack Overflow
Posted Aug 5, 2010
Authored by patrick | Site metasploit.com

This Metasploit module exploits a stack overflow in Amlib's Amlibweb Library Management System (NetOpacs). The webquery.dll API is available through IIS requests. By specifying an overly long string to the 'app' parameter, SeH can be reliably overwritten allowing for arbitrary remote code execution. In addition, it is possible to overwrite EIP by specifying an arbitrary parameter name with an '=' terminator.

tags | exploit, remote, overflow, arbitrary, code execution
SHA-256 | fe4b9c6660b9a78cd1ca60a3af4c9505711a0207a3d593097dec278c1746ef04
Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow
Posted Jul 26, 2010
Authored by H D Moore | Site metasploit.com

This exploits a buffer overflow found in the nsiislog.dll ISAPI filter that comes with Windows Media Server. This Metasploit module will also work against the 'patched' MS03-019 version. This vulnerability was addressed by MS03-022.

tags | exploit, overflow
systems | windows
advisories | CVE-2003-0349
SHA-256 | c72f76f8a8253daffa9c80e5fc0eabf4bd5c86b37e4f1d22740423ea314f5177
IIS 5 Authentication Bypass
Posted Jul 3, 2010
Authored by Soroush Dalili | Site soroush.secproject.com

IIS 5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 37ea748726abfdcf90c5f620168c130aaee2fc345aa57be4c08c7f6c6dc47a6a
IISWorks FileMan Remote User Database Disclosure
Posted Jun 16, 2010
Authored by j0fer

IISWorks FileMan suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 38a4d64b8d788622a623151962b2b3e155249abd41c88ae39dc024e0fd6dba57
Microsoft IIS/PWS CGI Filename Double Decode Command Execution
Posted May 26, 2010
Authored by jduck | Site metasploit.com

This Metasploit module will execute an arbitrary payload on a Microsoft IIS installation that is vulnerable to the CGI double-decode vulnerability of 2001. NOTE: This Metasploit module will leave a metasploit payload in the IIS scripts directory.

tags | exploit, arbitrary, cgi
advisories | CVE-2001-0333
SHA-256 | 641ff99aa7811add9ad4dcc768fb2145b5eaa76f8f0c9f211e656f570bea2703
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close