what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

MS17-010 SMBv1 SrvOs2FeaToNt OOB Remote Code Execution
Posted May 10, 2017
Authored by Juan Sacco

SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. This exploit leverages this vulnerability as described in MS17-010.

tags | exploit, remote, code execution
SHA-256 | a8aa061521a024a2681c43faf9e0f6857ab4aabefda62ecf82da7a024aea3165

Related Files

Microsoft SharePoint Remote Code Execution
Posted Jul 10, 2024
Authored by testanull | Site github.com

This archive contains three proof of concepts exploit for multiple Microsoft SharePoint remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, proof of concept
advisories | CVE-2024-38023, CVE-2024-38024, CVE-2024-38094
SHA-256 | d80ffcbe99aa73f58e248f00ca3af5b3281e817bc026be01942991e895b4530a
Microsoft Office OneNote 2007 Remote Code Execution
Posted Oct 6, 2021
Authored by Eduardo Braun Prado

Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2014-2815
SHA-256 | a2e1f0872cb6d8139581f87f3c37e90d1829d74bca8d610a3d0ffadd03dd7e9d
Microsoft Windows MSHTML Overview
Posted Sep 20, 2021
Authored by Eduardo Braun Prado

This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.

tags | exploit
advisories | CVE-2021-40444
SHA-256 | 78527c30f8b16f6de1e16c3cf93b1aaa4506bde934637509d7046e6e1fd8681b
Microsoft ACL Shortcomings
Posted May 18, 2021
Authored by Stefan Kanthak

The way Microsoft Windows implements file security appears to have some significant shortcomings.

tags | exploit
systems | windows
SHA-256 | 1a9d53b83691e86720f4c510191f9bc7a7352b1a697239a933f41958c7ec6982
Microsoft Windows Unsafe Handling Practices
Posted Jul 27, 2020
Authored by Stefan Kanthak

This post outlines multiple unsafe practices in Microsoft Windows that can allow for local privilege escalation.

tags | exploit, local
systems | windows
SHA-256 | 4bc0ba08bfeebdf7043e5c7d7060e65bdb0c48ca36fa23fc83ebabb77e5ff80d
Microsoft Windows VCF Arbitrary Code Execution
Posted Jan 22, 2019
Authored by Eduardo Braun Prado, hyp3rlinx

Microsoft Windows VCF or Contact file URL manipulation arbitrary code execution proof of concept exploit. Tested on Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. Both x86 and x64 architectures were tested.

tags | exploit, arbitrary, x86, code execution, proof of concept
systems | windows
SHA-256 | 4bab944a0b17daf7f0d90da83593812093fe9831c9e83e778ca90dee2aeb3463
Microsoft Windows ADODB.Record Object File Overwrite
Posted Jun 29, 2018
Authored by Eduardo Braun Prado

Microsoft Windows suffers from an ADODB.Record object file overwrite vulnerability. The password for the proof of concept zip is adorecord.

tags | exploit, proof of concept
systems | windows
SHA-256 | fa5ba9f3b0a03d61eb7be0c60781151047f183df16df52d8cab904fdcd2cc159
Microsoft Windows FxCop 12 XXE Injection
Posted May 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.

tags | exploit, local
systems | windows
SHA-256 | 529e37622cb8b9a8c7ff1df46c0f23167d4d261569eec1722cd310507eb17b47
Microsoft Windows GDFMaker 6.3.9600.16384 XXE Injection
Posted Oct 18, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows Game Definition File Editor (GDFMaker) version 6.3.9600.16384 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
systems | windows
SHA-256 | 10f87d3d1b9071caa4665070b4aa0e2d5a5dea176d6602bf53f8a85c7ceff9c0
Microsoft WinDbg LogViewer Buffer Overflow
Posted Jul 8, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft WinDbg LogViewer suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 1c4009ae60cc99ec2786c5b4bb9836307ec62ca9a24d5bf59d16032df030d64d
Microsoft Process Kill Utility 6.3.9600.17298 Buffer Overflow
Posted Jul 8, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Process Kill Utility version 6.3.9600.17298 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | fe8956579c433f72dc5914f352073030cad01f6b25eff7ecf0a383053bb2b274
Microsoft Windows ndproxy.sys Local Privilege Escalation
Posted Dec 17, 2013
Authored by juan vazquez, temp66, ryujin, Shahin Ramezany | Site metasploit.com

This Metasploit module exploits a flaw in the ndproxy.sys driver on Windows XP SP3 and Windows 2003 SP2 systems, exploited in the wild in November, 2013. The vulnerability exists while processing an IO Control Code 0x8fff23c8 or 0x8fff23cc, where user provided input is used to access an array unsafely, and the value is used to perform a call, leading to a NULL pointer dereference which is exploitable on both Windows XP and Windows 2003 systems. This Metasploit module has been tested successfully on Windows XP SP3 and Windows 2003 SP2. In order to work the service "Routing and Remote Access" must be running on the target system.

tags | exploit, remote
systems | windows
advisories | CVE-2013-5065
SHA-256 | 6dc1df60dff4c2b60d7508a57233b6b3e7f565f218bceb0acc2a53045b172ce0
Microsoft Visual Basic VBP Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack oveflow in Microsoft Visual Basic 6.0. When a specially crafted vbp file containing a long reference line, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary
advisories | CVE-2007-4776
SHA-256 | 6e374c5188f5608083cbab9fb2401659c976e19fb28d2bb839bd2373dbb1a54e
Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow
Posted Nov 26, 2009
Authored by koshi, MC | Site metasploit.com

This Metasploit module exploits a stack overflow in Microsoft's Visual Studio 6.0. When passing a specially crafted string to the Mask parameter of the Msmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2008-3704
SHA-256 | 56b52c8f83d0a22f5e67d717396bd5fe41cbe970d924fc937c14e7521ff8ee80
Microsoft IIS Phone Book Service Overflow
Posted Nov 26, 2009
Authored by patrick | Site metasploit.com

This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This Metasploit module has only been tested against Windows 2000 SP1.

tags | exploit
systems | windows
advisories | CVE-2000-1089
SHA-256 | 0e561c8f11c38a6ebd0de7aa176eab37b866399106f3bb7dd08428cdcb0ccc69
ms-activex.txt
Posted Jun 14, 2007
Authored by rgod | Site retrogod.altervista.org

Microsoft Speech API ActiveX control remote buffer overflow exploit for WinXP SP2.

tags | exploit, remote, overflow, activex
systems | windows
SHA-256 | 9831ecdc3136c5ebcd838861c5051d81e53598094f8c0de11e0426cf26fe916a
ms-api-sp4.txt
Posted Jun 14, 2007
Authored by rgod | Site retrogod.altervista.org

Microsoft Speech API ActiveX control remote buffer overflow exploit for Win2k SP4.

tags | exploit, remote, overflow, activex
systems | windows
SHA-256 | 4e8e2cfc8860f5b749fc21be1eb6f974459d23a7bb2b6fe42476964ef495ba24
ms-w0rd.c
Posted Jul 9, 2006
Authored by naveed afzal

Microsoft Word exploit that produces a .doc file that demonstrates a memory access violation. Affected are versions 2003, 2002, 2000.

tags | exploit
SHA-256 | b0cfb3e8375c4af5f551d8e0b66b9c572d830bae8db6cdfa5abad1876a3df85a
ms-hosts.txt
Posted Apr 19, 2006
Authored by Dave Korn

The microsoft DNS resolver hardcodes many hostnames such as go.microsoft.com, msdn.microsoft.com, windowsupdate.com, etc preventing the use of a hosts file.

tags | advisory
SHA-256 | dd72fe4f29bdb774b9ac30c94fc93b5f066aac5c8e15499913337583e477a296
ms-fp-2.txt
Posted Apr 19, 2006
Authored by Argeniss - Information Security | Site argeniss.com

FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server. POC exploit examples included.

tags | advisory, web, xss
systems | windows
SHA-256 | 481c7a945450e48e78979147b05693402a43777326aca41596449f2f82aa8a32
ms-fp.txt
Posted Apr 19, 2006
Authored by Argeniss

The FrontPage Server Extensions 2002 (included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP) has a web page /_vti_bin/_vti_adm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site scripting attacks allowing an attacker to run client-side script on behalf of an FPSE user. If the victim is an administrator, the attacker could take complete control of a Front Page Server Extensions 2002 server.

tags | advisory, web, xss
systems | windows
SHA-256 | 9bed5d2ecd96d30a7fb28837f16eddf4efa80b59c02584519705acad729cc70d
MS-Commerce.txt
Posted Mar 23, 2006
Authored by Dimitri van de Giessen

It is possible to bypass authentication in Microsoft Commerce Server pre SP2

tags | advisory
SHA-256 | 896846e873ec1a1bb9b4e70032331be7942f1231cfd48459e53fb076624b6f45
ms_buglist.jpg
Posted Dec 4, 2004

Mr. Hyan-Lee makes the mistake of printing the entire Windows 2000 bug list.

systems | windows, unix
SHA-256 | b3f06990ed4a3b986e1f7899f6fb4218f24999099cd339bf9b6e5b30e3d920cb
MS-crash.txt
Posted Oct 17, 2003
Authored by Dr. Insane | Site members.lycos.co.uk

Under some circumstances, it seems that when some code is added into a Microsoft Word document and then spell checked, the application will crash.

tags | advisory
SHA-256 | b3ae1023eb8bb7fc1504b78ead52b1dd1ca967aea41d061f9279d8d88b423b9a
ms-sqlbi.txt
Posted Jul 12, 2002
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Security Advisory - Microsoft's SQL Server 2000's BULK INSERT query contains a buffer overflow which allows remote code execution as LOCAL SYSTEM. To be able to use the 'BULK INSERT' query one must have the privileges of the database owner or dbo. Microsoft Security bulletin available here..

tags | remote, overflow, local, code execution, sql injection
SHA-256 | beed091eb087b240ade24c710d5e6642ca80b3f180a2cb4baf37c543862b35d4
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close