what you don't know can hurt you
Showing 51 - 75 of 100 RSS Feed

Files

Adobe Flash Player DeleteRangeTimelineOperation Type Confusion
Posted Feb 9, 2019
Authored by bcook-r7, Genwei Jiang | Site metasploit.com

This Metasploit module exploits a type confusion on Adobe Flash Player, which was originally found being successfully exploited in the wild. This module has been tested successfully on: macOS Sierra 10.12.3, Safari and Adobe Flash Player 21.0.0.182, Firefox and Adobe Flash Player 21.0.0.182.

tags | exploit
advisories | CVE-2016-4117
MD5 | 4572485ddc8d1b209fd619e0f8397d3d

Related Files

EZHomeTech EzServer 6.4.017 Stack Buffer Overflow
Posted Jun 19, 2012
Authored by modpr0be | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.

tags | exploit, overflow
MD5 | 9c0e617228c2281179aad5fb2284756a
PHP apache_request_headers Function Buffer Overflow
Posted Jun 17, 2012
Authored by juan vazquez, Vincent Danen | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".

tags | exploit, web, overflow, cgi, php
systems | windows
advisories | CVE-2012-2329, OSVDB-82215
MD5 | cd1d7cb5f3a3426e444147f38318f560
Microsoft XML Core Services MSXML Uninitialized Memory Corruption
Posted Jun 16, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a memory corruption flaw in Microsoft XML Core Services when trying to access an uninitialized Node with the getDefinition API, which may corrupt memory allowing remote code execution. At the moment, this module only targets Microsoft XML Core Services 3.0 via IE6 and IE7 over Windows XP SP3.

tags | exploit, remote, code execution
systems | windows, xp
advisories | CVE-2012-1889, OSVDB-82873
MD5 | 60361ad70b4c39d74d646d5d54e84e49
TFM MMPlayer (m3u/ppl File) Buffer Overflow
Posted Jun 16, 2012
Authored by RjRjh Hack3r | Site metasploit.com

This Metasploit module exploits a buffer overflow in MMPlayer 2.2 The vulnerability is triggered when opening a malformed M3U/PPL file that contains an overly long string, which results in overwriting a SEH record, thus allowing arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | OSVDB-80532
MD5 | b698296fadf0422166b3deab775903c0
Wyse Machine Remote Power Off Denial Of Service
Posted Jun 14, 2012
Authored by it.solunium | Site metasploit.com

This Metasploit module exploits the Wyse Rapport Hagent service and causes a remote power cycle.

tags | exploit, remote, denial of service
advisories | CVE-2009-0695, OSVDB-55839
MD5 | 7b83d98e1e0fddebeb6f21e2fe507cfd
ComSndFTP 1.3.7 Beta USER Format String (Write4)
Posted Jun 14, 2012
Authored by Rick, corelanc0d3r, mr_me, ChaoYi Huang | Site metasploit.com

This Metasploit module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to to the server to overwrite the hardcoded function pointer from Ws2_32.dll!WSACleanup. Once this function pointer is triggered, the code bypasses dep and then repairs the pointer to execute arbitrary code. The SEH exit function is preferred so that the administrators are not left with an unhandled exception message. When using the meterpreter payload, the process will never die, allowing for continuous exploitation.

tags | exploit, arbitrary
MD5 | ad58b74e16513fde63bd760903b78714
MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption
Posted Jun 14, 2012
Authored by juan vazquez, Qihoo 360 Security Center, Dark Son, Google Inc, Yichong Lin | Site metasploit.com

This Metasploit module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.

tags | exploit
systems | windows, xp
advisories | CVE-2012-1875, OSVDB-82865
MD5 | bfb23efabe40ee9a695408e08e52ae8e
Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow
Posted Jun 14, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-2915, OSVDB-82001
MD5 | 90c83a610b0b83b11661aa6451cfc3c4
WordPress plugin Foxypress uploadify.php Arbitrary Code Execution
Posted Jun 12, 2012
Authored by patrick, Sammy FORGIT | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | OSVDB-82652
MD5 | 8c50f2bfa40aad8ebf46982e05fc4018
Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.

tags | exploit, web, arbitrary, php, code execution, file upload
advisories | CVE-2012-0299, OSVDB-82025
MD5 | be446e25ec745719bc33f2dda2461791
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
Posted Jun 11, 2012
Authored by Tenable Network Security, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec() function. This Metasploit module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication.

tags | exploit, web, arbitrary, php
advisories | CVE-2012-0297
MD5 | 8ce5defd93f1d99d9d00f93ecad020aa
Tom Sawyer Software GET Extension Factory Remote Code Execution
Posted Jun 11, 2012
Authored by rgod, Elazar Broad, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware Infrastructure Client, this module has been tested only with the versions installed with Embarcadero Technologies ER/Studio XE2 / Embarcadero Studio Portal 1.6. The ActiveX control tested is tsgetx71ex553.dll, version 5.5.3.238. This Metasploit module achieves DEP and ASLR bypass using the well known msvcr71.dll rop chain. The dll is installed by default with the Embarcadero software, and loaded by the targeted ActiveX.

tags | exploit, remote, code execution, activex
advisories | CVE-2011-2217, OSVDB-73211
MD5 | 3e7aa29056921982fd5564fee15bd5aa
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Posted Jun 11, 2012
Authored by Yorick Koster, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This allows you to trick your victim into opening the malicious document, which will load up either a python or ruby payload based on your choosing, and then finally download and execute our executable.

tags | exploit, python, ruby
advisories | CVE-2012-0013, OSVDB-78207
MD5 | c66fecb8118098a750e6c1f927bc41a1
Sielco Sistemi Winlog Buffer Overflow 2.07.14
Posted Jun 8, 2012
Authored by m1k3 | Site metasploit.com

This Metasploit module exploits a buffer overflow in Sielco Sistem Winlog <= 2.07.14. When sending a specially formatted packet to the Runtime.exe service on port 46824, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | 0d745b31c9a71e8a842993e472aad9bc
Microsoft Windows OLE Object File Handling Remote Code Execution
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.

tags | exploit, remote, code execution
systems | windows, xp
advisories | CVE-2011-3400, OSVDB-77663
MD5 | d3c565f4318547e83002b8fd42f13934
Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow
Posted Jun 7, 2012
Authored by Luigi Auriemma, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.

tags | exploit, remote, overflow, code execution, activex
advisories | OSVDB-81453
MD5 | 4c5e211b0f08b20529db1ec0b5bdaff9
Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2002-1142, OSVDB-14502
MD5 | ef1be5ec0b7f188d6fc9c5a7adde18d7
Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
Posted Jun 7, 2012
Authored by patrick | Site metasploit.com

This Metasploit module can be used to execute arbitrary commands on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service using VbBusObj or AdvancedDataFactory to inject shell commands into Microsoft Access databases (MDBs), MSSQL databases and ODBC/JET Data Source Name (DSN). Based on the msadcs.pl v2 exploit by Rain.Forest.Puppy, which was actively used in the wild in the late Ninties. MDAC versions affected include MDAC 1.5, 2.0, 2.0 SDK, 2.1 and systems with the MDAC Sample Pages for RDS installed, and NT4 Servers with the NT Option Pack installed or upgraded 2000 systems often running IIS3/4/5 however some vulnerable installations can still be found on newer Windows operating systems. Note that newer releases of msadcs.dll can still be abused however by default remote connections to the RDS is denied. Consider using VERBOSE if you're unable to successfully execute a command, as the error messages are detailed and useful for debugging. Also set NAME to obtain the remote hostname, and METHOD to use the alternative VbBusObj technique.

tags | exploit, remote, arbitrary, shell
systems | windows
advisories | CVE-1999-1011
MD5 | 9439cf75ff414672e154affb4b0b0e49
Apache Struts 2.2.1.1 Remote Command Execution
Posted Jun 5, 2012
Authored by sinn3r, juan vazquez, Johannes Dahse, Andreas Nusser | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions less than or equal to 2.2.1.1. This issue is caused because the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

tags | exploit, java, remote, arbitrary
advisories | CVE-2012-0391, OSVDB-78277
MD5 | 134ffd2e4650e077bb17ff4557a4ba63
Log1 CMS writeInfo() PHP Code Injection
Posted Jun 3, 2012
Authored by EgiX, sinn3r, Adel SBM | Site metasploit.com

This Metasploit module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code execution.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2011-4825, OSVDB-76928
MD5 | f36d9d693f49db4963cd9e8766390b21
GIMP script-fu Server Buffer Overflow
Posted Jun 2, 2012
Authored by juan vazquez, Joseph Sheridan | Site metasploit.com

This Metasploit module exploits a buffer overflow in the script-fu server component on GIMP <= 2.6.12. By sending a specially crafted packet, an attacker may be able to achieve remote code execution under the context of the user. This Metasploit module has been tested on GIMP for Windows from installers provided by Jernej Simoncic.

tags | exploit, remote, overflow, code execution
systems | windows
advisories | CVE-2012-2763, OSVDB-82429
MD5 | 7cd7544609dd6aa91e4bd509c3afaf85
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020006 Buffer Overflow
Posted Jun 2, 2012
Authored by alino, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020006 (GetObjetsRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.

tags | exploit, remote, overflow, udp, code execution
systems | windows, xp
advisories | OSVDB-75780
MD5 | d417e7c176b1c741dce3ba615bf349ed
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow
Posted Jun 2, 2012
Authored by alino, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020002 (GetFooterRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.

tags | exploit, remote, overflow, udp, code execution
systems | windows, xp
advisories | OSVDB-75780
MD5 | 6d5cb7c3ba6062c83a2fba83af213bc3
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020004 Buffer Overflow
Posted Jun 2, 2012
Authored by alino, juan vazquez | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020004 (GetBootRecordRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.

tags | exploit, remote, overflow, udp, code execution
systems | windows, xp
advisories | OSVDB-75780
MD5 | 4ffce6ad0c748d1cffa13f926bee91e8
PHP Volunteer Management System v1.0.2 Arbitrary File Upload
Posted May 31, 2012
Authored by sinn3r, Ashoo | Site metasploit.com

This Metasploit module exploits a vulnerability found in PHP Volunteer Management System, versions 1.0.2 and prior. This application has an upload feature that allows an authenticated user to upload anything to the 'uploads' directory, which is actually reachable by anyone without a credential. An attacker can easily abuse this upload functionality first by logging in with the default credential (admin:volunteer), upload a malicious payload, and then execute it by sending another GET request.

tags | exploit, php
MD5 | aff90db42846d99a60899234fad9eed2
Page 3 of 4
Back1234Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    13 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close