exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Microsoft Windows SMB 3.1.1 Remote Code Execution
Posted Mar 15, 2020
Authored by nu11secur1ty, Ventsislav Varbanovski

Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.

tags | exploit, code execution
systems | windows
advisories | CVE-2020-0796
MD5 | 20b461344743d8e46d01185713db696a

Related Files

Secunia Security Advisory 50114
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 8a9ac97e963572d8fc28a203ee1e78b0
LedgerSMB 1.3 Denial Of Service
Posted Jul 31, 2012
Authored by Chris Travers

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.

tags | advisory, denial of service
MD5 | cb66e6f2346d3301da55e95082a1e4d3
Hydra Network Logon Cracker 7.3
Posted Jul 5, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple enhancements and fixed to Hydra main, the SNMP module, the HTTP module, and more. Added IDN and PCRE support for Cygwin.
tags | tool, web, imap
systems | cisco, unix
MD5 | 34f9c21eae24fdc542ba21abc61b05d1
Red Hat Security Advisory 2012-0902-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0902-04 - The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could use this flaw to determine the existence of files or directories in directories not accessible to the attacker. Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.

tags | advisory, local, protocol
systems | linux, redhat
advisories | CVE-2012-1586
MD5 | 8f04bb5932362bda968c656f9cfaa575
Mandriva Linux Security Advisory 2012-070
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-070 - A file existence disclosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
MD5 | 640015dbb9e334517799f9c5ccc440ea
Mandriva Linux Security Advisory 2012-069
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-069 - A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
MD5 | d69472912b4c9f639f947f72c301f442
Actuality Of SMBRelay In Modern Windows Networks
Posted Apr 28, 2012
Authored by Ares

Whitepaper called Actuality of SMBRelay in Modern Windows Networks.

tags | paper
systems | windows
MD5 | 81653f8d5eb1f2a90fee0f43369d9388
Debian Security Advisory 2450-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

tags | advisory, remote, code execution
systems | linux, debian
advisories | CVE-2012-1182
MD5 | 0232dbfbe2509b6299efda8f897c809f
Snort 2 DCE/RPC Preprocessor Buffer Overflow
Posted Apr 10, 2012
Authored by Neel Mehta | Site metasploit.com

This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.

tags | exploit, remote, overflow, arbitrary
advisories | CVE-2006-5276, OSVDB-67988
MD5 | b8d9d446349018625c77a97b4725cd67
Mandriva Linux Security Advisory 2012-025
Posted Feb 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-025 - Heap-based buffer overflow in process.c in smbd in Samba allows remote attackers to cause a denial of service or possibly execute arbitrary code via a Batched request that triggers infinite recursion. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0870
MD5 | a48eb7599f579a43e0f56af097cbf7f0
Sun Java Web Start Plugin Command Line Argument Injection (2012)
Posted Feb 24, 2012
Authored by jduck | Site metasploit.com

This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.

tags | exploit, java, web, arbitrary, root
advisories | CVE-2012-0500, OSVDB-79227
MD5 | 9b432fbc591d1bbb6f39d80077345078
Red Hat Security Advisory 2012-0332-01
Posted Feb 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0332-01 - Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2012-0870
MD5 | d395b0d53f2ed497e60fc4c1bb5b6cb2
Hydra Network Logon Cracker 7.2
Posted Feb 16, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple bug fixes.
tags | tool, web, cracker, imap
systems | cisco, unix
MD5 | 7a72f2d4dd8a771a4935072f80e336dd
SciTools Understand 2.6 DLL Loading Code Execution
Posted Feb 8, 2012
Authored by LiquidWorm | Site zeroscience.mk

A vulnerability in SciTools Understand version 2.6 is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
MD5 | 6182abddc28207b59c1c2e2c05212e36
Oracle Job Scheduler Named Pipe Command Execution
Posted Dec 23, 2011
Authored by David Litchfield, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.

tags | exploit, arbitrary
systems | windows
MD5 | b4e7d842beab7ffc75f28b136eb9d163
Snort IDS 2.9.2
Posted Dec 15, 2011
Authored by Martin Roesch | Site snort.org

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Includes real time alerting, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages via smbclient.

Changes: Various new additions and modifications.
tags | tool, overflow, cgi, sniffer, protocol
systems | unix
MD5 | 22fa07ba915535b151329056439ae194
SAP NetWeaver RSTXSCRP Path Traversal
Posted Nov 17, 2011
Authored by Dmitriy Chastuchin

SAP NetWeaver RSTXSCRP Report has a path traversal vulnerability that can lead to an SMB relay attack and full control of the system.

tags | advisory
MD5 | d5eea936a39a0fd1cee77686a79493b5
SAP NetWeaver ABAP Authorization Bypass / SMBRelay
Posted Nov 17, 2011
Authored by Alexey Sintsov

SAP NetWeaver ABAP suffers from authorization bypass, directory traversal, and SMBRelay vulnerabilities.

tags | advisory, vulnerability
MD5 | 924b503d275cb8007ae227956880e44d
Anatomy Of A Pass Back Attack
Posted Nov 1, 2011
Authored by Deral Heiland, Michael Belton | Site foofus.net

Brief whitepaper discussing how to trick a printer into passing LDAP or SMB credentials back to an attacker in plain text.

tags | paper
MD5 | 8a5033d9c7adfc19759c96133ff7f0ea
Smbwebdemo SQL Injection
Posted Oct 30, 2011
Authored by 3spi0n

Smbwebdemo suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | eeea66be2442baf92d8472e12732c6ac
Apple Safari file:// Arbitrary Code Execution
Posted Oct 17, 2011
Authored by sinn3r, Aaron Sigel | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.

tags | exploit, java, remote, arbitrary, code execution
systems | apple
advisories | CVE-2011-3230
MD5 | f95a36d638b942780d7aafe3920c0218
Mandriva Linux Security Advisory 2011-148
Posted Oct 12, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-148 - Multiple vulnerabilities has been discovered and corrected in samba/cifs-utils. smbfs in Samba 3.5.8 and earlier attempts to use mount.cifs to append to the /etc/mtab file and umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. Additionally for Mandriva Linux 2010.2 the cifs-utils package has been upgraded to the 4.8.1 version that brings numerous additional fixes.

tags | advisory, denial of service, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1678, CVE-2011-2724
MD5 | f663d6b0ff69a77f77548072eb9d3b7d
Hydra Network Logon Cracker 7.1
Posted Oct 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added HTTP Proxy URL enumeration module, SOCKS4/SOCKS5 proxy support with authentication, IPv6 support for SOCKS5 module, and more. Various bug fixes and enhancements.
tags | tool, web, cracker, imap
systems | cisco, unix
MD5 | 0c3a6a351cb2e233cb989f0bcdd75edf
Hydra Network Logon Cracker 7.0
Posted Sep 25, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: New main engine for hydra. Lots of bugfixes and additions.
tags | tool, web, cracker, imap
systems | cisco, unix
MD5 | 4678557f796fe86dabdb977548b0b749
SQL-Ledger 2.8.33 / LedgerSMB 1.2.24 SQL Injection
Posted Aug 31, 2011
Authored by Chris Travers

SQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
MD5 | bfe294cd4b1b21395f42a22491567ca9
Page 1 of 4
Back1234Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close