exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

123elf Project Buffer Overflow
Posted Sep 6, 2022
Authored by Tavis Ormandy

A stack buffer overflow was reported in the cell format processing routines for 123elf, a project that brings Lotus 1-2-3 to Linux. If a victim opens an untrusted malicious worksheet, code execution could occur.

tags | advisory, overflow, code execution
systems | linux
SHA-256 | 5476d681c79c06b3da58fefb626a51d12aa1fe3643baa4e0015d28e482653efb

Related Files

Zero Day Initiative Advisory 12-134
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QP2.cab ActiveX control. When passing a long string argument to the Attachment_Times or Import_Times parameters during the control's instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2176
SHA-256 | f5b1d3bdb902f6fbbf1d919f024758ceeac8eabd9d85a7109b8e3468ff8294f4
Zero Day Initiative Advisory 12-132
Posted Aug 3, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus iNotes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dwa85W.cab ActiveX control. When passing a long string argument to the Attachment_Times parameter during the control instantiation it is possible to overflow a stack buffer causing memory corruption. This can be leveraged by an attacker to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2012-2175
SHA-256 | 9ef39f1d18db5bb43468373d5a85085d53296aa6327d16072c4c35ffac79e8ed
Sysax Multi Server 5.64 Buffer Overflow
Posted Jul 29, 2012
Authored by Craig Freyman, Matt Andreko | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.

tags | exploit, web, overflow
SHA-256 | 121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57
ALLMediaServer 0.8 Buffer Overflow
Posted Jul 16, 2012
Authored by modpr0be, juan vazquez, motaz reda | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability is caused due to a boundary error within the handling of HTTP request. While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't reliable across virtual (VMWare, VirtualBox) and physical environments. Because of this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default DEP is OptIn and AllMediaServer won't run with DEP.

tags | exploit, web, overflow
systems | windows
SHA-256 | cd224eb091bd83cac2f6867238fdeea0e253250295ed9b0257c0173e71de0311
Poison Ivy 2.3.2 C&C Server Buffer Overflow
Posted Jul 6, 2012
Authored by juan vazquez, Gal Badishi, Andrzej Dereszowski | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.

tags | exploit, overflow
SHA-256 | a5fb5f9fb5256f9b9ed0a73d71160bd6699b2d23e1947554a86a9c745e5bff43
HP Data Protector Create New Folder Buffer Overflow
Posted Jul 2, 2012
Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Data Protector 5. The overflow occurs in the creation of new folders, where the name of the folder is handled in a insecure way by the dpwindtb.dll component. While the overflow occurs in the stack, the folder name is split in fragments in this insecure copy. Because of this, this module uses egg hunting to search a non corrupted copy of the payload in the heap. On the other hand the overflowed buffer is stored in a frame protected by stack cookies, because of this SEH handler overwrite is used. Any user of HP Data Protector Express is able to create new folders and trigger the vulnerability. Moreover, in the default installation the 'Admin' user has an empty password. Successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.

tags | exploit, overflow, code execution
advisories | CVE-2012-0124, OSVDB-80105
SHA-256 | 962411e193e7b384adfe805773b642d125d223dcbeecdc498ef53de2cbc5c202
iTunes Extended M3U Stack Buffer Overflow
Posted Jun 21, 2012
Authored by Rh0 | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in iTunes 10.4.0.80 to 10.6.1.7. When opening an extended .m3u file containing an "#EXTINF:" tag description, iTunes will copy the content after "#EXTINF:" without appropriate checking from a heap buffer to a stack buffer and write beyond the stack buffers boundary. This allows arbitrary code execution. The Windows XP target has to have QuickTime 7.7.2 installed for this module to work. It uses a ROP chain from a non safeSEH enabled DLL to bypass DEP and safeSEH. The stack cookie check is bypassed by triggering a SEH exception.

tags | exploit, overflow, arbitrary, code execution
systems | windows
SHA-256 | 9ae85a7f65f089284af05d455b2e76edf1411cf55e1aa37c56ec9d74328747ac
EZHomeTech EzServer 6.4.017 Stack Buffer Overflow
Posted Jun 19, 2012
Authored by modpr0be | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.

tags | exploit, overflow
SHA-256 | 2bc92ff43f6bcca9c19f782162fc5db7f333fc90bad8a57b6c286fccae52a802
FlexNet License Server Manager lmgrd Buffer Overflow
Posted May 22, 2012
Authored by Luigi Auriemma, sinn3r, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.

tags | exploit, overflow
advisories | OSVDB-81899
SHA-256 | 2d6d029945aaecc2ac0003cb91c1250f912d627ce695077b2bfbd1919c57f669
VLC MMS Stream Handling Buffer Overflow
Posted May 3, 2012
Authored by sinn3r, juan vazquez, Florent Hochwelker | Site metasploit.com

This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.

tags | exploit, overflow
advisories | CVE-2012-1775, OSVDB-80188
SHA-256 | 7856c6264ba9fc35e320d076f363c777f1720c644ed1819cf46c0dd75d155ea8
MS12-027 MSCOMCTL ActiveX Buffer Overflow
Posted Apr 25, 2012
Authored by unknown, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.

tags | exploit, overflow
advisories | CVE-2012-0158, OSVDB-81125
SHA-256 | 0b684caf70084bb5bcb079447d8379464ff2e3e928ee2d84beab044161baf6bb
CyberLink Power2Go Stack Buffer Overflow
Posted Apr 18, 2012
Authored by mr_me, modpr0be | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in CyberLink Power2Go version 8.x. The vulnerability is triggered when opening a malformed p2g file containing an overly long string in the 'name' attribute of the file element. This results in overwriting a structured exception handler record.

tags | exploit, overflow
advisories | OSVDB-70600
SHA-256 | 130e60095a57a3b069f09bfa02ddc5fe4743b86427ffcaf33f1f4cc77609b845
Asterisk Project Security Advisory - AST-2012-003
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.

tags | advisory, remote, web, overflow
SHA-256 | e2f289b1d1ccc150638cf55526ad03a0ade669586f6824d9491acd1c5b1f3e05
VLC Media Player RealText Subtitle Overflow
Posted Mar 3, 2012
Authored by Tobias Klein, SkD, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow vulnerability in VideoLAN VLC versions prior to 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.

tags | exploit, overflow
advisories | CVE-2008-5036, OSVDB-49809
SHA-256 | 9952cf454696629976235ec8de966c57016db79252896be88870fdf2312f2133
Wireshark 1.4.4 Remote Stack Buffer Overflow
Posted Feb 2, 2012
Authored by Paul Makowski, sickness | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below by sending an malicious packet.

tags | exploit, overflow
advisories | CVE-2011-1591, OSVDB-71848
SHA-256 | 511f64f5e1e6f3db59de9b6a6c43ae3aaf55d251853f709490e4c55d464cb353
Wireshark 1.4.4 Local Stack Buffer Overflow
Posted Feb 2, 2012
Authored by Paul Makowski, sickness | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution.

tags | exploit, overflow, arbitrary, code execution
advisories | CVE-2011-1591, OSVDB-71848
SHA-256 | acc61f711bf3fc96f88a363a4b7cccba3e7feabb4a6da3f77f3cf131516df027
HP Diagnostics Server magentservice.exe Overflow
Posted Jan 28, 2012
Authored by AbdulAziz Hariri, hal | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.

tags | exploit, overflow, arbitrary
advisories | CVE-2011-4789, OSVDB-72815
SHA-256 | c6a14560edab2b9d9defb11e36b12526fd6aaa6d5fa8fa8faa2534b45739ade1
Sysax Multi Server 5.50 Create Folder Buffer Overflow
Posted Jan 26, 2012
Authored by Craig Freyman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.

tags | exploit, web, overflow
SHA-256 | 9c89a9721eaaf34e5b28601af5c5497ccf1f5855860d05b1399eb663bcde037c
UltraPlayer 2.112 Stack Buffer Overflow
Posted Jan 25, 2012
Authored by KedAns-Dz | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in versions 2.112 of UltraPlayer by creating a specially crafted .m3u file. The file allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | ca1fcc7a152abea97e8cfb96078845d146070280b9ea0f1eac09f15ddad9d831
HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
Posted Jan 20, 2012
Authored by sinn3r, Aniway, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the "_OVBuildPath" function within "ov.dll". There are no stack cookies, so exploitation is achieved by overwriting the saved return address. The vulnerability is due to the use of the function "_OVConcatPath" which finally uses "strcat" in a insecure way. User controlled data is concatenated to a string which contains the OpenView installation path. To achieve reliable exploitation a directory traversal in OpenView5.exe (OSVDB 44359) is being used to retrieve OpenView logs and disclose the installation path.

tags | exploit, overflow, arbitrary, cgi
advisories | CVE-2011-3167, OSVDB-76775
SHA-256 | 26a5037665e807931d129cb3332a8855a52fd678003e154545e4f756a1452924
GOM Player 2.1.33 (ASX) Stack Buffer Overflow
Posted Jan 16, 2012
Authored by KedAns-Dz, Debasish Mandal | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in GOM Player version 2.1.33 by creating a specially crafted .asx file which will allow an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | b3d6b213896bb1a0f9594f5b388cc6189527081d4b00c1e99a39ed41e41f07f9
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Dec 3, 2011
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.

tags | exploit, overflow
advisories | OSVDB-77376
SHA-256 | e325ea7c310110db0d0e34758f28771015fc9185c9f35054df350536e370ced2
Serv-U FTP Server Buffer Overflow
Posted Dec 2, 2011
Authored by The Light Cosine | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the site chmod command in versions of Serv-U FTP Server prior to 4.2. You must have valid credentials to trigger this vulnerability. Exploitation also leaves the service in a non-functional state.

tags | exploit, overflow
advisories | CVE-2004-2111
SHA-256 | 6c1771fcd160c66448baf1b278f2e301aaf7d1815e249d6528222c340620cafe
NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
Posted Nov 2, 2011
Authored by Dillon Beresford | Site metasploit.com

This Metasploit module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's testimonials, NJStar software is also used by well known companies such as Siemens, NEC, Google, Yahoo, eBay; government agencies such as the FBI, Department of Justice (HK); as well as a long list of universities such as Yale, Harvard, University of Tokyo, etc.

tags | exploit, overflow
SHA-256 | 44083d9c71272bc52555d936d0b249f9a4093505dbbca952c03e4cf194db20b3
Opera Browser 11.52 Buffer Overflow
Posted Oct 28, 2011
Authored by Benjamin Kunz Mejri, Marcel Bernhardt, Vulnerability Laboratory | Site vulnerability-lab.com

Opera version 11.52 suffers from a stack buffer overflow when switching between two different escape sequences.

tags | exploit, overflow
SHA-256 | 2c01e5cf78a988c87379be0eda664a5b7505e067c341ae0889515cedbd48f166
Page 1 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close