Section: .. / 0911-exploits /
| /// File Name: |
ultravnc_client.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in UltraVNC Win32 Viewer 1.0.1 Release.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2086 | | Related OSVDB(s): | 24456 | | Related CVE(s): | CVE-2006-1652 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | fc24e404ba08435986a311f023fd3a36 |
|
| /// File Name: |
universal_agent.rb.txt |
Description:
|
This Metasploit module exploits a convoluted heap overflow in the CA BrightStor Universal Agent service. Triple userland exception results in heap growth and execution of dereferenced function pointer at a specified address.
| | Author: | H D Moore | | Homepage: | http://www.metasploit.com | | File Size: | 5362 | | Related OSVDB(s): | 15471 | | Related CVE(s): | CVE-2005-1018 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 70e1c9cdbe903e8b64ddaefbef79d28c |
|
| /// File Name: |
unixstream-dos.txt |
Description:
|
Proof of concept code that demonstrates the denial of service vulnerability in the Linux kernel unix_stream_connect() function.
| | Author: | Tomoki Sekiyama | | File Size: | 684 | | Last Modified: | Nov 18 08:03:08 2009 |
| MD5 Checksum: | 255bd9458bfe19652f3b5de92299ac2e |
|
| /// File Name: |
ursoft_w32dasm.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in W32Dasm <= v8.93. By creating a malicious file and convincing a user to disassemble the file with a vulnerable version of W32Dasm, the Imports/Exports function is copied to the stack and arbitrary code may be executed locally as the user.
| | Author: | patrick | | Homepage: | http://www.metasploit.com | | File Size: | 14059 | | Related OSVDB(s): | 13169 | | Related CVE(s): | CVE-2005-0308 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 8bb330dbe39f9d0d3d68d6036fe39c7c |
|
| /// File Name: |
verypdf_pdfview.rb.txt |
Description:
|
The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application.
| | Author: | MC,dean | | Homepage: | http://www.metasploit.com | | File Size: | 3797 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | e58818f751b87b21e8472d617ccecb36 |
|
| /// File Name: |
videolan_tivo.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in VideoLAN VLC 0.9.4. By creating a malicious TY file, a remote attacker could overflow a buffer and execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2653 | | Related OSVDB(s): | 49181 | | Related CVE(s): | CVE-2008-4654 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | a0a342f35b74298fffac9e02e6777cdb |
|
| /// File Name: |
vuplayer_cue.rb.txt |
Description:
|
This Metasploit module exploits a stack over flow in VUPlayer <= 2.49. When the application is used to open a specially crafted cue file, an buffer is overwritten allowing for the execution of arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1974 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 2ee13abaf3a0468a85f10cc3d6af9b0f |
|
| /// File Name: |
vuplayer_m3u.rb.txt |
Description:
|
This Metasploit module exploits a stack over flow in VUPlayer <= 2.49. When the application is used to open a specially crafted m3u file, an buffer is overwritten allowing for the execution of arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2657 | | Related CVE(s): | CVE-2006-6251 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 361a558ba73d21a13817ff2170f079ea |
|
| /// File Name: |
w3infotech-sql.txt |
Description:
|
W3infotech suffers from a remote SQL injection vulnerability that allows for authentication bypass.
| | Author: | ViRuS_HiMa | | File Size: | 2460 | | Last Modified: | Nov 23 23:35:03 2009 |
| MD5 Checksum: | 51a87d84a2be974b52ca440455cf9b4b |
|
| /// File Name: |
w3who_query.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in the w3who.dll ISAPI application. This vulnerability was discovered Nicolas Gregoire and this code has been successfully tested against Windows 2000 and Windows XP (SP2). When exploiting Windows XP, the payload must call RevertToSelf before it will be able to spawn a command shell.
| | Author: | H D Moore | | Homepage: | http://www.metasploit.com | | File Size: | 3026 | | Related OSVDB(s): | 12258 | | Related CVE(s): | CVE-2004-1134 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 89125aafc4fb654536650e438ab573ca |
|
| /// File Name: |
waraxe-2009-sugarcrm.txt |
Description:
|
Sugar CRM versions 5.5.0.RC2 and 5.2.0j suffer from remote SQL injection, unauthorized access, remote file inclusion, and code execution vulnerabilities.
| | Author: | Janek Vind aka waraxe | | Homepage: | http://www.waraxe.us/ | | File Size: | 1867 | | Last Modified: | Nov 30 20:39:47 2009 |
| MD5 Checksum: | 62d57fc4c68a29e58d623580a2ce9159 |
|
| /// File Name: |
warftpd_165_pass.rb.txt |
Description:
|
This exploits the buffer overflow found in the PASS command in War-FTPD 1.65. This particular module will only work reliably against Windows 2000 targets. The server must be configured to allow anonymous logins for this exploit to succeed. A failed attempt will bring down the service completely.
| | Author: | H D Moore | | Homepage: | http://www.metasploit.com | | File Size: | 1956 | | Related OSVDB(s): | 875 | | Related CVE(s): | CVE-1999-0256 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | a92c43e0326e0758b54de91798efc69f |
|
| /// File Name: |
wftpd_size.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in the SIZE verb in Texas Imperial's Software WFTPD 3.23.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1710 | | Related OSVDB(s): | 28134 | | Related CVE(s): | CVE-2006-4318 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 98c09235cd743056b3ab519af113872b |
|
| /// File Name: |
whois20-xss.txt |
Description:
|
Whois Server version 2.0 suffers from a cross site scripting vulnerability.
| | Author: | ViRuS_HiMa | | File Size: | 2584 | | Last Modified: | Nov 2 23:49:41 2009 |
| MD5 Checksum: | 9f65ac534da1e6ae1755d1f9813b3467 |
|
| /// File Name: |
win7-crash.txt |
Description:
|
Proof of concept exploit that demonstrates a remote kernel crash vulnerability in Windows 7.
| | Author: | laurent gaffie | | File Size: | 3294 | | Last Modified: | Nov 16 21:29:18 2009 |
| MD5 Checksum: | 32c8d4453a50cfdce6475335332288c6 |
|
| /// File Name: |
winamp_playlist_unc.rb.txt |
Description:
|
This Metasploit module exploits a vulnerability in the Winamp media player. This flaw is triggered when a audio file path is specified, inside a playlist, that consists of a UNC path with a long computer name. This Metasploit module delivers the playlist via the browser. This Metasploit module has only been successfully tested on Winamp 5.11 and 5.12.
| | Author: | Faithless,H D Moore | | Homepage: | http://www.metasploit.com | | File Size: | 3842 | | Related OSVDB(s): | 22789 | | Related CVE(s): | CVE-2006-0476 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | b753637df39bb9c32fd9d92a177c11fb |
|
| /// File Name: |
winamp_ultravox.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Winamp 5.24. By sending an overly long artist tag, a remote attacker may be able to execute arbitrary code. This vulnerability can be exploited from the browser or the winamp client itself.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 3815 | | Related OSVDB(s): | 41707 | | Related CVE(s): | CVE-2008-0065 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | d632f909bd4f4f0598f353782ff6f415 |
|
| /// File Name: |
wincomlpd_admin.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in WinComLPD <= 3.0.2. By sending an overly long authentication packet to the remote administration service, an attacker may be able to execute arbitrary code.
| | Author: | MC0911-exploits/wincomlpd_admin.rb.txt 9d188c96959cfee2212f6e47a2629feb This Metasploit module exploits a stack overflow in WinComLPD <= 3.0.2 By sending an overly long authentication packet to the remote administration service,http://www.metasploit.com. | | Homepage: | http://www.metasploit.com | | File Size: | 1907 | | Related OSVDB(s): | 42861 | | Related CVE(s): | CVE-2008-5159 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 9d188c96959cfee2212f6e47a2629feb |
|
| /// File Name: |
windows_rsh.rb.txt |
Description:
|
This Metasploit module exploits a vulnerability in Windows RSH daemon 1.8. The vulnerability is due to a failure to check for the length of input sent to the RSH server. A CPORT of 512 -> 1023 must be configured for the exploit to be successful.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1970 | | Related OSVDB(s): | 38572 | | Related CVE(s): | CVE-2007-4006 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 1603713e8e042c6cb1ac7c650a3ead01 |
|
| /// File Name: |
windvd7_applicationtype.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in IASystemInfo.dll ActiveX control in InterVideo WinDVD 7. By sending a overly long string to the "ApplicationType()" property, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2493 | | Related OSVDB(s): | 34315 | | Related CVE(s): | CVE-2007-0348 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | df9567fe4de65a1eb827c7dec308dd52 |
|
| /// File Name: |
winvnc_http_get.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in the AT&T WinVNC version <= v3.3.3r7 web server. When debugging mode with logging is enabled (non-default), an overly long GET request can overwrite the stack. This exploit does not work well with VNC payloads!
| | Author: | patrick | | Homepage: | http://www.metasploit.com | | File Size: | 1900 | | Related OSVDB(s): | 6280 | | Related CVE(s): | CVE-2001-0168 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 1e2bbe98c84d7157907bc18478f14418 |
|
| /// File Name: |
winzip_fileview.rb.txt |
Description:
|
The FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61) could allow a remote attacker to execute arbitrary code on the system. The control contains several unsafe methods and is marked safe for scripting and safe for initialization. A remote attacker could exploit this vulnerability to execute arbitrary code on the victim system. WinZip 10.0 <= Build 6667 are vulnerable.
| | Author: | dean | | Homepage: | http://www.metasploit.com | | File Size: | 4132 | | Related OSVDB(s): | 30433 | | Related CVE(s): | CVE-2006-5198 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 93a6c98b454e30c0e115617c5211c2bb |
|
| /// File Name: |
wmailserver.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in SoftiaCom WMailserver 1.0 (SMTP) via a SEH frame overwrite.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1727 | | Related OSVDB(s): | 17883 | | Related CVE(s): | CVE-2005-2287 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 1c0ce3119d7cd9177bb7b44143d8e42c |
|
| /// File Name: |
wordpress-bypass.txt |
Description:
|
WordPress versions 2.0 through 2.7.1 suffer from a security bypass vulnerability in admin.php.
| | Author: | Fernando Arnaboldi | | File Size: | 409 | | Last Modified: | Nov 16 22:16:27 2009 |
| MD5 Checksum: | aa45291eb0e4279fe7fa5d1532a8ae3d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
