Section: .. / 0911-exploits /
| /// File Name: |
mcafeevisualtrace_tracetarget.rb.tx..> |
Description:
|
This Metasploit module exploits a stack overflow in the McAfee Visual Trace 3.25 ActiveX Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the "TraceTarget()" method, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2453 | | Related OSVDB(s): | 32399 | | Related CVE(s): | CVE-2006-6707 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 1bdfc384df9928349c696cfe90903e2c |
|
| /// File Name: |
mdaemon_cram_md5.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
| | Author: | anonymous | | Homepage: | http://www.metasploit.com | | File Size: | 2056 | | Related OSVDB(s): | 11838 | | Related CVE(s): | CVE-2004-1520 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 70f92a2245512a9a831eeff9a9bd282e |
|
| /// File Name: |
mdaemon_fetch.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli
| | Author: | Jacopo Cervini,patrick | | Homepage: | http://www.metasploit.com | | File Size: | 2422 | | Related OSVDB(s): | 43111 | | Related CVE(s): | CVE-2008-1358 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 08aa7f36b27117177c3b5fd60358dd1b |
|
| /// File Name: |
mdaemon_worldclient_form2raw.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\\MDaemon\\RawFiles\\*.raw.
| | Author: | patrick | | Homepage: | http://www.metasploit.com | | File Size: | 3520 | | Related OSVDB(s): | 3255 | | Related CVE(s): | CVE-2003-1200 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | c2530c0269bdafb7df3d701fa01955bf |
|
| /// File Name: |
mediasrv_sunrpc.rb.txt |
Description:
|
This exploit targets a stack overflow in the MediaSrv RPC service of CA BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code.
| | Author: | toto | | Homepage: | http://www.metasploit.com | | File Size: | 7299 | | Related OSVDB(s): | 35326 | | Related CVE(s): | CVE-2007-2139 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | b30b4f7f29315bdcca157be6ca0759d6 |
|
| /// File Name: |
mercur_imap_select_overflow.rb.txt |
Description:
|
Mercur v5.0 IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Credit to Tim Taylor for discover the vulnerability.
| | Author: | Jacopo Cervini | | Homepage: | http://www.metasploit.com | | File Size: | 2217 | | Related OSVDB(s): | 23950 | | Related CVE(s): | CVE-2006-1255 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 6dd73139a26090ff81c7d73873e5ada8 |
|
| /// File Name: |
mercur_login.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1990 | | Related OSVDB(s): | 23950 | | Related CVE(s): | CVE-2006-1255 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 5858320035bfa07ff27a3a50baad9087 |
|
| /// File Name: |
mercury_cram_md5.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Mercury Mail Transport System 4.51. By sending a specially crafted argument to the AUTH CRAM-MD5 command, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1902 | | Related OSVDB(s): | 39669 | | Related CVE(s): | CVE-2007-4440 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 4aabd9f0bdad3a5fdb56b4f1950cb4a0 |
|
| /// File Name: |
mercury_login.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Mercury/32 <= 4.01b IMAPD LOGIN verb. By sending a specially crafted login command, a buffer is corrupted, and code execution is possible. This vulnerability was discovered by (mu-b at digit-labs.org).
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2308 | | Related OSVDB(s): | 33883 | | Related CVE(s): | CVE-2007-1373 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | eca08e42e9a6d8d3c8e2dc20a08d5942 |
|
| /// File Name: |
mercury_phonebook.rb.txt |
Description:
|
This Metasploit module exploits a stack-based buffer overflow in Mercury/32 <= v4.01b PH Server Module. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1885 | | Related OSVDB(s): | 22103 | | Related CVE(s): | CVE-2005-4411 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 91fe4076b66dc23ad7b3bebd909730d5 |
|
| /// File Name: |
mercury_rename.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow vulnerability in the Mercury/32 v.4.01a IMAP service.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1782 | | Related OSVDB(s): | 12508 | | Related CVE(s): | CVE-2004-1211 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 27411691d56dde9d1fcd280a203598ce |
|
| /// File Name: |
message_engine.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
| | Author: | MC,patrick | | Homepage: | http://www.metasploit.com | | File Size: | 2278 | | Related OSVDB(s): | 31318 | | Related CVE(s): | CVE-2007-0169 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | c851d7e2a0b986a607dca467c5dc0652 |
|
| /// File Name: |
message_engine_heap.rb.txt |
Description:
|
This Metasploit module exploits a heap overflow in Computer Associates BrightStor ARCserve Backup 11.5. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2098 | | Related OSVDB(s): | 29533 | | Related CVE(s): | CVE-2006-5143 | | Last Modified: | Oct 30 17:01:12 2009 |
| MD5 Checksum: | 30bae2aad319eca435b874c4335b8515 |
|
| /// File Name: |
micronet-xss.txt |
Description:
|
The Micronet SP1910 Data Access Controller user interface suffers from a cross site scripting vulnerability.
| | Author: | K053 | | File Size: | 823 | | Last Modified: | Nov 30 21:03:22 2009 |
| MD5 Checksum: | 481e4f68f42859127ea9159acea72f2c |
|
| /// File Name: |
microsoft_ftpd_nlst.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
| | Author: | H D Moore,Kingcope | | Homepage: | http://www.metasploit.com | | File Size: | 4937 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | b566a46c73d7525de3e054c23aeee675 |
|
| /// File Name: |
milleniummp3-overflow.txt |
Description:
|
Millenium MP3 Studio version 2.0 buffer overflow exploit that creates a malicious .pls file.
| | Author: | Molotov | | File Size: | 1969 | | Last Modified: | Nov 30 21:00:01 2009 |
| MD5 Checksum: | b61b67d539912a1c3f8abe14cceb9f72 |
|
| /// File Name: |
minishare_get_overflow.rb.txt |
Description:
|
This is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack overflow that requires a "jmp esp" to reach the payload, making this difficult to target many platforms at once. This Metasploit module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.
| | Author: | acaro | | Homepage: | http://www.metasploit.com | | File Size: | 2622 | | Related OSVDB(s): | 11530 | | Related CVE(s): | CVE-2004-2271 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 0a585e008afc05253dafa670d80fa4b2 |
|
| /// File Name: |
mirc_irc_url.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in mIRC 6.1. By submitting an overly long and specially crafted URL to the 'irc' protocol, an attacker can overwrite the buffer and control program execution.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2114 | | Related OSVDB(s): | 2665 | | Related CVE(s): | CVE-2003-1336 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | c76f69b90bd7a20ae67be7001a6dca48 |
|
| /// File Name: |
mirc_privmsg_server.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be necessary. This Metasploit module is based on the code by SkD.
| | Author: | patrick | | Homepage: | http://www.metasploit.com | | File Size: | 2883 | | Related OSVDB(s): | 48752 | | Related CVE(s): | CVE-2008-4449 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 1fa2d5200e77bdabfce3997f80846de0 |
|
| /// File Name: |
mohaa_getinfo.rb.txt |
Description:
|
This Metasploit module exploits a stack based buffer overflow in the getinfo command of Medal Of Honor Allied Assault.
| | Author: | Jacopo Cervini | | Homepage: | http://www.metasploit.com | | File Size: | 2669 | | Related OSVDB(s): | 8061 | | Related CVE(s): | CVE-2004-0735 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | f7cabe5295747588e5f6653262b511da |
|
| /// File Name: |
MORNINGSTAR-2009-02-CuteNews.txt |
Description:
|
Cute News version 1.4.6 and UTF-8 Cute News suffer from cross site request forgery, cross site scripting, file path disclosure, local file inclusion, authentication bypass, and php command injection vulnerabilities.
| | Author: | Andrew Horton (urbanadventurer) | | File Size: | 19037 | | Last Modified: | Nov 16 20:37:23 2009 |
| MD5 Checksum: | 5dcec16d5b818f21db12e4efcd7d78a0 |
|
| /// File Name: |
ms00_094_pbserver.rb.txt |
Description:
|
This is an exploit for the Phone Book Service /pbserver/pbserver.dll described in MS00-094. By sending an overly long URL argument for phone book updates, it is possible to overwrite the stack. This Metasploit module has only been tested against Windows 2000 SP1.
| | Author: | patrick | | Homepage: | http://www.metasploit.com | | File Size: | 2287 | | Related OSVDB(s): | 463 | | Related CVE(s): | CVE-2000-1089 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 8f98e0a8f552e8c9d40ce6979594e098 |
|
| /// File Name: |
ms01_023_printer.rb.txt |
Description:
|
This exploits a buffer overflow in the request processor of the Internet Printing Protocol ISAPI module in IIS. This Metasploit module works against Windows 2000 service pack 0 and 1. If the service stops responding after a successful compromise, run the exploit a couple more times to completely kill the hung process.
| | Author: | H D Moore | | Homepage: | http://www.metasploit.com | | File Size: | 2770 | | Related OSVDB(s): | 3323 | | Related CVE(s): | CVE-2001-0241 | | Last Modified: | Oct 30 17:02:03 2009 |
| MD5 Checksum: | 011eb5cfc9ca3a9b443ef09d69cb9770 |
|
| /// File Name: |
ms01_033_idq.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in the IDQ ISAPI handler for Microsoft Index Server.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1993 | | Related OSVDB(s): | 568 | | Related CVE(s): | CVE-2001-0500 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | e2fc9abea937d8ab7004cff1acb46057 |
|
| /// File Name: |
ms02_018_htr.rb.txt |
Description:
|
This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This Metasploit module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited. If you've set EXITFUNC to 'seh', the server will continue processing requests, but you will have trouble terminating a bind shell. If you set EXITFUNC to thread, the server will crash upon exit of the bind shell. The payload is alpha-numerically encoded without a NOP sled because otherwise the data gets mangled by the filters.
| | Author: | stinko | | Homepage: | http://www.metasploit.com | | File Size: | 2436 | | Related OSVDB(s): | 3325 | | Related CVE(s): | CVE-1999-0874 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 3b9914f3c7ce3d94567daaf53f52f817 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
