Section: .. / 0911-exploits /
| /// File Name: |
apple_itunes_playlist.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Apple ITunes 4.7 build 4.7.0.42. By creating a URL link to a malicious PLS file, a remote attacker could overflow a buffer and execute arbitrary code. When using this module, be sure to set the URIPATH with an extension of '.pls'.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2181 | | Related OSVDB(s): | 12833 | | Related CVE(s): | CVE-2005-0043 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 2f0010313c0494bc25e2563cadffc6da |
|
| /// File Name: |
apple_quicktime_rtsp.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in Apple QuickTime 7.1.3. This Metasploit module was inspired by MOAB-01-01-2007. The Browser target for this module was tested against IE 6 and Firefox 1.5.0.3 on Windows XP SP0/2; Firefox 3 blacklists the QuickTime plugin.
| | Author: | MC,egypt | | Homepage: | http://www.metasploit.com | | File Size: | 4865 | | Related OSVDB(s): | 31023 | | Related CVE(s): | CVE-2007-0015 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | d2ab9eb9d899356379e076fe8e98c51f |
|
| /// File Name: |
apple_quicktime_rtsp_response.rb.tx..> |
Description:
|
This Metasploit module exploits a stack overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2991 | | Related OSVDB(s): | 40876 | | Related CVE(s): | CVE-2007-6166 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 53ef97f1a29b0a357f71238f64bf8af4 |
|
| /// File Name: |
ask_shortformat.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Ask.com Toolbar 4.0.2.53. An attacker may be able to execute arbitrary code by sending an overly long string to the "ShortFormat()" method in askbar.dll.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2590 | | Related OSVDB(s): | 37735 | | Related CVE(s): | CVE-2007-5107 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 6468ef0292a337f26024734a3db1ef31 |
|
| /// File Name: |
athocgov_completeinstallation.rb.tx..> |
Description:
|
This Metasploit module exploits a stack overflow in AtHocGov IWSAlerts. When sending an overly long string to the CompleteInstallation() method of AtHocGovTBr.dll (6.1.4.36) an attacker may be able to execute arbitrary code. This vulnerability was silently patched by the vendor.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 4097 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 7a69f327cb1b6c6fd85573375b96bec6 |
|
| /// File Name: |
autodesk_idrop.rb.txt |
Description:
|
This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.
| | Author: | Elazar Broad,Trancer | | Homepage: | http://www.metasploit.com | | File Size: | 4124 | | Related OSVDB(s): | 53265 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 037140349d314f924d03d94351da0c4e |
|
| /// File Name: |
avast-corrupt.txt |
Description:
|
Avast's aswRdr.sys driver does not sanitize user supplied input IOCTL and this may lead to a kernel heap overflow that propagates on the system with a BSOD and offers potential risk of privilege escalation. Proof of concept code included.
| | Author: | AbdulAziz Hariri ,Evilcry | | File Size: | 5150 | | Last Modified: | Nov 18 08:35:30 2009 |
| MD5 Checksum: | cd96aecf6f16e39656603640bd2ae4de |
|
| /// File Name: |
babywebserver.py.txt |
Description:
|
Baby Web Server version 2.7.2 remote denial of service exploit.
| | Author: | Asheesh Kumar Mani Tripathi | | File Size: | 972 | | Last Modified: | Nov 18 20:31:28 2009 |
| MD5 Checksum: | a220df279fdab082fdc92aeb18d4c039 |
|
| /// File Name: |
badblue_passthru.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1920 | | Related OSVDB(s): | 42416 | | Related CVE(s): | CVE-2007-6377 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 0e1ee4241d028ab720144a5a3bc8d711 |
|
| /// File Name: |
bakbone_netvault_heap.rb.txt |
Description:
|
This Metasploit module exploits a heap overflow in the BakBone NetVault Process Manager service. This code is a direct port of the netvault.c code written by nolimit and BuzzDee.
| | Author: | H D Moore,nolimit | | Homepage: | http://www.metasploit.com | | File Size: | 4455 | | Related OSVDB(s): | 15234 | | Related CVE(s): | CVE-2005-1009 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 875f10d61e00f6e28f4dd5afef4dd48c |
|
| /// File Name: |
bea_weblogic_transfer_encoding.rb.t..> |
Description:
|
This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. This vulnerability exists in the error reporting for unknown Transfer-Encoding headers. You may have to run this twice due to timing issues with handlers.
| | Author: | Pusscat | | Homepage: | http://www.metasploit.com | | File Size: | 2282 | | Related OSVDB(s): | 49283 | | Related CVE(s): | CVE-2008-4008 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 74af4e2126b11ad29de9538e2e13079b |
|
| /// File Name: |
bearshare_setformatlikesample.rb.tx..> |
Description:
|
This Metasploit module exploits a stack overflow in the NCTAudioFile2.Audio ActiveX Control provided by BearShare 6.0.2.26789. By sending a overly long string to the "SetFormatLikeSample()" method, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2477 | | Related OSVDB(s): | 32032 | | Related CVE(s): | CVE-2007-0018 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | e52fa5a62ccba780e1cf47122114cb77 |
|
| /// File Name: |
belkin_bulldog.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in Belkin Bulldog Plus 4.0.2 build 1219. When sending a specially crafted http request, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1945 | | Related OSVDB(s): | 54395 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 0e6cc12f1405f1054d70415ee14b0c92 |
|
| /// File Name: |
betsycms-lfi.txt |
Description:
|
Betsy CMS versions 3.5 and below suffer from a local file inclusion vulnerability.
| | Author: | MizoZ | | File Size: | 303 | | Last Modified: | Nov 20 17:13:41 2009 |
| MD5 Checksum: | af53d106cf468ae9ee9b7fe09dc5e39e |
|
| /// File Name: |
bigant_server.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in BigAnt Server 2.2. By sending a specially crafted packet, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1900 | | Related OSVDB(s): | 44454 | | Related CVE(s): | CVE-2008-1914 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | bdff331e09e3dcb3175415f2197439e8 |
|
| /// File Name: |
bigant_server_250.rb.txt |
Description:
|
This exploits a stack overflow in the BigAnt Messaging Service, part of the BigAnt Server product suite. This Metasploit module was tested successfully against version 2.50 SP1.
| | Author: | Dr_IDE | | Homepage: | http://www.metasploit.com | | File Size: | 2097 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | b8c3695e97f2b2b70f97bd00056eb4ae |
|
| /// File Name: |
blackice_pam_icq.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in the ISS products that use the iss-pam1.dll ICQ parser (Blackice/RealSecure). Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast address. The ISS exception handler will recover the process after each overflow, giving us the ability to bruteforce the service and exploit it multiple times.
| | Author: | spoonm | | Homepage: | http://www.metasploit.com | | File Size: | 4777 | | Related OSVDB(s): | 4355 | | Related CVE(s): | CVE-2004-0362 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 1c58d827d6f1aaeecff28a920e0a3da8 |
|
| /// File Name: |
blazedvd_plf.rb.txt |
Description:
|
This Metasploit module exploits a stack over flow in BlazeDVD 5.1. When the application is used to open a specially crafted plf file, a buffer is overwritten allowing for the execution of arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2568 | | Last Modified: | Oct 30 17:01:38 2009 |
| MD5 Checksum: | 4b192fd114bdfab3ca86f73ff8eea814 |
|
| /// File Name: |
bluecoat_winproxy_host.rb.txt |
Description:
|
This Metasploit module exploits a buffer overflow in the Blue Coat Systems WinProxy service by sending a long port value for the Host header in a HTTP request.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 1961 | | Related OSVDB(s): | 22238 | | Related CVE(s): | CVE-2005-4085 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 6a872c00eb1961383ba93974bdafb62a |
|
| /// File Name: |
bomberclone_overflow.rb.txt |
Description:
|
This Metasploit module exploits a stack buffer overflow in Bomberclone 0.11.6 for Windows. The return address is overwritten with lstrcpyA memory address, the second and third value are the destination buffer, the fourth value is the source address of our buffer in the stack. This exploit is like a return in libc. ATTENTION The shellcode is exec ONLY when someone try to close bomberclone.
| | Author: | acaro | | Homepage: | http://www.metasploit.com | | File Size: | 2174 | | Related OSVDB(s): | 23263 | | Related CVE(s): | CVE-2006-0460 | | Last Modified: | Nov 25 19:34:53 2009 |
| MD5 Checksum: | 43871d6e220ead4e9efcb1c617cb3286 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
