Section:  .. / 1002-exploits  /

Page 2 of 16
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 >> Files 25 - 50 of 396
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: CORE-2010-0106.txt
Description:
Core Security Technologies Advisory - The Cisco Secure Desktop web application does not sufficiently verify if a well-formed request was provided by the user who submitted the POST request, resulting in a cross-site scripting vulnerability. In order to be able to successfully make the attack, the Secure Desktop application on the Cisco Appliance must be turned on.
Author:Core Security Technologies
Homepage:http://www.coresecurity.com/corelabs/
File Size:7791
Related CVE(s):CVE-2010-0440
Last Modified:Feb 1 20:45:49 2010
MD5 Checksum:43bf3b5f149665627a5281e53af94e5a

 ///  File Name: interspire-sqlxss.txt
Description:
Interspire Knowledgebase Manager versions 5.1.3 and below suffer from information disclosure, cross site scripting and remote SQL injection vulnerabilities.
Author:Cory Marsh
File Size:7753
Last Modified:Feb 5 18:40:13 2010
MD5 Checksum:a58dc78da859dbf0769a7973b8610540

 ///  File Name: wireshark_lwres_getaddrbyname.rb.tx..>
Description:
The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue.
Author:babi,jduck
Homepage:http://www.metasploit.com
File Size:7491
Related OSVDB(s):61987
Related CVE(s):CVE-2010-0304
Last Modified:Feb 5 18:57:03 2010
MD5 Checksum:40cfc04732b379ed5f4261da9cf95bf6

 ///  File Name: samba-traversal.txt
Description:
Samba suffers from a remote directory traversal vulnerability. A remote attacker can read, list and retrieve nearly all files on the system remotely. Required is a valid samba account for a share which is writable OR a writable share which is configured to be a guest account share, in this case this is a preauth exploit.Included is a smbclient patch that exploits this vulnerability.
Author:Kingcope
File Size:7421
Last Modified:Feb 5 11:15:11 2010
MD5 Checksum:1a2d221d161a154517117c74712f77de

 ///  File Name: ie-adduser.txt
Description:
Microsoft Internet Explorer versions 6 and 7 remote user addition exploit.
Author:Sioma Labs
File Size:7379
Last Modified:Feb 15 18:23:03 2010
MD5 Checksum:35d8e9bcc3def29b39f63693cbcad14a

 ///  File Name: ie-urlvalidation.txt
Description:
Microsoft Internet Explorer versions 7 and 8 suffer from an url validation vulnerability.
Author:Lostmon
Homepage:http://lostmon.blogspot.com/
File Size:7257
Related OSVDB(s):62245
Related CVE(s):CVE-2010-0027
Last Modified:Feb 10 18:19:31 2010
MD5 Checksum:d60b3fb4b6b318e0680533656880a97f

 ///  File Name: symantec-exec.txt
Description:
Remote command execution exploit for the AMS2 (Alert Management Systems 2) component of multiple Symantec products.
Author:Kingcope
File Size:7063
Related CVE(s):CVE-2009-1429
Last Modified:Feb 4 01:43:55 2010
MD5 Checksum:f978f77e5fbeaf14861e8acc2a406f0e

 ///  File Name: corelan-10-009-ipswitch-imail.txt
Description:
Ipswitch IMail server version 11.01 suffers from a reversible encryption vulnerability.
Author:sinn3r
File Size:6623
Last Modified:Feb 5 18:28:00 2010
MD5 Checksum:c0af0f3102545f2df46f09690d825db9

 ///  File Name: jboss_maindeployer.rb.txt
Description:
This Metasploit module can be used to execute a payload on JBoss servers that have an exposed "jmx-console" application. The payload is put on the server by using the jboss.system:MainDeployer functionality. To accomplish this, a temporary HTTP server is created to serve a WAR archive containing our payload. This method will only work if the target server allows outbound connections to us.
Author:jduck
Homepage:http://www.metasploit.com
File Size:6266
Related OSVDB(s):33744
Related CVE(s):CVE-2006-1036
Last Modified:Feb 23 01:19:27 2010
MD5 Checksum:99b80c8a2b487c1ef70b58ea0a45407a

 ///  File Name: mysql_yassl_getname.rb.txt
Description:
This Metasploit module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside ./taocrypt/src/asn.cpp. However, the stack buffer that is written to exists within a parent function stack frame. NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL. The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation. Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature. Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL.
Author:jduck
Homepage:http://www.metasploit.com
File Size:5840
Related OSVDB(s):61956
Last Modified:Feb 5 19:07:12 2010
MD5 Checksum:d029c6a4e1e757e8e1f838fe13930102

 ///  File Name: vermillion_ftpd_port.rb.txt
Description:
This Metasploit module exploits an out-of-bounds array access in the Arcane Software Vermillion FTP server. By sending an specially crafted FTP PORT command, an attacker can corrupt stack memory and execute arbitrary code. This particular issue is caused by processing data bound by attacker controlled input while writing into a 4 byte stack buffer. Unfortunately, the writing that occurs is not a simple byte copy. Processing is done using a source ptr (p) and a destination pointer (q). The vulnerable function walks the input string and continues while the source byte is non-null. If a comma is encountered, the function increments the the destination pointer. If an ascii digit [0-9] is encountered, the following occurs: *q = (*q * 10) + (*p - '0'); All other input characters are ignored in this loop. As a consequence, an attacker must craft input such that modifications to the current values on the stack result in usable values. In this exploit, the low two bytes of the return address are adjusted to point at the location of a 'call edi' instruction within the binary. This was chosen since 'edi' points at the source buffer when the function returns. NOTE: This server can be installed as a service using "vftpd.exe install". If so, the service does not restart automatically, giving an attacker only one attempt.
Author:jduck
Homepage:http://www.metasploit.com
File Size:5806
Related OSVDB(s):62163
Last Modified:Feb 9 21:13:30 2010
MD5 Checksum:0dbcd2c3469f1061e7b7ab3d2f7daa4c

 ///  File Name: calicclnt_getconfig.rb.txt
Description:
This Metasploit module exploits an vulnerability in the CA License Client service. This exploit will only work if your IP address can be resolved from the target system point of view. This can be accomplished on a local network by running the 'nmbd' service that comes with Samba. If you are running this exploit from Windows and do not filter udp port 137, this should not be a problem (if the target is on the same network segment). Due to the bugginess of the software, you are only allowed one connection to the agent port before it starts ignoring you. If it wasn't for this issue, it would be possible to repeatedly exploit this bug.
Author:Thor Doomen,patrick
Homepage:http://www.metasploit.com
File Size:5744
Related OSVDB(s):14389
Related CVE(s):CVE-2005-0581
Last Modified:Feb 15 17:12:09 2010
MD5 Checksum:8e470559c88b3e76f25cab2ae19a7470

 ///  File Name: ms09_050_smb2_negotiate_func_index...>
Description:
This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
Author:H D Moore,laurent gaffie,sf
Homepage:http://www.metasploit.com
File Size:5667
Related OSVDB(s):57799
Related CVE(s):CVE-2009-3103
Last Modified:Feb 26 13:18:48 2010
MD5 Checksum:3020f10279af4ec16b64a2fdc43b26b2

 ///  File Name: coreftp.py.txt
Description:
CoreFTP version 2.1 b1637 password field universal buffer overflow exploit.
Author:corelanc0d3r,mr_me
File Size:5472
Last Modified:Feb 2 16:32:02 2010
MD5 Checksum:41a135ea6e8049a11c9d8ec050efe027

 ///  File Name: SA-20100208-0.txt
Description:
Xerox WorkCentre versions 5665, 5675, and 5687 suffers from backdoor and authentication vulnerabilities.
Author:Daniel Fabian
Homepage:http://www.sec-consult.com
File Size:5380
Last Modified:Feb 23 02:34:49 2010
MD5 Checksum:c92ff24436f953cf17dc018b9002568c

 ///  File Name: coreimpact-dos.txt
Description:
Core Impact version 7.5 denial of service exploit.
Author:Beenu Arora
Homepage:http://www.beenuarora.com/
File Size:5333
Last Modified:Feb 12 01:16:07 2010
MD5 Checksum:45f8e65d67bc9a66b88a0fc46dc7c1dc

 ///  File Name: sharepointserver-xss.txt
Description:
SharePoint server suffers from a cross site scripting vulnerability.
Author:Irene Abezgauz
Homepage:http://www.hacktics.com/
File Size:5301
Related CVE(s):CVE-2008-5026
Last Modified:Feb 23 02:51:54 2010
MD5 Checksum:3d5e48120fedc2ab9938363f959ff9a2

 ///  File Name: oputils_5-xss.txt
Description:
ManageEngine OpUtils 5 suffers from multiple cross site scripting vulnerabilities in Login.DO.
Author:Asheesh Kumar Mani Tripathi
File Size:5236
Last Modified:Feb 4 02:10:51 2010
MD5 Checksum:b569e4cd245b6a5868965bb9949c002e

 ///  File Name: softbizauktios-sql.txt
Description:
Softbiz Auktios suffers from multiple remote SQL injection vulnerabilities.
Author:Easy Laster
File Size:5134
Last Modified:Feb 25 00:53:05 2010
MD5 Checksum:dd6d566e55ce1f03401d2274cfef0784

 ///  File Name: lprng_format_string.rb.txt
Description:
This Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".
Author:jduck
Homepage:http://www.metasploit.com
File Size:4942
Related OSVDB(s):421
Related CVE(s):CVE-2000-0917
Last Modified:Feb 17 18:45:41 2010
MD5 Checksum:6d35b4aae06d6486bf87ed8f10cfbfb4

 ///  File Name: ms09_067_excel_featheader.rb.txt
Description:
This Metasploit module exploits a vulnerability in the handling of the FEATHEADER record by Microsoft Excel. Revisions of Office XP and later prior to the release of the MS09-067 bulletin are vulnerable. When processing a FEATHEADER (Shared Feature) record, Microsoft used a data structure from the file to calculate a pointer offset without doing proper validation. Attacker supplied data is then used to calculate the location of an object, and in turn a virtual function call. This results in arbitrary code exection. NOTE: On some versions of Office, the user will need to dismiss a warning dialog prior to the payload executing.
Author:Sean Larsson,jduck
Homepage:http://www.metasploit.com
File Size:4752
Related OSVDB(s):59860
Related CVE(s):CVE-2009-3129
Last Modified:Feb 15 17:09:58 2010
MD5 Checksum:2c5f0b59bdc07a89618fcbf2fd871a76

 ///  File Name: radasmrap-overflow.txt
Description:
Radasm universal local buffer overflow exploit that creates a malicious .rap file.
Author:Dz_attacker
File Size:4633
Last Modified:Feb 11 19:22:32 2010
MD5 Checksum:3b72a28a4e7e1008b86c48c353317096

 ///  File Name: corelan-10-008-evalmsi.txt
Description:
Evalsmsi version 2.1.03 suffers from authentication bypass, cross site scripting and remote SQL injection vulnerabilities.
Author:corelanc0d3r
File Size:4546
Last Modified:Feb 5 18:25:42 2010
MD5 Checksum:4e7f78c58e5eef2a0cf77410c4835a99

 ///  File Name: calicserv_getconfig.rb.txt
Description:
This Metasploit module exploits an vulnerability in the CA License Server network service. By sending an excessively long GETCONFIG packet the stack may be overwritten.
Author:Thor Doomen,patrick
Homepage:http://www.metasploit.com
File Size:4454
Related OSVDB(s):14389
Related CVE(s):CVE-2005-0581
Last Modified:Feb 15 17:11:46 2010
MD5 Checksum:e526f917891667036dc6583399fa7bdc

 ///  File Name: cybershadecms-insecure.txt
Description:
Cybershade CMS version 0.2b suffers from a session hijacking vulnerability.
Author:JosS
Homepage:http://www.spanish-hackers.com/
File Size:4390
Last Modified:Feb 26 14:16:37 2010
MD5 Checksum:5ce2049ea26b2667d01fde43abb66140