This Metasploit module triggers a use-after-free vulnerability in the Apache Software Foundation mod_isapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally (either an aborted TCP connection or an unsatisfied chunked request), mod_isapi will unload the ISAPI extension. Later, if another request comes for that ISAPI module, previously obtained pointers will be used resulting in an access violation or potentially arbitrary code execution. Although arbitrary code execution is theoretically possible, a real-world method of invoking this consequence has not been proven. In order to do so, one would need to find a situation where a particular ISAPI module loads at an image base address that can be re-allocated by a remote attacker. Limited success was encountered using two separate ISAPI modules. In this scenario, a second ISAPI module was loaded into the same memory area as the previously unloaded module.
e04d3b9c9de28cf065800495f9d457177003f542be9c1a8e7109f19ae6fb7ca1Adobe Reader version 9.3.4 is vulnerable to multiple memory corruption vulnerabilities. By sending specially crafted PDF files it is possible to cause memory corruption in the 3difr and AcroRd32.dll modules. Both issues trigger a null pointer condition which results in an access violation. The issue in AcroRd32.dll is triggered when Adobe Reader is closed.
8cc088f240fc45c266a250afb545cea36a5bbe247a4e721a59aa2a79ae7d9a37278 bytes small write-to-file shellcode that writes the word pwned to a text file titled f.txt in the current working directory.
fb57669413ae8633c51d2bf538c0ed15eb323bac6e59fe689cabe6326fd2b66aApache version 2.2.14 mod_isapi remote SYSTEM exploit. Due to the nature of the vulnerability, and exploitation method, DEP should be limited to essential Windows programs and services. At worst, if DEP is enabled for the Apache process, you could cause a constant DoS by looping this (since apache will automatically restart).
c783414f79f43dcae00ce4cd44e85c324652565b650c7c405e711ebdd5c30075By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache 2.2.14 mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.
90f73578fb832e46f16d36335ab9911e89d608d85ddf6502b6fd7c3f8e006935TheGreenBow VPN Client is vulnerable to a local stack based buffer overflow which can lead to the compromise of a vulnerable system. The vulnerability is caused due to a boundary error when processing certain sections of tgb (policy) files. Passing an overly long string to "OpenScriptAfterUp" will trigger the overflow. Successful exploitation results in the execution of arbitrary code.
1ffec12a678c5b206a9f84012a31ba855c8fdf3a743bd8d5c1d652387ca0644cAn implementation of the A5/1 cipher written in C#. A5/1 is the current encryption cipher used in Telstra GSM phones.
d37e849ea29aaedf216357024b5e10bbb8b8f3c612ad613fb974907be687a51cAn implementation of the A5/1 cipher written in PHP. A5/1 is the current encryption cipher used in Telstra GSM phones.
cadba26324b0e9e4f121129c2086166c670cbe02cdd5d75890fa68d5a1f16653
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed