This Metasploit module exploits a stack-based buffer overflow vulnerability in IBM Personal Communications I-Series. The issue affects file parsing in which data copied to a location in memory exceeds the size of the reserved destination area. The buffer is located on the runtime program stack. Versions tested: IBM System i Access for Windows V6R1M0 version 06.01.0001.0000a which bundles pcsws.exe version 5090.27271.709.
466e2459c3b7c7835607910609c5997d620ec132852f11a98e5e4ee4f42e0214Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
d488e05390fc02274354b9eb2deb35cb28a9702082aeccf1b3d64435758ea353This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3This Metasploit module exploits a remote stack buffer overflow vulnerability in 3S-Smart Software Solutions product CoDeSys Scada Web Server Version 1.1.9.9.
9380ae1d770450dec8ad28bbf0b92b9e420e8cda38119169c69b13c41f6b845aThis Metasploit module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function not stopping the execution flow.
dffc7356e911b26d771f5011bfe215352e628f842cedc4e8945c25cf29569ed8Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
902c4d348e0eb89f02c1aff016e36bb2f309e424dad941285a19cf704212a739This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
ff98b933de5295139e90a1985be85c50e19987cebb121f5874c995e6d229d3eeThis Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.
e1b54786a4e2d61486487555756f54e0b3b67f845210590ec4291fbcedf138f3This Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.
7c9d830274420e19564984899e0366cab20392b76e994a6b0e384e9de02b5a0aThis Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
9cec135d4cf28788b201ff76bbf8e4da5b3898cae8eca25fb07c606afc723f80This Metasploit module exploits a stack-based buffer overflow vulnerability in the latest version 3.5 of TugZip archiving utility. In order to trigger the vulnerability, an attacker must convince someone to load a specially crafted zip file with TugZip by double click or file open. By doing so, an attacker can execute arbitrary code as the victim user.
dfd1d434ab7742db844f4361a73baede359a856715df5794ad3d96c86362e269AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click will result in connecting to our malicious server and perform arbitrary code execution which allows the attacker to gain the same rights as the user running ScriptFTP.
83a230051d7cd6708a4d86afbe83ebbe437a5ab42fac5587f0c6034133b2f3f5eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from a file parsing buffer overflow in QUO. Successful exploitation of this vulnerability may take up to several seconds due to the use of egghunter. Also, DEP bypass is unlikely due to the limited space for payload.
45cd9b3a8b486aca462800fbb23d651421a08959c7bf6605daf83dde4828f239This Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.
802baf0283f3035901e556177c67bc14ff8b62fa5e4ccd9e691b0fd5740792beA vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecbIf-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.
54e0d5a2b5475f09684e3d5e161e928ef2258de0b02c152c7f1fffea225f343dVLC Media Player suffers from an XSPF local file integer overflow in the XSPF playlist parser. Versions 1.1.9 down to 0.8.5 are affected.
327fb012113f085e2d29934a59a41059f4a43c75746929006f19c0dcd0cdb1b8This Metasploit module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text', 'Image'), but if a match isn't found, the function that's supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. This Metasploit module was built to bypass ASLR and DEP. NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a victim user to 'double click' the malicious VWR file and execute code.
3771df4f4d30f18e8cb453cb8d601bc178761d31e4917dee0ed0a0b741354001iCMS version 1.1 administrative SQL injection / bruteforcing exploit.
664ef55883072a27146eead51eef8b3372cff6806f2389b33281b2bef7dc7b7bIf-CMS version 2.07 pre-authentication local file inclusion exploit.
effbd0aca372596920d6df8b67edc7f332a4e12d63e420f2f049f6be68e1c9a5N'CMS version 1.1e pre-authentication local file inclusion remote code execution exploit.
85f321d6979321a817b65af7ce2caf7b767d603efd57204140b22cb3876fc47dVtiger CRM version 5.0.4 pre-authentication local file inclusion exploit.
068b740a9aa359d25a9e002faa5fdf223de8b36ef0f7818b288c7f28177a52e4FieldNotes 32 version 5.0 SEH overwrite local exploit that produces a malicious .dxf file.
f75c21baa55aab7b4a56e64265927e5c83a13dfe8d7b75f74e3384b105fabf2dWinamp 5.572 local buffer overflow EIP and SEH DEP bypass exploit.
fb782d54f780e79c14f53a9397d02e994ff5fa0e7fa8279c9d55629976d69269ZipExplorer version 7.0 denial of service exploit that creates a malicious .rar file.
1f3600ca656cca15e957a5a74968bd9eb2758ebecd6f2b6818ffd55ef2774749
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed