Mozilla Firefox 7 / 8 Out-Of-Bounds Access

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Firefox 7/8 %q Th...

IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Overflow

This module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the "RunAndUploadFile" method where the "OtherFields" parameter with user controlled data is use...

VLC Media Player RealText Subtitle Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'VLC Media Player RealText Subtitle...

VLC Media Player RealText Subtitle Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

VLC Media Player RealText Subtitle Overflow

This module exploits a stack buffer overflow vulnerability in VideoLAN VLC 'VLC Media Player RealText Subtitle Overflow', 'Description' = %q This module exploits a stack buffer overflow vulnerability in VideoLAN VLC MSFLICENSE, 'Author' = 'Tobias Klein', Vulnerability Discovery 'SkD', Exploit 'ju...

Gitorious Remote Command Execution

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products Gitorious 2.1.1 http://gitorious.org Vendor communication 2012-01-16 Asking vendor for PGP key 2012-01-17 Getting PGP key from vendor 2012-01-17 Sending vulnerability details to vendor 2012-01-19 Vendor...

Traq admincp/common.php Remote Code Execution

This module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located in the /admicp/ directory to make sure the user has admin rights. This is a broken authorization schema because the header...

CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

This module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary...

ARP Spoof

Spoof ARP replies and poison remote ARP caches to conduct IP address spoofing or a denial of service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ARP Spoof', 'Description' = %q Spoof ARP...

JBoss Seam 2 Remote Command Execution

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This modules also has been tested...

AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

This module exploits VanDyke Software AbsoluteFTP by overflowing a filename buffer related to the LIST command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AbsoluteFTP 1.9.6 - 2.2.10 LIST...

HTTP Cross-Site Tracing Detection

Checks if the host is vulnerable to Cross-Site Tracing XST This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Cross-Site Tracing Detection', 'Description' = 'Checks if the host is vulnerable ...

Windows Manage Certificate Authority Removal

This module allows the attacker to remove an arbitrary CA certificate from the victim's Trusted Root store. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Certificate Authority...

Snortreport nmap.php/nbtscan.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in nmap.php and nbtscan.php scripts. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Snortreport nmap.php/nbtscan.php Remote...

Apache Range Header DoS (Apache Killer)

The byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer" This module requires...

RealNetworks Realplayer QCP Parsing Heap Overflow

This module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute...

Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin

====Vulnerability==== The '1 Flash Gallery' WordPress plugin http://wordpress.org/extend/plugins/1-flash-gallery/ is vulnerable to an arbitrary file upload vulnerability. This vulnerability is present from version 1.30 until version 1.5.7. The plugin has been downloaded an estimated 460,000 times...

Freefloat FTP Server APPE Command Overflow

Title : Freefloat FTP Server APPE Command Overflow Exploit - MSF Author : Veerendra G.G SecPod Technologies www.secpod.com Vendor : http://www.freefloat.com/sv/freefloat-ftp-server/freefloat-ftp-server.php Advisory : http://secpod.org/blog/?p=310 http://secpod.org/blog/?p=384...

BisonFTP Server Remote Buffer Overflow Exploit (MSF)

Exploit for windows platform in category remote exploits Title : BisonFTP Server Remote Buffer Overflow Exploit Author : Veerendra G.G SecPod Technologies www.secpod.com Advisory : http://secpod.org/blog/?p=384 http://secpod.org/msf/bisonserverbof.rb Version : BisonFTP Server 'BisonFTP Server...

FreeFloat FTP Server Multiple Remote Buffer Overflow

Exploit for windows platform in category local exploits 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...