Metasploit Wrap-Up

Capture Credentials with our new SMB Server Our own Adam Galway revamped the old SMB capture module and now supports NTLMv1 and NTLMv2, as well as SMB1, SMB2 and SMB3. This was possible thanks to @zeroSteiner's new RubySMB server implementation. Metasploit is now able to capture NTLM hashes from...

Unspecified Vulnerability in Exim

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim has a security vulnerability. An attacker can exploit the vulnerability by authenticating a remote SMTP client to insert line breaks into a fake offline file via AUTH= in th...

Yokogawa BKBCopyD.exe Client Exploit

This module allows an unauthenticated user to interact with the Yokogawa CENTUM CS3000 BKBCopyD.exe service through the PMODE, RETR and STOR operations. Usage Info Module Options To display the available options, load the module within the Metasploit console and run the commands 'show options' or...

Affix Bluetooth Protocol Stack 3.1/3.2 Signed Buffer Index Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may b...

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

UFO: Alien Invasion 2.2.1 - Arbitrary Code Execution

Remote Arbitrary Code Execution Vulnerability in UFO: Alien Invasion -------------------------------------------------------------------- June 18th, 2010 ======= Summary ======= Name: Remote Arbitrary Code Execution Vulnerability in UFO: Alien Invasion Release Date: June 18th, 2010 Discoverer:...

Find Metadata

Added: 06/04/2009 Background This tool searches the Internet for PDF and Microsoft Office files in the given domain, and extracts the metadata from those files. This metadata often contains the names or aliases of the document's authors or contributors, which can be used to guess valid e-mail...

MegaBBS ASP Forum Cross-Site Scripting

HSC MegaBBS ASP Forum Cross-Site Scripting MegaBBS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

dnewsweb-xss.txt

HSC DNewsWeb Softwares Cross Site Scripting Vulrnability The DNews News Server is advanced news server software that makes it easy for you to provide users with fast access to Internet Usenet news groups. Installing your own l ocal news server software also gives you complete control to create yo...

phpsysinfo-xss.txt

HSC PHPSysInfo Index.php Cross Site Scripting PhpSysInfo is a PHP script that displays information about the host being accessed. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...

cactushop-mdb.txt

Cactushop V6 allows remote users to download the database which contains creditcard numbers and critical information. The affected carts default installation gives away the path to database file. As a result, an attacker exploiting this vulnerability will be able to obtain detailed private custom...

Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit

Exploit for linux platform in category remote exploits ============================================================== Quake 3 Engine 1.32b RRemapShader Remote Client BoF Exploit ============================================================== // remapthis.c - "RRemapShader" q3 engine 1.32b client...

Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit

No description provided by source. // remapthis.c - "RRemapShader" q3 engine 1.32b client remote bof exploit // by landser - landser at hotmail.co.il // // this code works as a preloaded shared library on a game server, // it hooks two functions on the running server: // svcdirectconnect that is...

Soldier of Fortune II <= 1.3 Server/Client Denial of Service Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h include errno.h...

CVE-2004-0885

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

CVE-2004-0885

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

Debian DSA-119-1 : ssh -- local root exploit, remote client exploit

Joost Pol reports that OpenSSH versions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation code. This vulnerability can be exploited by authenticated users to gain root privilege or by a malicious server exploiting a client with this bug. %NASLMINLEVEL 999999 @DEPRECATED@ This...

Solaris 8 (x86) : 109148-42

SunOS 5.8x86: linker patch. Date this patch was last updated by Sun : Sep/17/07 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

mah-jong[v1.4]: server/client remote buffer overflow exploit.

did an audit of mah-jong after seeing something about a debian advisory...the bugs found weren't mentioned, but were fixed in the overall giant patch for mah-jong, which is provided on debian's website1.4-2 patch. anyways, here is an exploit for the bugs found. original reference:...

Roger Wilco 1.x Client Data Buffer Overflow Exploit

Exploit for unknown platform in category dos / poc =================================================== Roger Wilco 1.x Client Data Buffer Overflow Exploit =================================================== / by Luigi Auriemma Use -DWIN to compile it on Windows UNIX & WIN VERSION / include includ...