37 matches found
CVE-2014-4076
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to 1 tcpip.sys or 2 tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."...
Omnicom Alpha 4.0e LPD Server DoS
No description provided by source. !/usr/bin/python Title: Omnicom Alpha 4.0e LPD Server DoS Author: Craig Freyman @cd1zz Software Download: http://www.omnicomtech.com/download/bin/lpd.exe Tested on: Windows XP SP3 English, Server 2003 SP2 English Dates: Bug Found 7/27/2011, Vendor Notified...
HP Managed Printing Administration jobAcct Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
HP Managed Printing Administration jobAcct Remote Command Execution
This Metasploit module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and before. The vulnerability exists in the UploadFiles function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory...
HP Managed Printing Administration jobAcct Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP Managed Printing Administration...
CVE-2012-1866
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to...
Sysax 5.57 - Directory Traversal
!/usr/bin/python Title: Sysax Multi Server = 5.57 Directory Traversal Tool Post Auth Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bit Date Discovered: March 27, 2012 Vendor Contacted: March 29, 2012 Vendor Response: April 3, 2012 Vendor Fixed: Currently working on fi...
Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution (Egghunter)
Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution Egghunter !/usr/bin/python Title: Sysax Multi Server " sys.exit1 target = sys.argv1 port = intsys.argv2 user = sys.argv3 password = sys.argv4 opersys = sys.argv5 base64 encode the provided creds creds =...
Sysax Multi Server 5.52 - File Rename Buffer Overflow Remote Code Execution (Egghunter)
!/usr/bin/python Title: Sysax Multi Server " sys.exit1 target = sys.argv1 port = intsys.argv2 user = sys.argv3 password = sys.argv4 opersys = sys.argv5 base64 encode the provided creds creds = base64.encodestringuser+"\x0a"+password msfpayload windows/shellbindtcp LPORT=4444 R|msfencode -e...
Sysax Multi Server 5.50 - Create Folder Remote Code Execution Buffer Overflow (Metasploit)
Sysax Multi Server 5.50 - Create Folder Remote Code Execution Buffer Overflow Metasploit Title: Sysax Multi Server 5.50 Create Folder Remote Code Exec BoF MSF Module Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bitNo DEP Notes: My original exploit =...
Sysax Multi Server 5.50 Create Folder BOF
Exploit for windows platform in category remote exploits !/usr/bin/python Title: Sysax Multi Server 5.50 Create Folder BOF Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bitNo DEP Date Discovered: January 13, 2012 Vendor Contacted: January 15, 2012 Vendor Response:...
Sysax Multi Server 5.50 - Create Folder Buffer Overflow
!/usr/bin/python Title: Sysax Multi Server 5.50 Create Folder BOF Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit and Server 2003 SP2 32bitNo DEP Date Discovered: January 13, 2012 Vendor Contacted: January 15, 2012 Vendor Response: January 16, 2012 Vendor Fix: Version 5.52 released on Januar...
LiteServe 2.81 - 'PASV' Denial of Service
!/usr/bin/python Title: LiteServe 2.81 PASV Command DoS Author: Craig Freyman @cd1zz Date: Bug found July 25, 2011 - Vendor approved release August 7, 2011 Tested on Windows XP SP3 and Server 2003 SP2 Software: http://www.cmfperception.com/liteserve.html Notes: In certain conditions that I could...
Ruby随机数字生成本地拒绝服务漏洞
BUGTRAQ ID: 49015 CVE ID: CVE-2011-2686 Ruby是一种功能强大的面向对象的脚本语言。 Ruby在处理随机数字生成的实现上存在本地拒绝服务漏洞,本地攻击者可利用此漏洞造成拒绝服务。 Yukihiro Matsumoto Ruby 1.8.7 x 厂商补丁: Yukihiro Matsumoto ------------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/ !/usr/bin/python Title: Omnicom Alpha 4.0e LPD Serv...
Omnicom Alpha 4.0e LPD Server Denial Of Service
!/usr/bin/python Title: Omnicom Alpha 4.0e LPD Server DoS Author: Craig Freyman @cd1zz Software Download: http://www.omnicomtech.com/download/bin/lpd.exe Tested on: Windows XP SP3 English, Server 2003 SP2 English Dates: Bug Found 7/27/2011, Vendor Notified 8/1/2011, Vendor Responded 8/2/2011,...
VulnCheck KEV: CVE-2011-1249
The Ancillary Function Driver AFD in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges...
Microsoft Windows远程过程调用子系统本地权限提升漏洞(MS10-084)
BUGTRAQ ID: 43777 CVE ID: CVE-2010-3222 Microsoft Windows是微软发布的非常流行的操作系统。 运行在NetworkService账号环境下的远程过程调用子系统(RPCSS)中在LPC与LRPC Server(RPC端点映射器)之间交换端口消息存在栈溢出漏洞。本地应用程序可以使用LPC请求LPC服务器通过LRPC回连到客户端,而请求中的特制数据可以触发栈溢出,允许通过认证的用户访问在NetworkService账号环境中所运行的资源。 Microsoft Windows XP SP3 Microsoft Windows XP Pro...
CVE-2010-3222
Stack-based buffer overflow in the Remote Procedure Call Subsystem RPCSS in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun...
Microsoft Windows OpenType Font (OTF) Format Driver CVE-2010-2741 Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts...
Windows win32k.sys驱动用户池溢出本地权限提升漏洞(MS10-048)
BUGTRAQ ID: 42245 CVE ID: CVE-2010-1895 Microsoft Windows是微软发布的非常流行的操作系统。 Windows中的win32k.sys内核驱动在从用户态进行拷贝时没有正确地分配内存,导致权限提升。成功利用这个漏洞的攻击者可以执行任意内核态代码。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP3 Microsoft Windows XP Pro x64版SP2 Microsoft Windows Server 2003 SP2 厂商补丁: Microsoft...