91 matches found
Microsoft Windows NtUserMNDragOver Local Privilege Elevation
This module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex, which is reachable via a NtUserMNDragOver system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint function does not effectively check the validity of the tagPOPUPMENU objects it...
Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Date: 2019-11-03 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested on: Windows XP Pro SP0, SP1, SP2, SP3 CVE :...
Microsoft Exchange 2003 - base64-MIME Remote Code Execution Exploit
Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...
Windows WMI Recieve Notification Exploit
This Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: http://metasploit.com/download Current source:...
Windows WMI Receive Notification Exploit
This module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: https://metasploit.com/download Current source:...
NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
No description provided by source. Exploit Title: NJStar Communicator 3.00 MiniSMTP Server Remote Exploit Date: 10/31/2011 Author: Dillon Beresford Twitter: https://twitter.com/!/D1N Software Link: http://www.njstar.com/download/njcom.exe Version: 3.00 and prior Build: 11818 and prior Tested on:...
Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow
No description provided by source. $Id: factorylinkcsservice.rb 13019 2011-06-25 00:54:18Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
AkkyWareHOUSE 7-zip32.dll 4.42 Heap-Based Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25545/info AkkyWareHOUSE 7-zip32.dll is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers may be able to execute arbitrary machine code in the...
Borland CaliberRM StarTeam Multicast Service Buffer Overflow
No description provided by source. $Id: borlandstarteam.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Subtitle Processor 7.7.1 .M3U SEH Unicode Buffer Overflow
No description provided by source. $Id: subtitleprocessorm3ubof.rb 12461 2011-04-28 08:12:32Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
MS03-046 Exchange 2000 XEXCH50 Heap Overflow
No description provided by source. $Id: ms03046exchange2000xexch50.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...
Microsoft IIS 5.0 IDQ Path Overflow
No description provided by source. $Id: ms01033idq.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Ability Server <= 2.34 Remote APPE Buffer Overflow Exploit
No description provided by source. / TESTED ON WINXP SP0 RUS c by Dark Eagle from unl0ck research team http://unl0ck.void.ru HAPPY NEW YEAR! Greetz go out to: nekd0, antiq, fl0wsec setnf, nuTshell, nosystem CoKi, reflux... / include string.h include stdio.h include winsock2.h include windows.h //...
VLC 1.0.3 (.asx) - Denial of Service PoC
No description provided by source. !/user/bin/perl Author: D3V!L FUCKER Tested on: windows vista sp0 Code : my $file= crash.asx; my $boom= http://.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA x 500000; open$FILE,$file; print $FILE $boom; close$FILE; print Done..!\n;...
Sunway Force Control SCADA 6.1 SP3 httpsrv.exe Exploit
No description provided by source. Sunway Force Control SCADA httpsvr.exe Exploit Exploitable with simple SEH Overwrite technique Tested on XP SP0 English Probably will work on XP SP3 if you find none-safeseh dll for p/p/r pointer Canberk BOLAT | @cnbrkbolat cbolat.blogspot.com for fun ; notez:...
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
No description provided by source. $Id: msvidctlmpeg2.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
Webster HTTP Server GET Buffer Overflow
No description provided by source. $Id: websterhttp.rb 10887 2010-11-03 12:19:19Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/9316/info Jordan Windows Telnet Server has been reported prone to a remote buffer overrun vulnerability. The issue has been reported to present itself when a username of excessive length is supplied to the Telnet server...
Windows TrackPopupMenuEx Win32k NULL Page
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 'Windows TrackPopupMenuEx Win32k NULL Page', 'Description' = %q...
Windows TrackPopupMenuEx Win32k NULL Page
This module exploits a vulnerability in win32k.sys where under specific conditions TrackPopupMenuEx will pass a NULL pointer to the MNEndMenuState procedure. This module has been tested successfully on Windows 7 SP0 and Windows 7 SP1. This module requires Metasploit: https://metasploit.com/downlo...