39 matches found
Quick FTP Pro 2.1 Transfer-Mode Overflow
No description provided by source. $Id: quicktftppromode.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
Quick TFTP Server Pro 2.1 - Transfer-Mode Overflow (Metasploit)
$Id: quicktftppromode.rb 9525 2010-06-15 07:18:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
MundiMail 0.8.2 - Remote Code Execution
MundiMail 0.8.2 - Remote Code Execution Reference: http://www.ccat.edu.mx/advisors/advisor5/advisor5.html Credits: Ccat Research Labs - México - Coatepec, Ver. www.ccat.edu.mx Software Link: http://sourceforge.net/projects/mundimail/ Tested on: Debian, Centos & Windows Server 2000 Preview: Code...
MundiMail 0.8.2 Remote Code Execution
No description provided by source. Reference: http://www.ccat.edu.mx/advisors/advisor5/advisor5.html Credits: Ccat Research Labs - México - Coatepec, Ver. www.ccat.edu.mx Software Link: http://sourceforge.net/projects/mundimail/ Tested on: Debian, Centos & Windows Server 2000 Preview: Code uses...
CVE-2009-0233
The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...
IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow
This module exploits a stack buffer overflow in Lotus Domino's Sametime Server. By sending an overly long POST request to the Multiplexer STMux.exe service we are able to overwrite SEH. Based on the exploit by Manuel Santamarina Suarez. This module requires Metasploit:...
Quick FTP Pro 2.1 Transfer-Mode Overflow
This module exploits a stack buffer overflow in the Quick TFTP Pro server product. MS Update KB926436 screws up the opcode address being used in oledlg.dll resulting in a DoS. This is a port of a sploit by Mati "muts" Aharoni. This module requires Metasploit: https://metasploit.com/download Curre...
sametime-exploit.txt
!perl "IBM Lotus Sametime" StMUX Stack Overflow Exploit Author: Manuel Santamarina Suarez e-Mail: [email protected] use IO::Socket; use File::Basename; destination TCP port $port = 1533; SE handler Don't use upper-case ASCII characters or 0x00, 0x0a, 0x0b, 0x0d, 0x20 You MUST use a POP/POP/RET...
IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command
IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command !perl "IBM Lotus Domino" IMAP4 Server 'LSUB' Command Exploit Author: Manuel Santamarina Suarez e-Mail: [email protected] use IO::Socket; use File::Basename; destination TCP port $port = 143; SE handler You can only use HEX values from 0x20 to...
IBM Lotus Domino 7.0.2FP1 IMAP4 Server LSUB Command Exploit
Exploit for unknown platform in category remote exploits =========================================================== IBM Lotus Domino 7.0.2FP1 IMAP4 Server LSUB Command Exploit =========================================================== !perl "IBM Lotus Domino" IMAP4 Server 'LSUB' Command Exploit...
Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow
Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow !/usr/bin/python Remote exploit for the 0day Windows DNS RPC service vulnerability as described in https://www.securityfocus.com/bid/23470/info. Tested on Windows 2000 SP4. The exploit if successful binds a shell to TCP port 4444...
Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow
!/usr/bin/python Remote exploit for the 0day Windows DNS RPC service vulnerability as described in https://www.securityfocus.com/bid/23470/info. Tested on Windows 2000 SP4. The exploit if successful binds a shell to TCP port 4444 and then connects to it. Cheers to metasploit for the first exploit...
Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities
Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities source: https://www.securityfocus.com/bid/19636/info Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities that are related to the instantiation of COM objects. These issues ma...
VMware 5.5.1 - COM Object Arbitrary Partition Table Delete
http://www.xsec.org Overview: On running windows system, you can't delete, format and change system dirver. \ VMware register a COM Object use for Virtual Disk, but it's very danger. \ I don't know how to name this issue. If you allow unsafe ActiveX and jscript, \ and has VMware installed, the...
Microsoft Commerce Server 2002: Logon as known user with a false password
Microsoft Commerce Server 2002: Logon as known user with a false password Vulnerable: Microsoft Windows Server 2000/2003 + Internet Information Server 5/6 + Commerce Server 2002 Discussion: Microsoft Commerce Server is used by company's who want to give customers the opportunity to change there o...
Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055)
Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation MS05-055 / helper.c commented out below ms05-055.c /str0ke / / MS05-055 Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability Exploit Created by SoBeIt 12.25.2005 Main file of exploit Tested on: Windows 2000 PRO...
Watchfire AppScan QA 5.0.x - Remote Code Execution
Watchfire AppScan QA 5.0.x - Remote Code Execution Watchfire AppScan QA PoC - Coded by Mariano Nuñez Di Croce @ CYBSEC How to use: 1. Run this script to setup the fake web server. 2. Scan the server with AppScan QA, either in Interactive or Manual mode. 3. If you get an "You are vulnerable!" popu...
Microsoft Windows Server 2000 - UPNP 'getdevicelist' Memory Leak Denial of Service
/ Author: Winny Thomas Nevis Labs, Pune, INDIA Details: While working on the exploit for MS05-047 i came across a condition where a specially crafted request to upnpgetdevicelist would cause services.exe to consume memory to a point where the target machines virtual memory gets exhausted. This...
Microsoft Windows Server 2000 - WINS Remote Code Execution
Microsoft Windows Server 2000 - WINS Remote Code Execution // / ZUCWins 0.1 - Wins 2000 remote root exploit / / Exploit by: zuc / / works on Windows 2000 SP3/SP4 probably every language / // include include include include include include include include include include include include include...
Microsoft Windows Server 2000 - WINS Remote Code Execution
// / ZUCWins 0.1 - Wins 2000 remote root exploit / / Exploit by: zuc / / works on Windows 2000 SP3/SP4 probably every language / // include include include include include include include include include include include include include include include include char shellcode =...