6841 matches found
SonicWall SSL-VPN NetExtender ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in SonicWall SSL-VPN NetExtender. By sending an overly long string to the "AddRouteEntry" method located in the NELaunchX.dll 1.0.0.26 Control, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
GOM Player ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in GOM Player 2.1.6.3499. By sending an overly long string to the "OpenUrl" method located in the GomWeb3.dll Control, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling
This module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This module is the modified version of http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successfully tested on Windows 2000 SP4, Windows XP...
OS X Command Shell, Reverse TCP Stager
Spawn a command shell staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ---------- OSX reverse TCP stager. module MetasploitModule CachedSize = 184 include...
OS X Command Shell, Bind TCP Stager
Spawn a command shell staged. Listen for a connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- OSX bind TCP stager. module MetasploitModule CachedSize = 248 include Msf::Payload::Stager def...
OS X Write and Execute Binary, Reverse TCP Stager
Spawn a command shell staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ---------- OSX reverse TCP stager. module MetasploitModule CachedSize = 184 include...
OS X Write and Execute Binary, Bind TCP Stager
Spawn a command shell staged. Listen for a connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- OSX bind TCP stager. module MetasploitModule CachedSize = 248 include Msf::Payload::Stager def...
Borland InterBase isc_create_database() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...
Firebird Relational Database isc_create_database() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Firebird Relational Database...
Borland InterBase INET_connect() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...
Borland InterBase PWD_db_aliased() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase PWDdbaliased...
Borland InterBase Services Manager Information
This module retrieves version of the services manager, version and implementation of the InterBase server from InterBase Services Manager. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borlan...
Borland InterBase jrd8_create_database() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...
Firebird Relational Database SVC_attach() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Firebird Relational...
Firebird Relational Database isc_attach_database() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Firebird Relational Database...
Borland InterBase isc_attach_database() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...
Borland InterBase SVC_attach() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...
Borland InterBase open_marker_file() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase openmarkerfile...
Kazaa Altnet Download Manager ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in the Altnet Download Manager ActiveX Control amd4.dll bundled with Kazaa Media Desktop 3.2.7. By sending an overly long string to the "Install" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
TFTPDWIN v0.4.2 Long Filename Buffer Overflow
This module exploits the ProSysInfo TFTPDWIN threaded TFTP Server. By sending an overly long file name to the tftpd.exe server, the stack can be overwritten. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Savant 3.1 Web Server Overflow
This module exploits a stack buffer overflow in Savant 3.1 Web Server. The service supports a maximum of 10 threads for a default install. Each exploit attempt generally causes a thread to die whether successful or not. Therefore, in a default configuration, you only have 10 chances. Due to the...
Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in the Yahoo! Messenger ActiveX Control YVerInfo.dll 'Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the Yahoo! Messenger ActiveX Control YVerInfo.dll MSFLICENSE,...
Xitami 2.5c2 Web Server If-Modified-Since Overflow
This module exploits a stack buffer overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. Th...
Netcat v1.10 NT Stack Buffer Overflow
This module exploits a stack buffer overflow in Netcat v1.10 NT. By sending an overly long string we are able to overwrite SEH. The vulnerability exists when netcat is used to bind -e an executable to a port in doexec.c. This module tested successfully using "c:\nc -L -p 31337 -e ftp". This modul...
Apple iOS iPhone Vibrate
Causes the iPhone to vibrate, only works when the AudioToolkit library has been loaded. Based on work by Charlie Miller . This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 16 include...
Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in Ask.com Toolbar 4.0.2.53. An attacker may be able to execute arbitrary code by sending an overly long string to the "ShortFormat" method in askbar.dll. This module requires Metasploit: https://metasploit.com/download Current source:...
Cisco IOS HTTP GET /%% Request Denial of Service
This module triggers a Denial of Service condition in the Cisco IOS HTTP server. By sending a GET request for "/%%", the device becomes unresponsive. IOS 11.1 - 12.1 are reportedly vulnerable. This module tested successfully against a Cisco 1600 Router IOS v11.218P. This module requires Metasploi...
Apple iOS Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 200 include Msf::Payload::Single include Msf::Payload::Osx include...
Simple
Simple NOP generator This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework SingleByte ---------- This class implements simple NOP generator for ARM little endian class MetasploitModule 'Simple', 'Alias' = 'armlesimple',...
Apple iOS Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 152 include Msf::Payload::Single include Msf::Payload::Osx include...
Trend Micro OfficeScan Remote Stack Buffer Overflow
This module exploits a stack buffer overflow in Trend Micro OfficeScan cgiChkMasterPwd.exe running with SYSTEM privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasm' class MetasploitModule 'Trend...
FileCopa FTP Server Pre 18 Jul Version
This module exploits the buffer overflow found in the LIST command in fileCOPA FTP server pre 18 Jul 2006 version discovered by www.appsec.ch This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
BolinTech Dream FTP Server 1.02 Format String
This module exploits a format string overflow in the BolinTech Dream FTP Server version 1.02. Based on the exploit by SkyLined. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BolinTech Dream F...
LeapWare LeapFTP v2.7.3.600 PASV Reply Client Overflow
This module exploits a buffer overflow in the LeapWare LeapFTP v2.7.3.600 client that is triggered through an excessively long PASV reply command. This module was ported from the original exploit by drG4njubas with minor improvements. This module requires Metasploit: https://metasploit.com/downlo...
TABS MailCarrier v2.51 SMTP EHLO Overflow
This module exploits the MailCarrier v2.51 suite SMTP service. The stack is overwritten when sending an overly long EHLO command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TABS MailCarrie...
Allied Telesyn TFTP Server 1.9 Long Filename Overflow
This module exploits a stack buffer overflow in AT-TFTP v1.9, by sending a request get/write for an overly long file name. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Allied Telesyn TFTP...
CCProxy Telnet Proxy Ping Overflow
This module exploits the YoungZSoft CCProxy 'CCProxy Telnet Proxy Ping Overflow', 'Description' = %q This module exploits the YoungZSoft CCProxy 'aushack' , 'Arch' = ARCHX86 , 'License' = MSFLICENSE, 'References' = 'CVE', '2004-2416' , 'OSVDB', '11593' , 'BID', '11666' , 'EDB', '621' , ,...
PSO Proxy v0.91 Stack Buffer Overflow
This module exploits a buffer overflow in the PSO Proxy v0.91 web server. If a client sends an excessively long string the stack is overwritten. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow
This module exploits a buffer overflow in Trend Micro ServerProtect 5.58 Build 1060. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Trend Micro OfficeScan Client ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in Trend Micro OfficeScan Corporate Edition 7.3. By sending an overly long string to the "CgiOnUpdate" method located in the OfficeScanSetupINI.dll Control, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
HP OpenView Operations OVTrace Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Operations version A.07.50. By sending a specially crafted packet, a remote attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows RSH Daemon Buffer Overflow
This module exploits a vulnerability in Windows RSH daemon 1.8. The vulnerability is due to a failure to check for the length of input sent to the RSH server. A CPORT of 512 - 1023 must be configured for the exploit to be successful. This module requires Metasploit: https://metasploit.com/downloa...
SOCKS Proxy UNC Path Redirection
This module provides a Socks proxy service that redirects all HTTP requests to a web page that loads a UNC path. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SOCKS Proxy UNC Path Redirection...
Ipswitch IMail IMAP SEARCH Buffer Overflow
This module exploits a stack buffer overflow in Ipswitch IMail Server 2006.1 IMAP SEARCH verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. In order for this module to be successful, the IMAP user must have at least one message. This module...
Borland Interbase Create-Request Buffer Overflow
This module exploits a stack buffer overflow in Borland Interbase 2007. By sending a specially crafted create-request packet, a remote attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
EnjoySAP SAP GUI ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in SAP KWEdit ActiveX Control kwedit.dll 6400.1.1.41 provided by EnjoySAP GUI. By sending an overly long string to the "PrepareToPostHTML" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
SquirrelMail PGP Plugin Command Execution (SMTP)
This module exploits a command execution vulnerability in the PGP plugin of SquirrelMail. This flaw was found while quickly grepping the code after release of some information at http://www.wslabi.com/. Later, iDefense published an advisory .... Reading an email in SquirrelMail with the PGP plugi...
SAP DB 7.4 WebTools Buffer Overflow
This module exploits a stack buffer overflow in SAP DB 7.4 WebTools. By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Samba lsa_io_trans_names Heap Overflow
This module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method credit Ramon and Adriano, which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher...
McAfee Visual Trace ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in the McAfee Visual Trace 3.25 ActiveX Control NeoTraceExplorer.dll 1.0.0.1. By sending an overly long string to the "TraceTarget" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...