6841 matches found
CA BrightStor ARCserve Tape Engine Buffer Overflow
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current...
MailEnable Authorization Header Buffer Overflow
This module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are...
Private Wire Gateway Buffer Overflow
This exploits a buffer overflow in the ADMCREG.EXE used in the PrivateWire Online Registration Facility. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This file may only be distributed as part of the Metasploit...
ISS PAM.dll ICQ Parser Buffer Overflow
This module exploits a stack buffer overflow in the ISS products that use the iss-pam1.dll ICQ parser Blackice/RealSecure. Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast...
Seattle Lab Mail 5.5 POP3 Buffer Overflow
There exists an unauthenticated buffer overflow vulnerability in the POP3 server of Seattle Lab Mail 5.5 when sending a password with excessive length. Successful exploitation should not crash either the service or the server; however, after initial use the port cannot be reused for successive...
Subversion Date Svnserve
This is an exploit for the Subversion date parsing overflow. This exploit is for the svnserve daemon svn:// protocol and will not work for Subversion over webdav https://. This exploit should never crash the daemon, and should be safe to do multi-hits. WARNING This exploit seems to not very often...
vBulletin misc.php Template Name Arbitrary Code Execution
This module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected. This module requires Metasploit:...
PAJAX Remote Command Execution
RedTeam has identified two security flaws in PAJAX 'PAJAX Remote Command Execution', 'Description' = %q RedTeam has identified two security flaws in PAJAX 'Matteo Cantoni ', 'hdm' , 'License' = MSFLICENSE, 'References' = 'CVE', '2006-1551', 'OSVDB', '24618', 'BID', '17519', 'URL',...
AWStats configdir Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...
Cacti graph_view.php Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graphview.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...
HP Openview connectedNodes.ovpl Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will be displayed to the screen. This module requires Metasploit: https://metasploit.com/download Current source:...
Barracuda IMG.PL Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
Novell NetMail IMAP SUBSCRIBE Buffer Overflow
This module exploits a stack buffer overflow in Novell's NetMail 3.52 IMAP SUBSCRIBE verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Novell NetMail IMAP STATUS Buffer Overflow
This module exploits a stack buffer overflow in Novell's NetMail 3.52 IMAP STATUS verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Novell NetMail IMAP APPEND Buffer Overflow
This module exploits a stack buffer overflow in Novell's Netmail 3.52 IMAP APPEND verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Mercur v5.0 IMAP SP3 SELECT Buffer Overflow
Mercur v5.0 IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Credit to Tim Taylor for discover the vulnerabilit...
RealServer Describe Buffer Overflow
This module exploits a buffer overflow in RealServer 7/8/9 and was based on Johnny Cyberpunk's THCrealbad exploit. This code should reliably exploit Linux, BSD, and Windows-based servers. This module requires Metasploit: https://metasploit.com/download Current source:...
Bomberclone 0.11.6 Buffer Overflow
This module exploits a stack buffer overflow in Bomberclone 0.11.6 for Windows. The return address is overwritten with lstrcpyA memory address, the second and third value are the destination buffer, the fourth value is the source address of our buffer in the stack. This exploit is like a return i...
BakBone NetVault Remote Heap Overflow
This module exploits a heap overflow in the BakBone NetVault Process Manager service. This code is a direct port of the netvault.c code written by nolimit and BuzzDee. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Mercur Messaging 2005 IMAP Login Buffer Overflow
This module exploits a stack buffer overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results. This module requires Metasploit: https://metasploit.com/download Current source:...
SoftiaCom WMailserver 1.0 Buffer Overflow
This module exploits a stack buffer overflow in SoftiaCom WMailserver 1.0 SMTP via a SEH frame overwrite. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SoftiaCom WMailserver 1.0 Buffer...
BadBlue 2.5 EXT.dll Buffer Overflow
This is a stack buffer overflow exploit for BadBlue version 2.5. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :pattern = /BadBlue// include Msf::Exploit::Remote::HttpClient include...
PHP Command Shell, Bind TCP (via PHP)
Listen for a connection and spawn a command shell via php This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php include...
Microsoft Internet Explorer isComponentInstalled Overflow
This module exploits a stack buffer overflow in Internet Explorer. This bug was patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
PHP Command Shell, Bind TCP (via Perl)
Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...
PHP Command, Double Reverse TCP Connection (via Perl)
Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php include...
PHP Nop Generator
Generates harmless padding for PHP scripts This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This class implements a "nop" generator for PHP payloads class MetasploitModule 'PHP Nop Generator', 'Alias' = 'phpgeneric',...
MS06-057 Microsoft Internet Explorer WebViewFolderIcon setSlice() Overflow
This module exploits a flaw in the WebViewFolderIcon ActiveX control included with Windows 2000, Windows XP, and Windows 2003. This flaw was published during the Month of Browser Bugs project MoBB 18. This module requires Metasploit: https://metasploit.com/download Current source:...
MS05-030 Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
This module exploits a stack buffer overflow in the news reader of Microsoft Outlook Express. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS05-030 Microsoft Outlook Express NNTP Response...
UltraVNC 1.0.1 Client Buffer Overflow
This module exploits a buffer overflow in UltraVNC Win32 Viewer 1.0.1 Release. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UltraVNC 1.0.1 Client Buffer Overflow', 'Description' = %q This...
RealVNC 3.3.7 Client Buffer Overflow
This module exploits a buffer overflow in RealVNC 3.3.7 vncviewer.exe. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RealVNC 3.3.7 Client Buffer Overflow', 'Description' = %q This module...
SecureCRT SSH1 Buffer Overflow
This module exploits a buffer overflow in SecureCRT 'SecureCRT SSH1 Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in SecureCRT 'MC', 'License' = MSFLICENSE, 'References' = 'CVE', '2002-1059' , 'OSVDB', '4991' , 'BID', '5287' , , 'DefaultOptions' = 'EXITFUNC' =...
PuTTY Buffer Overflow
This module exploits a buffer overflow in the PuTTY SSH client that is triggered through a validation error in SSH.c. This vulnerability affects versions 0.53 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...
Mercantec SoftCart CGI Overflow
This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b. This module...
Squid NTLM Authenticate Overflow
This is an exploit for Squid's NTLM authenticate overflow libntlmssp.c. Due to improper bounds checking in ntlmcheckauth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length. Props to iDEFENSE for the advisory. This module requires...
War-FTPD 1.65 Password Overflow
This exploits the buffer overflow found in the PASS command in War-FTPD 1.65. This particular module will only work reliably against Windows 2000 targets. The server must be configured to allow anonymous logins for this exploit to succeed. A failed attempt will bring down the service completely...
MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow
MailEnable's IMAP server contains a buffer overflow vulnerability in the Login command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MailEnable IMAPD 2.34/2.35 Login Request Buffer Overflow'...
Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution
This module exploits a vulnerability in the GDI library included with Windows XP and 2003. This vulnerability uses the 'Escape' metafile function to execute arbitrary code through the SetAbortProc procedure. This module generates a random WMF record stream for each request. This module requires...
Microsoft Windows NAT Helper Denial of Service
This module exploits a denial of service vulnerability within the Internet Connection Sharing service in Windows XP. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows NAT Helper...
Microsoft Plug and Play Service Registry Overflow
This module triggers a stack buffer overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, this module will result in a forced reboot on Windows 2000. Obtaining cod...
Veritas Backup Exec Server Registry Access
This modules exploits a remote registry access flaw in the BackupExec Windows Server RPC service. This vulnerability was discovered by Pedram Amini and is based on the NDR stub information posted to openrce.org. Please see the action list for the different attack modes. This module requires...
Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow
This module attempts to exploit a buffer overflow vulnerability present in versions 2.2.2 through 2.2.6 of Samba. The Samba developers report this as: "Bug in the length checking for encrypted password change requests from clients." The bug was discovered and reported by the Debian Samba...
3CTftpSvc TFTP Long Mode Buffer Overflow
This module exploits a stack buffer overflow in 3CTftpSvc 2.0.1. By sending a specially crafted packet with an overly long mode field, a remote attacker could overflow a buffer and execute arbitrary code on the system. This module requires Metasploit: https://metasploit.com/download Current sourc...
XMPlay 3.3.0.4 (ASX Filename) Buffer Overflow
This module exploits a stack buffer overflow in XMPlay 3.3.0.4. The vulnerability is caused due to a boundary error within the parsing of playlists containing an overly long file name. This module uses the ASX file format. This module requires Metasploit: https://metasploit.com/download Current...
FreeBSD Remote NFS RPC Request Denial of Service
This module sends a specially-crafted NFS Mount request causing a kernel panic on host running FreeBSD 6.0. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD Remote NFS RPC Request Denial...
MS06-066 Microsoft Services nwwks.dll Module Exploit
This module exploits a stack buffer overflow in the svchost service, when the netware client service is running. This specific vulnerability is in the nwapi32.dll module. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...
MS06-066 Microsoft Services nwapi32.dll Module Exploit
This module exploits a stack buffer overflow in the svchost service when the netware client service is running. This specific vulnerability is in the nwapi32.dll module. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Cesar FTP 0.99g MKD Command Buffer Overflow
This module exploits a stack buffer overflow in the MKD verb in CesarFTP 0.99g. You must have valid credentials to trigger this vulnerability. Also, you only get one chance, so choose your target carefully. This module requires Metasploit: https://metasploit.com/download Current source:...
NaviCOPA 2.0.1 URL Handling Buffer Overflow
This module exploits a stack buffer overflow in NaviCOPA 2.0.1. The vulnerability is caused due to a boundary error within the handling of URL parameters. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
mIRC IRC URL Buffer Overflow
This module exploits a stack buffer overflow in mIRC 6.1. By submitting an overly long and specially crafted URL to the 'irc' protocol, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...