exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files from Trancer

Email addressmtrancer at gmail.com
First Active2009-02-25
Last Active2010-10-01
Trend Micro Internet Security Pro 2010 ActiveX extSetOwner() Remote Code Execution
Posted Oct 1, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. When sending an invalid pointer to the extSetOwner() function of UfPBCtrl.dll an attacker may be able to execute arbitrary code.

tags | exploit, remote, arbitrary, code execution, activex
advisories | CVE-2010-3189
SHA-256 | c2a11c7983f91db8ab886e7660b02d16e3345e1caecf8da45a9e658400a2913f
Novell iPrint Client ActiveX Control call-back-url Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-1527
SHA-256 | 7cbaaf11994cc2aa297944de64087d82388e708d5b6a96ed7191080f1ca223d0
Novell iPrint Client ActiveX Control debug Buffer Overflow
Posted Sep 21, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in Novell iPrint Client 5.40. When sending an overly long string to the 'debug' parameter in ExecuteRequest() property of ienipp.ocx an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-3106
SHA-256 | e50f64e1f69d2ac7f0d33800fc3dc1283cd8c9b8ee93f24befcc1d27e5d76691
Internet Explorer DTHML Behaviors Use After Free
Posted Apr 1, 2010
Authored by Nanika, Trancer | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability within the DTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from Microsoft's suggested workaround to block access to the iepeers.dll file. According to Nico Waisman, "The bug itself is when trying to persist an object using the setAttribute, which end up calling VariantChangeTypeEx with both the source and the destination being the same variant. So if you send as a variant an IDISPATCH the algorythm will try to do a VariantClear of the destination before using it. This will end up on a call to PlainRelease which decref the reference and clean the object." NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.

tags | exploit
advisories | CVE-2010-0806
SHA-256 | 2050b221f455e1fa58a8d196ecf708064b18b0b04314d24c17d3d8356494d06e
Microsoft Internet Explorer iepeers.dll Use After Free
Posted Mar 11, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.

tags | exploit
advisories | CVE-2010-0806
SHA-256 | ca6ec897859207169db7407f8bb4734a3760e5319a030b811baaa720b7efddaa
South River Technologies WebDrive Service Bad Security Descriptor Local Privilege Escalation
Posted Jan 27, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a privilege escalation vulnerability in South River Technologies WebDrive. Due to an empty security descriptor, a local attacker can gain elevated privileges. Tested on South River Technologies WebDrive 9.02 build 2232 on Microsoft Windows XP SP3.

tags | exploit, local
systems | windows
advisories | CVE-2009-4606
SHA-256 | d1b1cd0b24c521c3ac658150a5658356bf2ad8fce479a3690ef93ddb1ce99210
AOL 9.5 Phobos.Playlist Import() Stack-based Buffer Overflow
Posted Jan 26, 2010
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow within Phobos.dll of AOL 9.5. By setting an overly long value to 'Import()', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
SHA-256 | 9b8e41c5f18f1940b770dab8c88980a409b2f76dd6cb4f4dea7b75f2c9423d54
cPanel HTTP Response Splitting
Posted Jan 22, 2010
Authored by Trancer

cPanel and WHM versions 11.25 (up to build 42174) allows CR injection that can be leveraged for HTTP response splitting attacks.

tags | exploit, web
SHA-256 | 0b670ad065f6c4108376593723c9a29dc3176ab42c972663cc916ea7c24106a6
AwingSoft Winds3D Player SceneURL Buffer Overflow
Posted Dec 31, 2009
Authored by shinnai, Trancer, jduck | Site metasploit.com

This Metasploit module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x (WindsPly.ocx v3.6.0.0). This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
SHA-256 | cc5464c5502efeb363604ff7cff786f441a5c42581c6aaf148a0991375add770
AOL Radio AmpX ActiveX Control ConvertFile() Buffer Overflow
Posted Nov 26, 2009
Authored by rgod, Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in AOL IWinAmpActiveX class (AmpX.dll) version 2.4.0.6 installed via AOL Radio website. By setting an overly long value to 'ConvertFile()', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
SHA-256 | b255bff048b696b83be33b74127329a23af7e1d356d9b41e180802e9add63785
Autodesk IDrop ActiveX Control Heap Memory Corruption
Posted Nov 26, 2009
Authored by Elazar Broad, Trancer | Site metasploit.com

This Metasploit module exploits a heap-based memory corruption vulnerability in Autodesk IDrop ActiveX control (IDrop.ocx) version 17.1.51.160. An attacker can execute arbitrary code by triggering a heap use after free condition using the Src, Background, PackageXml properties.

tags | exploit, arbitrary, activex
SHA-256 | ed9e481ead1489a1daf2b9cee8648d7e139f01c0d32d6ba6537f09d38141d0c1
HP Mercury Quality Center ActiveX Control ProgColor Buffer Overflow
Posted Nov 26, 2009
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 installed by TestDirector (TD) for Hewlett-Packard Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32. By setting an overly long value to 'ProgColor', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-1819
SHA-256 | c08b27a7fc069442f0b520a51db82b21f23f666431455fa3b054f21472e8a9ed
Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption
Posted Nov 26, 2009
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow (BDATuner.MPEG2TuneRequest). By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option (otherwise randomized) - I)ruid

tags | exploit, overflow, arbitrary
advisories | CVE-2008-0015
SHA-256 | e8f71e34b37a4de2b0396539c6da78a5e06109b689d9afc1f84fe565484d3e81
Roxio CinePlayer ActiveX Control Buffer Overflow
Posted Nov 26, 2009
Authored by Trancer | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in SonicPlayer ActiveX control (SonicMediaPlayer.dll) 3.0.0.1 installed by Roxio CinePlayer 3.2. By setting an overly long value to 'DiskType', an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
advisories | CVE-2007-1559
SHA-256 | 48b3779df2769a5bc6d16187b57ee218c56905cb69572013a5437f4bcdeda2c4
HTTPDX h_handlepeer() Buffer Overflow
Posted Oct 16, 2009
Authored by Trancer, Pankaj Kohli | Site rec-sec.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in HTTPDX HTTP server 1.4. The vulnerability is caused due to a boundary error within the "h_handlepeer()" function in http.cpp. By sending an overly long HTTP request, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, web, overflow, arbitrary
SHA-256 | 96eaa8c48e19f5fb3dca4fdb11170227a1757203bb4e06504fea12b4f61860cd
VideoLAN VLC Media Player 0.9.9 Buffer Overflow
Posted Jun 29, 2009
Authored by Trancer | Site rec-sec.com

VideoLAN VLC Media Player version 0.9.9 smb:// URI stack-based buffer overflow proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
SHA-256 | 02bd2a8bc15926beeeda72ddecf755f1be30dcda65538fbb067c7c837843b084
Green Dam URL Processing Buffer Overflow
Posted Jun 16, 2009
Authored by Trancer | Site rec-sec.com

This Metasploit module exploits a stack-based buffer overflow in Green Dam Youth Escort version 3.17 in the way it handles overly long URLs. By setting an overly long URL, an attacker can overrun a buffer and execute arbitrary code. This module uses the .NET DLL memory technique by Alexander Sotirov and Mark Dowd and should bypass DEP, NX and ASLR.

tags | exploit, overflow, arbitrary
SHA-256 | d0b4aaedaa43dfb14fc35f1443b4c0e80d58b6bd44a192f96fef4cee92df1ad8
Apple Safari 4 Beta feeds: Denial Of Service
Posted Feb 25, 2009
Authored by Trancer | Site rec-sec.com

Apple Safari 4 Beta suffers from a NULL pointer dereference denial of service vulnerability in relation to the feeds handler.

tags | exploit, denial of service
systems | apple
SHA-256 | 2a2602ebbdda5234530d8b159eb8732d4ae55700178e1a03437137bc29fb4961
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close