This Metasploit module simply queries the TNS listener for the Oracle SID. With Oracle 9.2.0.8 and above the listener will be protected and the SID will have to be bruteforced or guessed.
2273dce8943255197fa66720b7e61a0d28b70df18000893f99a9a0d469d033e9This Metasploit module will access Novell eDirectorys eMBox service and can run the following actions via the SOAP interface: GET_DN, READ_LOGS, LIST_SERVICES, STOP_SERVICE, START_SERVICE, SET_LOGFILE.
6f3159d4e22911966229228c779f6b480d4899bc7ad4b88645ca6777cfbc71f7This will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected.
49a2f85914fe62a59a5b35436be0129aeb6f0625b2437d7ef4016b0001eb50eaOracle 9i XDB FTP PASS overflow for win32. Ported to python from the oracle9i_xdb_ftp_pass.rb exploit.
c76afb229ccd6ac3298763a1ff4cafc65db00bf77e00f2bd1bfe8a4dfe743f28This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands.
a7114479b9ce7f63393a233814fca94f23890b35fff1a4000dbd132da087dd09This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
9e93281c5a99b1786fc2fabf26e8375d1877b9b8ef741951fae3d0bad9d2039cThis Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.
59f34d37d37b405a3dd87eeca325a737d7f8ec08d171027a83a944479ce1cfcdThis Metasploit module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
d5a669e1cbe9fc32e390511a50ad2d982a0384474455021a3f0a09566e1a4261This Metasploit module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in property_box.php can be used to execute arbitrary system commands. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0
a6b9f81b959d5734b4b0566c794ef98effe3e6416939923022fc0bcd168099f4Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
95f14312377294847b6443cafaea422eaf213f3a09cd52c6d7c601bcebfb6aeeSymantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
232e78f8e6e5a5694a725d2f5a4b7ce93a4095155e0009240604e9174b7559f1This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.
39aebaad8a45d97708b4f70fca83c568747d3a648e8d0349db79003d4c8c1d8eThis Metasploit module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code.
eb9d10b903164f2c90c26f542dab7d1cc131c1e19ce94207df65fcf05ff64db7This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
eefc2e2dd1a8e6e3d6bbd51968ba293d8582140300ddd65d9a563690a5bf114bThis Metasploit module exploits a buffer overflow in Sielco Sistem Winlog <= 2.07.00. When sending a specially formatted packet to the Runtime.exe service, an attacker may be able to execute arbitrary code.
ad560ed7c2b5c2b085b3af27e95252ee83dd229a20d5349ee20068a8929d360fThis Metasploit module exploits a vulnerability found in DATAC Control International RealWin SCADA Server 2.1 and below. By supplying a specially crafted On_FC_BINFILE_FCS_*FILE packet via port 910, RealWin will try to create a file (which would be saved to C:\Program Files\DATAC\Real Win\RW-version\filename) by first copying the user-supplied filename with a inline memcpy routine without proper bounds checking, which results a stack-based buffer overflow, allowing arbitrary remote code execution. Tested version: 2.0 (Build 6.1.8.10).
03bf98284439d992c47fe1e2bec66c01c8f4a83ae33e20afd12558dba1c061a7This Metasploit module exploits a directory traversal and remote code execution flaw in EMC HomeBase Server 6.3.0. Note: This Metasploit module has only been tested against Windows XP SP3 and Windows 2003 SP2.
e1157c518d84a4ffe3868bae4edb8772e80255a4824a34ca07799e7a7f517728This Metasploit module exploits a record parsing vulnerability in Microsoft Word. The Microsoft advisory detailing this issue is MS-09-027.
1ded3e2e88389357c74dfff95913dc140e9106025d3676e663967a157f6a57afThis Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted Hostname parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.
02e35aef4d2704a877aaa34534a7c31d092c5935e1f8e3a97604db506cae3315This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted ICount parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.
4c22f86bdf3b46260576ea5cf66c91a1e70361023d657dd8cabdade506e19c3cThis Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted MaxAge parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.
80ff73419a7cd13d7e21eb8ec7e33cd16805fe4f27fb6954c76a5d837fa3bf7fThis Metasploit module exploits a hidden account in the com.trinagy.security.XMLUserManager Java class. When using this account, an attacker can abuse the com.trinagy.servlet.HelpManagerServlet class and write arbitrary files to the system allowing the execution of arbitrary code. NOTE: This Metasploit module has only been tested against HP OpenView Performance Insight Server 5.41.0.
050081861cf9f50a5ad646217b0778ac53503dda9e87c16307c0f9afee856b4cThis Metasploit module exploits a memory trust issue in the Microsoft WMI Administration tools ActiveX control. When processing a specially crafted HTML page, the WEBSingleView.ocx ActiveX Control (1.50.1131.0) will treat the 'lCtxHandle' parameter to the 'AddContextRef' and 'ReleaseContext' methods as a trusted pointer. It makes an indirect call via this pointer which leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions.
2fbd749099ccbb1eb6187af91f72d8f6bdafd96cce71ee281207ddc8baca9110This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
c028aa1aba49bcdf2f915cc27582fb2f1fa7090e144741d9f3a5d81e7227f5a8This Metasploit module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.[bz2|gz] archive between November 28th 2010 and 2nd December 2010.
17094d8d6cc795f560232204708dd66d83a3dfa1fbf4de49a332bb625e731aef
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed