This Metasploit module exploits a directory traversal vulnerability found in Konica Minolta FTP Utility 1.0. This vulnerability allows an attacker to download arbitrary files from the server by crafting a RETR command that includes file system traversal strings such as ..//.
d72624ea7496900a5c29840fa3d505441427c6e9334e04c00e89ad2b227b11d4SonicWall NetExtender version 10.2.0.300 suffers from an unquoted service path vulnerability.
ec168adb408da09adcb5e7862e076b884d3773957bfa67dd254e524ff4dff3ceFriends in War Make or Break version 1.7 suffers from an unauthenticated administrative password change vulnerability.
234bbef0b5e39ebc0a6238178a400f1a4461860312f92fef37656fc31f8b5beeUCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.
ab4bfbe01de8884e92fde956506ce90ff8b75920f8923dace877792e43cd3b3bAloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.
7fa8744017306fcb9f8b6287e11861e540f90887c71065266540838aa74a25cdThis Metasploit module exploits a vulnerability found in Aladdin Knowledge System's ActiveX component. By supplying a long string of data to the ChooseFilePath() function, a buffer overflow occurs, which may result in remote code execution under the context of the user.
52766c2b3fde61f7b666e4b1325dcd3fd7b5e615f7cb3ac20c90295ebd3f492bThe Aladdin Knowledge System Ltd. PrivAgent active-x control version 2.0 suffers from buffer overflow and insecure file download vulnerabilities. Buffer overflow proof of concept included.
9a55abf480664665e35217155ae1a22dc463dfe106da40a050d4ea0d36c8c45eLibreOffice version 3.5.3 suffers from a FileOpen crash denial of service condition when handling rtf files.
a71da538901bbc0fa1d8228c151e5f1dd87314a31e0dae91254b0b30fc980d29BeyondCHM version 1.1 suffers from a buffer overflow vulnerability when handling a specially crafted chm file. Proof of concept included.
1f4140d1bd20cda3a4f39e3e694685f225a0d65e60da185fa2ca460418e79975Mobipocket Reader version 6.2 build 608 suffers from a buffer overflow vulnerability. Proof of concept included.
956ac848bb2710f1365550adfff0b8787d1dfb621595612c0d1b192087b80cb7SumatraPDF version 2.0.1 suffers from chm and mobi file memory corruption vulnerabilities. Proof of concept included.
2c48263ca242c08c83e3159ab0488a34d4ec0b9ed8c46ee7db29a49caef65b02LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
9108e491be1d7df3025c505170e97f3e07e7d1652a9bd9606c234343e61301b5PeerBlock version 1.1 blue screen of death denial of service exploit.
920cf5f9ed8276bb941a1713a259c0f0be78e23ac4b2956fc7396824706d5b71Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
902c4d348e0eb89f02c1aff016e36bb2f309e424dad941285a19cf704212a739This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
c654011b0b3147d7a6b19b80df3e17b7fd597bafa54d127293006bedf2615b9dHaihaisoft PDF Reader with OCX control version 1.1.2.0 suffers from a remote buffer overflow vulnerability.
f4f2df2555e6a1b165df2624885a25e4c36da2d1ed12ade17c8c774d9d6cbb70Yahoo! CD Player (YoPlyCd.dll) remote stack overflow exploit.
8a0d6e287e603a846eafe4d909f0383db7eaf2decf49a019977881ffd8347e27Viscom Software Movie Player Pro SDK version 6.8 suffers from an Active-X related buffer overflow vulnerability.
b48017e490f339f4951f725955f191ca1b85f6c188585cca4420cb71403509bcThis Metasploit module allows attackers to execute code via the 'WriteFile' unsafe method of Chilkat Software Inc's Crypt ActiveX control. This exploit is based on shinnai's exploit that uses an hcp:// protocol URI to execute our payload immediately. However, this method requires that the victim user be browsing with Administrator. Additionally, this method will not work on newer versions of Windows. NOTE: This vulnerability is still unpatched. The latest version of Chilkat Crypt at the time of this writing includes ChilkatCrypt2.DLL version 4.4.4.0.
f5fc358c931e5cad863d48c12b7b5bd2f2586f9cca6246339d327cfef13918bdThis Metasploit module exploits a stack-based buffer overflow in Ultra Shareware's Office Control. When processing the 'HttpUpload' method, the arguments are concatenated together to form a command line to run a bundled version of cURL. If the command fails to run, a stack-based buffer overflow occurs when building the error message. This is due to the use of sprintf() without proper bounds checking. NOTE: Due to input restrictions, this exploit uses a heap-spray to get the payload into memory unmodified.
8a257918eee93537e405cc218701960973136185e85d5e2b8f61efc33ae7b6b3This Metasploit module exploits a data segment buffer overflow within Winds3D Viewer of AwingSoft Awakening 3.x (WindsPly.ocx v3.6.0.0). This ActiveX is a plugin of AwingSoft Web3D Player. By setting an overly long value to the 'SceneURL' property, an attacker can overrun a buffer and execute arbitrary code.
cc5464c5502efeb363604ff7cff786f441a5c42581c6aaf148a0991375add770HaiHaiSoft Universal Player version 1.4.8.0 suffers from buffer overflow vulnerability.
43cd11160f2a5263a27f9188677df814c188a6b1f8aea6f8c48849928894c3d1AwingSoft Web3D Player using WindsPly.ocx versions 3.5.0.0 and below suffer from a remote buffer overflow vulnerability in SceneURL().
29528d60369660c1e028650260c3b4e760bc9d8bbc3b599a7623f7fe8dfaae18Zervit webserver version 0.4 directory traversal and memory corruption proof of concept exploit.
9e10e70eaec0d3a59ef5c25f192693edebf3b377c08b4fb02b2dc28d20ad097aJava SE Runtime Environment resource consumption exploit.
527612944f0e5df5e39b6ff1472ae2184bc2eb6861f81de9ad46c7a2ded3c8e3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed