This Metasploit module exploits a stack buffer overflow in the db_netserver process which is spawned by the Lianja SQL server. The issue is fixed in Lianja SQL 1.0.0RC5.2.
7e06bdae955716ffa265faef6d8a8657fd4b8897f76d0c56b6eba227f9c8cabdThis Metasploit module utilizes a stager to upload a base64 encoded binary which is then decoded, chmod'ed and executed from the command shell.
4e828bd76fd9d92b7193f91ff6cdf47c21ab888c351730fc0b672b1bdfa5d5fbThis Metasploit module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The vulnerability exists with a group number extracted from the CNCT information, which is sent by the client, and whose size is not properly checked. This Metasploit module uses an existing call to memcpy, just prior to the vulnerable code, which allows a small amount of data to be written to the stack. A two-phases stackpivot allows to execute the ROP chain which ultimately is used to execute VirtualAlloc and bypass DEP.
7de29ccbc4fc0af57c3834340b87fbe2ce27419e8888190bc1a4620767590552This Metasploit module uses the Jenkins Groovy script console to execute OS commands using Java.
d399ceb32f8d20399dd647bec028b96de469f3d117d253352dc348ede3915dd0This Metasploit module exploits a vulnerability found in Netwin SurgeFTP, version 23c8 or prior. In order to execute commands via the FTP service, please note that you must have a valid credential to the web-based administrative console.
d2cfc6fc7d86461f770fda0e4daee3857ea9a4952d95f4921e2a9e92c4b23c57This Metasploit module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitrary commands.
9c5497a6325d67d7f481c7eb716e3d3140096da4260b045df2ab7396b276dad6This Metasploit module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process before restoring it's own token to avoid causing system instability.
f6dc1203a74e12170988c31fabd455ab39d26e8231aa917f56967362c0509242Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.
8c72b50832476f3e05267e7d4f72848ea822e3c27a9f383258782999f96bcc12This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.
7495092f0f3708dd15dbc023f72927b1df95d3321e5d2ee8abfac8bf7f05f086LifeSize Room versions 3.5.3 and 4.7.8 suffer from login bypass and OS command injection vulnerabilities.
1647496bffc74c6edbb34dead3db89188ce281881cefe893983eeac2aac22187This Metasploit module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of payload options.
bc789e70640c945e6a6f6fa9ba27368f9de27c0090d0ccd409f59ebd6c1e5bd1SiteScape Forums suffers from a remote TCL injection vulnerability. SiteScape Enterprise Forums version 7 is affected. Other versions may also be affected. Both an advisory and exploit are included in this archive.
7620c4ffc191f14b35ab86f7bddcefbecdaadbde0acf0524ee884952f17bbc37
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed