This Metasploit module exploits a vulnerability in the coreservice.exe component of Proycon Core Server versions 1.13 and below. While processing a password, the application fails to do proper bounds checking before copying data into a small buffer on the stack. This causes a buffer overflow and allows it to overwrite a structured exception handling record on the stack, allowing for unauthenticated remote code execution. Also, after the payload exits, Coreservice.exe should automatically recover.
e20f70a94d94013038daa9d62df79866FreeBSD 7.x local kernel panic exploit.
add039fb1c245f77a4cb905b00f17610QNX version 6.4.0 bitflipped ELF binary kernel panic exploit.
8cd7ec18a224bf2f0c7c1a6fe0125e97F-PROT Antivirus version 6.2.1.4252 suffers from an infinite loop denial of service vulnerability when handling a malformed archive. Such an archive is included.
ccf02c136598d7886c30a98078a7ba43minix version 3.1.2a suffers from a remote tty panic vulnerability.
901fc1abec7cc082445ea01f095a495eMinix version 3.1.2a suffers from a tty panic local denial of service vulnerability.
a22651fcf1856f9932203452a358dc4eDenial of service exploit for Microsoft Windows XP and Vista that uses ARP.
ec01db94676e0e857e2df54111ac342dThe IBM Totalstorage ds400 comes with unpassworded root access.
cde2ff111e2bfc41e6e205d930cc416dFreeBSD ftruncate() DoS exploit. Causes system reboot.
91f26e1379a94423d62726a310080d5aFreeBSD sched_setscheduler() local denial of service exploit.
f67ccaf23adcbbce0ec9bbdf0ab658b4FreeBSD 5.4 and 6.0 ptrace DoS exploit.
e874ca23f483121af19ba03d820b0850Local root exploit for QNX Neutrino RTOS's phfont command. Affects QNX Neutrino RTOS version 6.2.1. Earlier versions may also be susceptible.
671f10313114f264e395db3183a96069Cisco AP remote denial of service exploit that makes use of maliciously crafted ARP requests.
d02e7efd73f0f14bbf68c9a6387031f4Farmers WIFE version 4.4 sp1 ftpd remote exploit that allows for system compromise.
8f952e01a07259244b3b2baf44fe55e3Cisco IP Phone 7940 remote denial of service exploit that causes it to reboot.
70757991e3add734d943889b6c0a6d52Wmapm v3.1 local exploit - Gives a shell with UID=operator in FreeBSD if compiled via ports collection, or UID=root if compiled from source on FreeBSD or Linux. Requires a valid X display.
9c96e222a97fbced2e4789d67c4f010fRemote exploit for Cfengine versions 2.-2.0.3 that makes use of a stack overflow discussed here. Tested against FreeBSD 4.8-RELEASE. Binds a shell to port 45295.
bec7a5ae73b4eb63bb76d5151e18f80bLocal exploit for ViRobot 2.0 that works against the FreeBSD edition. Tested against FreeBSD 4.8.
ed19ce04e70634d80a88c32115c487eemIRC 6.03 and below allows an attacker to misleading supply a URL that poses as one URL but leads to another by setting the color of the secondary URL to the default background color.
fd32c6ce59bd218876dfd24ee5d0db85mIRC 6.03 and below allow the ability for a remote attacker to spoof a dcc chat request in a targets client.
eb6345b03fb7484eb004825a495ef57bLocal root exploit for listproc 8.2.09 written for FreeBSD.
a65af9fb53e73d9c62532f6a4a3e3389Hilariously amusing and simple exploit that makes use of the fact that the cuxs binary on InterSystems Corp. Cache management system executes a binary as root without that binary having a static path.
329a7a5129be9aefbe9ce9427f75d63eGkrellmd 2.1.10 remote exploit with shellcode that does kill(-1,9) then an exit. Written for Linux and tested on Slackware 9.
4ccf4b85bdadaaaeea4abd31891779f4Gkrellmd 2.1.10 remote exploit with connect back shellcode. Tested on FreeBSD 4.8.
19d0e595e3075a1352589025fa029087Exploit for Elm version ko-elm-2.4h4.1, the Korean release, that yields gid of bin. Old vulnerability related to this is here. Tested against FreeBSD 4.7.
0d17996f879f53f34e331038462c23b4
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed