This Metasploit module exploits a stack overflow in IBM Access Support. When sending an overly long string to the GetXMLValue() method of IbmEgath.dll (3.20.284.0) an attacker may be able to execute arbitrary code.
ae89bc47ce4a110b625d4804e0b474e1977905e651b187e5f6987d00e50e120fThis Metasploit module exploits a stack overflow in IBM Lotus Domino Web Access Upload Module. By sending an overly long string to the "General_ServerName()" property located in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute arbitrary code.
db688071a11a57ace62f20772c549782d9dff2fc8a961055995a997b12f772dfThis Metasploit module exploits a buffer overflow in the header parsing of icecast, discovered by Luigi Auriemma. Sending 32 HTTP headers will cause a write one past the end of a pointer array.
f52566cdec54b398c8bf936c7c78edca800747f33139bbed5058021572328958This Metasploit module exploits a stack overflow in Internet Explorer. This bug was patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC.
5033e002a24ff1bb12912fdbd65bf54856f11e553edfa19caf2a0a3e7345e52dThis exploit takes advantage of the "Initialize and script ActiveX controls not marked safe for scripting" setting within Internet Explorer.
9c2c975c9348a733f16be7b8211fcc06609bf9a7375f942bb2e25d42bfa97d2fThis Metasploit module exploits a vulnerability in the data binding feature of Internet Explorer. In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create a fake vtable at a known location with all methods pointing to our payload. Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.
53c60ed102e30232619000346bbfebeb96526a4e990b06ce6a59725cc16ec53fThis Metasploit module exploits a buffer overflow in the 'DELETE' command of the the IMail IMAP4D service. This vulnerability can only be exploited with a valid username and password. This flaw was patched in version 8.14.
45c28e289d7ca094f36d717ca5ca385e07a8e3e5009cc9c204983f07644fceb0This exploits a buffer overflow in the LDAP service that is part of the IMail product. This Metasploit module was tested against version 7.10 and 8.5, both running on Windows 2000.
b4f794bccff29a6eb0d734b29a0e9d29ea74b7a89d2253dece12524d1517c0dfThis Metasploit module exploits a stack overflow in Ipswitch IMail Server 2006.1 IMAP SEARCH verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. In order for this module to be successful, the IMAP user must have at least one message.
0757ecb74978f93cacdc4418ef7c38cab531545bd9b32a8f39f8239a920240bfThis Metasploit module exploits a buffer overflow in IPswitch WhatsUp Gold 8.03. By posting a long string for the value of 'instancename' in the _maincfgret.cgi script an attacker can overflow a buffer and execute arbitrary code on the system.
62eb863206132195a6a057fb1d894ec0ce16b0816953299778e3c89dca60d6d1This Metasploit module exploits a stack overflow in the JuniperSetupDLL.dll library which is called by the JuniperSetup.ocx ActiveX control, as part of the Juniper SSL-VPN (IVE) appliance. By specifying an overly long string to the ProductName object parameter, the stack is overwritten.
26f61dc73b61764daa3a06c44ab90c018a5f7c37d9a49f838a2c3b1e07f7ce49This Metasploit module exploits a stack overflow in the Altnet Download Manager ActiveX Control (amd4.dll) bundled with Kazaa Media Desktop 3.2.7. By sending a overly long string to the "Install()" method, an attacker may be able to execute arbitrary code.
5d1758e4f31cc274877c0af7ccfe4530b03057a15b64b22f74060f5ae4a1291eThis Metasploit module exploits a stack overflow in Kerio Personal Firewall administration authentication process. This Metasploit module has only been tested against Kerio Personal Firewall 2 (2.1.4).
edc1d978131e3581f43ad5e622fc1cab8073e286badc41b326604e4b3171fa04This Metasploit module exploits a stack overflow in LANDesk Management Suite 8.7. By sending an overly long string to the Alert Service, a buffer is overwritten and arbitrary code can be executed.
712f990a9059b1a0f0767c92cadba2f532dad000c6b43637db954fb565ef2f99This Metasploit module exploits a buffer overflow in the LeapWare LeapFTP v2.7.3.600 client that is triggered through an excessively long PASV reply command. This Metasploit module was ported from the original exploit by drG4njubas with minor improvements.
5e8788d89e903af1ee598af2630dba9de9b353c7d92cd67665efa427f0b0368dThis Metasploit module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup for Laptops & Desktops 11.1. By sending a specially crafted request, an attacker could overflow the buffer and execute arbitrary code.
89dcdea6ef96bdeef448d96e7edf4c62c82b7760d1e36f0672ecbef437a5a680This Metasploit module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup for Laptops & Desktops 11.1. By sending a specially crafted request (rxsUseLicenseIni), an attacker could overflow the buffer and execute arbitrary code.
04d3e370cc91737108c6e8d608ebb3fcf78bcf946260e33678031f2bc2131d3dThis Metasploit module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup for Laptops & Desktops 11.1. By sending a specially crafted request, an attacker could overflow the buffer and execute arbitrary code.
486a807e0edd6cfc7d817fc0b03a32b214d7c2d2f90cbffcbcf4d44c6e14eb11This Metasploit module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup 11.0. By sending a specially crafted request to the lic98rmtd.exe service, an attacker could overflow the buffer and execute arbitrary code.
f898147c81fee57073362e43dcc4cf5fc962db6fc16bd1958616572dabebacf6This Metasploit module exploits a stack overflow in the Logitech VideoCall ActiveX Control (wcamxmp.dll 2.0.3470.448). By sending a overly long string to the "Start()" method, an attacker may be able to execute arbitrary code.
0c7b04e1f849ddc4850c9536ff8dd998900875f3fa62c18765a1cd7361e9fabcThis Metasploit module exploits a stack overflow in LPViewer ActiveX control (LPControll.dll 3.2.0.2). When sending an overly long string to the URL() property an attacker may be able to execute arbitrary code.
8b73bbe7717a92850dc76ef0bd0d73c8f530e698a6786eb3f40fa58199fc8aecThis Metasploit module exploits a weak password vulnerability in the Lyris ListManager MSDE install. During installation, the 'sa' account password is set to 'lminstall'. Once the install completes, it is set to 'lyris' followed by the process ID of the installer. This Metasploit module brute forces all possible process IDs that would be used by the installer.
3e9967373a96f54cda01aebbcdc36aa78a953ebe39d847c90b4f728e4986cdd3This Metasploit module exploits a stack overflow in Macrovision InstallShield Update Service(Isusweb.dll 6.0.100.54472). By passing an overly long ProductCode string to the DownloadAndExecute method, an attacker may be able to execute arbitrary code.
8fd766a299855ccac71b4bf2d08520f11d24d38e7c51849c1037d889c15caf21This Metasploit module allows attackers to execute code via an unsafe methods in Macrovision InstallShield 2008.
4e580a205fec77ecdd48e346ed17a1dde6d1df5f7df8a18eff7102a08400ad01This Metasploit module exploits the MailCarrier v2.51 suite SMTP service. The stack is overwritten when sending an overly long EHLO command.
9def8c6bc7afd6b37a54cfbd536ef1dbea1bda259a7ed818e65302d2b275cfe8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed