stop perpetuating the ambiguity!
git-svn-id: file:///home/svn/framework3/trunk@9262 4d416f70-5f16-0410-b530-b9f4589650daunstable
Joshua Drake
parent
d7c99b107c
commit
128e0515ef
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Microsoft Plug and Play Service Registry Overflow',
|
||||
'Description' => %q{
|
||||
This module triggers a stack overflow in the Windows Plug
|
||||
This module triggers a stack buffer overflow in the Windows Plug
|
||||
and Play service. This vulnerability can be exploited on
|
||||
Windows 2000 without a valid user account. Since the PnP
|
||||
service runs inside the service.exe process, this module
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'XTACACSD <= 4.1.2 report() Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in XTACACSD <= 4.1.2. By
|
||||
This module exploits a stack buffer overflow in XTACACSD <= 4.1.2. By
|
||||
sending a specially crafted XTACACS packet with an overly long
|
||||
username, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Linksys apply.cgi buffer overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in apply.cgi on the Linksys WRT54G and WRT54GS routers.
|
||||
This module exploits a stack buffer overflow in apply.cgi on the Linksys WRT54G and WRT54GS routers.
|
||||
According to iDefense who discovered this vulnerability, all WRT54G versions prior to
|
||||
4.20.7 and all WRT54GS version prior to 1.05.2 may be be affected.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'PeerCast <= 0.1216 URL Handling Buffer Overflow (linux)',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in PeerCast <= v0.1216.
|
||||
This module exploits a stack buffer overflow in PeerCast <= v0.1216.
|
||||
The vulnerability is caused due to a boundary error within the
|
||||
handling of URL parameters.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Snort Back Orifice Pre-Preprocessor Remote Exploit',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Back Orifice pre-processor module
|
||||
This module exploits a stack buffer overflow in the Back Orifice pre-processor module
|
||||
included with Snort versions 2.4.0, 2.4.1, 2.4.2, and 2.4.3. This vulnerability could
|
||||
be used to completely compromise a Snort sensor, and would typically gain an attacker
|
||||
full root or administrative privileges.
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ require 'msf/core'
|
|||
super(update_info(info,
|
||||
'Name' => 'GLD (Greylisting Daemon) Postfix Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Salim Gasmi
|
||||
This module exploits a stack buffer overflow in the Salim Gasmi
|
||||
GLD <= 1.4 greylisting daemon for Postfix. By sending an
|
||||
overly long string the stack can be overwritten.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Borland InterBase INET_connect() Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Borland InterBase
|
||||
This module exploits a stack buffer overflow in Borland InterBase
|
||||
by sending a specially crafted service attach request.
|
||||
},
|
||||
'Version' => '$Revision$',
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Borland InterBase jrd8_create_database() Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Borland InterBase
|
||||
This module exploits a stack buffer overflow in Borland InterBase
|
||||
by sending a specially crafted create request.
|
||||
},
|
||||
'Version' => '$Revision$',
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Borland InterBase open_marker_file() Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Borland InterBase
|
||||
This module exploits a stack buffer overflow in Borland InterBase
|
||||
by sending a specially crafted attach request.
|
||||
},
|
||||
'Version' => '$Revision$',
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Borland InterBase PWD_db_aliased() Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Borland InterBase
|
||||
This module exploits a stack buffer overflow in Borland InterBase
|
||||
by sending a specially crafted attach request.
|
||||
},
|
||||
'Version' => '$Revision$',
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'MySQL yaSSL SSL Hello Message Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the yaSSL (1.7.5 and earlier)
|
||||
This module exploits a stack buffer overflow in the yaSSL (1.7.5 and earlier)
|
||||
implementation bundled with MySQL <= 6.0. By sending a specially crafted
|
||||
Hello packet, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# case, it will point to the beginning. The ! is there to make the
|
||||
# alphanumeric shellcode execute easily. (This is why we need an offset
|
||||
# of 3 in the payload).
|
||||
itms_base_url << "/:!?" # Truncate the stack overflow and prep for payload
|
||||
itms_base_url << "/:!?" # Truncate the stack buffer overflow and prep for payload
|
||||
itms_base_url << p # Wooooooo! Payload time.
|
||||
# We drop on a few extra bytes as the last few bytes can sometimes be
|
||||
# corrupted.
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Novell NetWare LSASS CIFS.NLM Driver Stack Overflow',
|
||||
'Name' => 'Novell NetWare LSASS CIFS.NLM Driver Stack Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the NetWare CIFS.NLM driver.
|
||||
This module exploits a stack buffer overflow in the NetWare CIFS.NLM driver.
|
||||
Since the driver runs in the kernel space, a failed exploit attempt can
|
||||
cause the OS to reboot.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'AppleFileServer LoginExt PathName Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the AppleFileServer service
|
||||
This module exploits a stack buffer overflow in the AppleFileServer service
|
||||
on MacOS X. This vulnerability was originally reported by Atstake and
|
||||
was actually one of the few useful advisories ever published by that
|
||||
company. You only have one chance to exploit this bug.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Arkeia Backup Client Type 77 Overflow (Mac OS X)',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Arkeia backup
|
||||
This module exploits a stack buffer overflow in the Arkeia backup
|
||||
client for the Mac OS X platform. This vulnerability affects
|
||||
all versions up to and including 5.3.3 and has been tested
|
||||
with Arkeia 5.3.1 on Mac OS X 10.3.5.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'WebSTAR FTP Server USER Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the logging routine
|
||||
This module exploits a stack buffer overflow in the logging routine
|
||||
of the WebSTAR FTP server. Reliable code execution is
|
||||
obtained by a series of hops through the System library.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Symantec Alert Management System Intel Alert Originator Service Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Intel Alert Originator Service msgsys.exe.
|
||||
This module exploits a stack buffer overflow in Intel Alert Originator Service msgsys.exe.
|
||||
When an attacker sends a specially crafted alert, arbitrary code may be executed.
|
||||
},
|
||||
'Author' => [ 'MC' ],
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Symantec Remote Management Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Symantec Client Security 3.0.x.
|
||||
This module exploits a stack buffer overflow in Symantec Client Security 3.0.x.
|
||||
This module has only been tested against Symantec Client Security 3.0.2
|
||||
build 10.0.2.2000.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Arkeia Backup Client Type 77 Overflow (Win32)',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Arkeia backup
|
||||
This module exploits a stack buffer overflow in the Arkeia backup
|
||||
client for the Windows platform. This vulnerability affects
|
||||
all versions up to and including 5.3.3.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,11 +20,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Veritas Backup Exec Windows Remote Agent Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Veritas
|
||||
This module exploits a stack buffer overflow in the Veritas
|
||||
BackupExec Windows Agent software. This vulnerability occurs
|
||||
when a client authentication request is received with type
|
||||
'3' and a long password argument. Reliable execution is
|
||||
obtained by abusing the stack overflow to smash a SEH
|
||||
obtained by abusing the stack buffer overflow to smash a SEH
|
||||
pointer.
|
||||
},
|
||||
'Author' => [ 'hdm' ],
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA BrightStor HSM Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits one of the multiple stack overflows in Computer Associates BrightStor HSM.
|
||||
This module exploits one of the multiple stack buffer overflows in Computer Associates BrightStor HSM.
|
||||
By sending a specially crafted request, an attacker could overflow the buffer and execute arbitrary code.
|
||||
},
|
||||
'Author' => [ 'toto' ],
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup
|
||||
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup
|
||||
for Laptops & Desktops 11.1. By sending a specially crafted request, an attacker could
|
||||
overflow the buffer and execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup
|
||||
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup
|
||||
for Laptops & Desktops 11.1. By sending a specially crafted request, an attacker could
|
||||
overflow the buffer and execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup
|
||||
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup
|
||||
for Laptops & Desktops 11.1. By sending a specially crafted request (rxsUseLicenseIni), an
|
||||
attacker could overflow the buffer and execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA BrightStor ARCserve License Service GCR NETWORK Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup 11.0.
|
||||
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup 11.0.
|
||||
By sending a specially crafted request to the lic98rmtd.exe service, an attacker
|
||||
could overflow the buffer and execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -18,9 +18,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'CA BrightStor ArcServe Media Service Stack Overflow',
|
||||
'Name' => 'CA BrightStor ArcServe Media Service Stack Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This exploit targets a stack overflow in the MediaSrv RPC service of CA
|
||||
This exploit targets a stack buffer overflow in the MediaSrv RPC service of CA
|
||||
BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker
|
||||
can overflow a stack buffer and execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA BrightStor ARCserve Tape Engine Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Computer Associates BrightStor ARCserve Backup
|
||||
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup
|
||||
r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow
|
||||
the buffer and execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Amaya Browser v11.0 bdo tag overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Amaya v11 Browser.
|
||||
This module exploits a stack buffer overflow in the Amaya v11 Browser.
|
||||
By sending an overly long string to the "bdo"
|
||||
tag, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Apple ITunes 4.7 Playlist Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Apple ITunes 4.7
|
||||
This module exploits a stack buffer overflow in Apple ITunes 4.7
|
||||
build 4.7.0.42. By creating a URL link to a malicious PLS
|
||||
file, a remote attacker could overflow a buffer and execute
|
||||
arbitrary code. When using this module, be sure to set the
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Ask.com Toolbar 4.0.2.53.
|
||||
This module exploits a stack buffer overflow in Ask.com Toolbar 4.0.2.53.
|
||||
An attacker may be able to excute arbitrary code by sending an overly
|
||||
long string to the "ShortFormat()" method in askbar.dll.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'AtHocGov IWSAlerts ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in AtHocGov IWSAlerts. When
|
||||
This module exploits a stack buffer overflow in AtHocGov IWSAlerts. When
|
||||
sending an overly long string to the CompleteInstallation() method of AtHocGovTBr.dll
|
||||
(6.1.4.36) an attacker may be able to execute arbitrary code. This
|
||||
vulnerability was silently patched by the vendor.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'RKD Software BarCodeAx.dll v4.9 ActiveX Remote Stack Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in RKD Software Barcode Application
|
||||
This module exploits a stack buffer overflow in RKD Software Barcode Application
|
||||
ActiveX Control 'BarCodeAx.dll'. By sending an overly long string to the BeginPrint
|
||||
method of BarCodeAx.dll v4.9, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Creative Software AutoUpdate Engine. When
|
||||
This module exploits a stack buffer overflow in Creative Software AutoUpdate Engine. When
|
||||
sending an overly long string to the cachefolder() property of CTSUEng.ocx
|
||||
an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Electronic Arts SnoopyCtrl
|
||||
This module exploits a stack buffer overflow in Electronic Arts SnoopyCtrl
|
||||
ActiveX Control (NPSnpy.dll 1.1.0.36. When sending a overly long
|
||||
string to the CheckRequirements() method, an attacker may be able
|
||||
to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'FlipViewer FViewerLoading ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in E-BOOK Systems FlipViewer 4.0.
|
||||
This module exploits a stack buffer overflow in E-BOOK Systems FlipViewer 4.0.
|
||||
The vulnerability is caused due to a boundary error in the
|
||||
FViewerLoading (FlipViewerX.dll) ActiveX control when handling the
|
||||
"LoadOpf()" method.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'EnjoySAP SAP GUI ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in SAP KWEdit ActiveX
|
||||
This module exploits a stack buffer overflow in SAP KWEdit ActiveX
|
||||
Control (kwedit.dll 6400.1.1.41) provided by EnjoySAP GUI. By sending
|
||||
an overly long string to the "PrepareToPostHTML()" method, an attacker
|
||||
may be able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Facebook Photo Uploader 4 ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Facebook Photo Uploader 4.
|
||||
This module exploits a stack buffer overflow in Facebook Photo Uploader 4.
|
||||
By sending an overly long string to the "ExtractIptc()" property located
|
||||
in the ImageUploader4.ocx (4.5.57.0) Control, an attacker may be able to execute
|
||||
arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'GOM Player ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in GOM Player 2.1.6.3499.
|
||||
This module exploits a stack buffer overflow in GOM Player 2.1.6.3499.
|
||||
By sending an overly long string to the "OpenUrl()" method located
|
||||
in the GomWeb3.dll Control, an attacker may be able to execute
|
||||
arbitrary code.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Persits XUpload ActiveX AddFile Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Persits Software Inc's
|
||||
This module exploits a stack buffer overflow in Persits Software Inc's
|
||||
XUpload ActiveX control(version 3.0.0.3) thats included in HP LoadRunner 9.5.
|
||||
By passing an overly long string to the AddFile method, an attacker may be
|
||||
able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'HP LoadRunner 9.0 ActiveX AddFolder Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Persits Software Inc's
|
||||
This module exploits a stack buffer overflow in Persits Software Inc's
|
||||
XUpload ActiveX control(version 2.1.0.1) thats included in HP LoadRunner 9.0.
|
||||
By passing an overly long string to the AddFolder method, an attacker may be
|
||||
able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'IBM Access Support ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in IBM Access Support. When
|
||||
This module exploits a stack buffer overflow in IBM Access Support. When
|
||||
sending an overly long string to the GetXMLValue() method of IbmEgath.dll
|
||||
(3.20.284.0) an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'IBM Lotus Domino Web Access Upload Module Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in IBM Lotus Domino Web Access Upload Module.
|
||||
This module exploits a stack buffer overflow in IBM Lotus Domino Web Access Upload Module.
|
||||
By sending an overly long string to the "General_ServerName()" property located
|
||||
in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute
|
||||
arbitrary code.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Internet Explorer isComponentInstalled Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Internet Explorer. This bug was
|
||||
This module exploits a stack buffer overflow in Internet Explorer. This bug was
|
||||
patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the JuniperSetupDLL.dll
|
||||
This module exploits a stack buffer overflow in the JuniperSetupDLL.dll
|
||||
library which is called by the JuniperSetup.ocx ActiveX control,
|
||||
as part of the Juniper SSL-VPN (IVE) appliance. By specifying an
|
||||
overly long string to the ProductName object parameter, the stack
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Kazaa Altnet Download Manager ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Altnet Download Manager ActiveX
|
||||
This module exploits a stack buffer overflow in the Altnet Download Manager ActiveX
|
||||
Control (amd4.dll) bundled with Kazaa Media Desktop 3.2.7.
|
||||
By sending a overly long string to the "Install()" method, an attacker may be
|
||||
able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Logitech VideoCall ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Logitech VideoCall ActiveX
|
||||
This module exploits a stack buffer overflow in the Logitech VideoCall ActiveX
|
||||
Control (wcamxmp.dll 2.0.3470.448). By sending a overly long string to the
|
||||
"Start()" method, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'iseemedia / Roxio / MGI Software LPViewer ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in LPViewer ActiveX control (LPControll.dll 3.2.0.2). When
|
||||
This module exploits a stack buffer overflow in LPViewer ActiveX control (LPControll.dll 3.2.0.2). When
|
||||
sending an overly long string to the URL() property an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Macrovision InstallShield Update Service Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Macrovision InstallShield Update
|
||||
This module exploits a stack buffer overflow in Macrovision InstallShield Update
|
||||
Service(Isusweb.dll 6.0.100.54472). By passing an overly long ProductCode string to
|
||||
the DownloadAndExecute method, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -18,10 +18,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'McAfee Subscription Manager Stack Overflow',
|
||||
'Name' => 'McAfee Subscription Manager Stack Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a flaw in the McAfee Subscription Manager ActiveX control.
|
||||
Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by
|
||||
Due to an unsafe use of vsprintf, it is possible to trigger a stack buffer overflow by
|
||||
passing a large string to one of the COM-exposed routines, such as IsAppExpired.
|
||||
This vulnerability was discovered by Karl Lynn of eEye.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'McAfee Visual Trace ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the McAfee Visual Trace 3.25 ActiveX
|
||||
This module exploits a stack buffer overflow in the McAfee Visual Trace 3.25 ActiveX
|
||||
Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the
|
||||
"TraceTarget()" method, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'mIRC IRC URL Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in mIRC 6.1. By
|
||||
This module exploits a stack buffer overflow in mIRC 6.1. By
|
||||
submitting an overly long and specially crafted URL to
|
||||
the 'irc' protocol, an attacker can overwrite the buffer
|
||||
and control program execution.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ include Msf::Exploit::Remote::HttpServer::HTML
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)',
|
||||
'Name' => 'Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)',
|
||||
'Description' => %q{
|
||||
This module exploits a buffer overflow vulnerability in the
|
||||
LoadAniIcon() function in USER32.dll. The flaw can be triggered through
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Windows Media Encoder 9. When
|
||||
This module exploits a stack buffer overflow in Windows Media Encoder 9. When
|
||||
sending an overly long string to the GetDetailsString() method of wmex.dll
|
||||
an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow.',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Microsoft's Visual Studio 6.0.
|
||||
This module exploits a stack buffer overflow in Microsoft's Visual Studio 6.0.
|
||||
When passing a specially crafted string to the Mask parameter of the
|
||||
Msmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary
|
||||
code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Microsoft Whale Intelligent Application
|
||||
This module exploits a stack buffer overflow in Microsoft Whale Intelligent Application
|
||||
Gateway Whale Client. When sending an overly long string to CheckForUpdates()
|
||||
method of WhlMgr.dll (3.1.502.64) an attacker may be able to execute
|
||||
arbitrary code.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'NCTAudioFile2 v2.x ActiveX Control SetFormatLikeSample() Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the NCTAudioFile2.Audio ActiveX
|
||||
This module exploits a stack buffer overflow in the NCTAudioFile2.Audio ActiveX
|
||||
Control provided by various audio applications. By sending a overly long
|
||||
string to the "SetFormatLikeSample()" method, an attacker may be able to
|
||||
execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Norton AntiSpam 2004 SymSpamHelper ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Norton AntiSpam 2004. When
|
||||
This module exploits a stack buffer overflow in Norton AntiSpam 2004. When
|
||||
sending an overly long string to the LaunchCustomRuleWizard() method
|
||||
of symspam.dll (2004.1.0.147) an attacker may be able to execute
|
||||
arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the ISAlertDataCOM ActiveX
|
||||
This module exploits a stack buffer overflow in the ISAlertDataCOM ActiveX
|
||||
Control (ISLAert.dll) provided by Symantec Norton Internet Security 2004.
|
||||
By sending a overly long string to the "Get()" method, an attacker may be
|
||||
able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Novell iPrint Client ActiveX Control Date/Time Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Novell iPrint Client 5.30. When
|
||||
This module exploits a stack buffer overflow in Novell iPrint Client 5.30. When
|
||||
passing a specially crafted date/time string via certain parameters to ienipp.ocx
|
||||
an attacker can execute arbitrary code.
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Novell iPrint Client ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Novell iPrint Client 4.26. When
|
||||
This module exploits a stack buffer overflow in Novell iPrint Client 4.26. When
|
||||
sending an overly long string to the ExecuteRequest() property of ienipp.ocx
|
||||
an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Novell iPrint Client ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Novell iPrint Client 4.34. When
|
||||
This module exploits a stack buffer overflow in Novell iPrint Client 4.34. When
|
||||
sending an overly long string to the GetDriverSettings() property of ienipp.ocx
|
||||
an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Novell iPrint Client ActiveX Control target-frame Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Novell iPrint Client 5.30. When
|
||||
This module exploits a stack buffer overflow in Novell iPrint Client 5.30. When
|
||||
passing an overly long string via the "target-frame" parameter to ienipp.ocx
|
||||
an attacker can execute arbitrary code.
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Oracle Document Capture 10g ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Oracle Document Capture 10g (10.1.3.5.0).
|
||||
This module exploits a stack buffer overflow in Oracle Document Capture 10g (10.1.3.5.0).
|
||||
Oracle Document Capture 10g comes bundled with a third party ActiveX control
|
||||
emsmtp.dll (6.0.1.0). When passing a overly long string to the method "SubmitToExpress"
|
||||
an attacker may be able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Orbit Downloader Connecting Log Creation Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Orbit Downloader 2.8.4. When an
|
||||
This module exploits a stack buffer overflow in Orbit Downloader 2.8.4. When an
|
||||
attacker serves up a malicious web site, abritrary code may be executed.
|
||||
The PAYLOAD windows/shell_bind_tcp works best.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in RealOne Player V2 Gold Build 6.0.11.853 and
|
||||
This module exploits a stack buffer overflow in RealOne Player V2 Gold Build 6.0.11.853 and
|
||||
RealPlayer 10.5 Build 6.0.12.1483. By sending an overly long string to the "Import()"
|
||||
method, an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'RealNetworks RealPlayer SMIL Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in RealNetworks RealPlayer 10 and 8.
|
||||
This module exploits a stack buffer overflow in RealNetworks RealPlayer 10 and 8.
|
||||
By creating a URL link to a malicious SMIL file, a remote attacker could
|
||||
overflow a buffer and execute arbitrary code.
|
||||
When using this module, be sure to set the URIPATH with an extension of '.smil'.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'SAP AG SAPgui EAI WebViewer3D Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Siemens Unigraphics Solutions
|
||||
This module exploits a stack buffer overflow in Siemens Unigraphics Solutions
|
||||
Teamcenter Visualization EAI WebViewer3D ActiveX control that is bundled
|
||||
with SAPgui. When passing an overly long string the SaveViewToSessionFile()
|
||||
method, arbitrary code may be executed.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'SoftArtisans XFile FileManager ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in SoftArtisans XFile FileManager ActiveX control
|
||||
This module exploits a stack buffer overflow in SoftArtisans XFile FileManager ActiveX control
|
||||
(SAFmgPwd.dll 2.0.5.3). When sending an overly long string to the GetDriveName() method
|
||||
an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'SonicWall SSL-VPN NetExtender ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in SonicWall SSL-VPN NetExtender.
|
||||
This module exploits a stack buffer overflow in SonicWall SSL-VPN NetExtender.
|
||||
By sending an overly long string to the "AddRouteEntry()" method located
|
||||
in the NELaunchX.dll (1.0.0.26) Control, an attacker may be able to execute
|
||||
arbitrary code.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Symantec Altiris Deployment Solution ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Symantec Altiris Deployment Solution.
|
||||
This module exploits a stack buffer overflow in Symantec Altiris Deployment Solution.
|
||||
When sending an overly long string to RunCmd() method of
|
||||
AeXNSConsoleUtilities.dll (6.0.0.1426) an attacker may be able to execute arbitrary
|
||||
code.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Symantec BackupExec Calendar Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Symantec BackupExec Calendar Control.
|
||||
This module exploits a stack buffer overflow in Symantec BackupExec Calendar Control.
|
||||
By sending an overly long string to the "_DOWText0" property located
|
||||
in the pvcalendar.ocx control, an attacker may be able to execute
|
||||
arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Symantec ConsoleUtilities ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Symantecs ConsoleUtilities.
|
||||
This module exploits a stack buffer overflow in Symantecs ConsoleUtilities.
|
||||
By sending an overly long string to the "BrowseAndSaveFile()" method located
|
||||
in the AeXNSConsoleUtilities.dll (6.0.0.1846) Control, an attacker may be able to
|
||||
execute arbitrary code
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Trend Micro OfficeScan Client ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Trend Micro OfficeScan
|
||||
This module exploits a stack buffer overflow in Trend Micro OfficeScan
|
||||
Corporate Edition 7.3. By sending an overly long string to the
|
||||
"CgiOnUpdate()" method located in the OfficeScanSetupINI.dll Control,
|
||||
an attacker may be able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the vcst_eu.dll
|
||||
This module exploits a stack buffer overflow in the vcst_eu.dll
|
||||
FileTransfer Module (1.0.0.5) ActiveX control in the Tumbleweed
|
||||
SecureTransport suite. By sending an overly long string to the
|
||||
TransferFile() 'remotefile' function, an attacker may be able
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Winamp Ultravox Streaming Metadata (in_mp3.dll) Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Winamp 5.24. By
|
||||
This module exploits a stack buffer overflow in Winamp 5.24. By
|
||||
sending an overly long artist tag, a remote attacker may
|
||||
be able to execute arbitrary code. This vulnerability can be
|
||||
exploited from the browser or the winamp client itself.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'WinDVD7 IASystemInfo.DLL ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in IASystemInfo.dll ActiveX
|
||||
This module exploits a stack buffer overflow in IASystemInfo.dll ActiveX
|
||||
control in InterVideo WinDVD 7. By sending a overly long string
|
||||
to the "ApplicationType()" property, an attacker may be able to
|
||||
execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'XMPlay 3.3.0.4 (ASX Filename) Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in XMPlay 3.3.0.4.
|
||||
This module exploits a stack buffer overflow in XMPlay 3.3.0.4.
|
||||
The vulnerability is caused due to a boundary error within
|
||||
the parsing of playlists containing an overly long file name.
|
||||
This module uses the ASX file format.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Yahoo! Messenger ActiveX
|
||||
This module exploits a stack buffer overflow in the Yahoo! Messenger ActiveX
|
||||
Control (YVerInfo.dll <= 2006.8.24.1). By sending a overly long string
|
||||
to the "fvCom()" method from a yahoo.com domain, an attacker may be able
|
||||
to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Yahoo! Messenger 8.1.0.249 ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Yahoo! Webcam Upload ActiveX
|
||||
This module exploits a stack buffer overflow in the Yahoo! Webcam Upload ActiveX
|
||||
Control (ywcupl.dll) provided by Yahoo! Messenger version 8.1.0.249.
|
||||
By sending a overly long string to the "Server()" method, and then calling
|
||||
the "Send()" method, an attacker may be able to execute arbitrary code.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Microsoft RPC DCOM Interface Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the RPCSS service, this vulnerability
|
||||
This module exploits a stack buffer overflow in the RPCSS service, this vulnerability
|
||||
was originally found by the Last Stage of Delirium research group and has been
|
||||
widely exploited ever since. This module can exploit the English versions of
|
||||
Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Microsoft Message Queueing Service Path Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the RPC interface
|
||||
This module exploits a stack buffer overflow in the RPC interface
|
||||
to the Microsoft Message Queueing service. The offset to the
|
||||
return address changes based on the length of the system
|
||||
hostname, so this must be provided via the 'HNAME' option.
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Microsoft Message Queueing Service DNS Name Path Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the RPC interface
|
||||
This module exploits a stack buffer overflow in the RPC interface
|
||||
to the Microsoft Message Queueing service. This exploit requires
|
||||
the target system to have been configured with a DNS name and
|
||||
for that name to be supplied in the 'DNAME' option. This name does
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the RPC interface
|
||||
This module exploits a stack buffer overflow in the RPC interface
|
||||
of the Microsoft DNS service. The vulnerability is triggered
|
||||
when a long zone name parameter is supplied that contains
|
||||
escaped octal strings. This module is capable of bypassing NX/DEP
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Broadcom Wireless Driver Probe Response SSID Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the Broadcom Wireless driver
|
||||
This module exploits a stack buffer overflow in the Broadcom Wireless driver
|
||||
that allows remote code execution in kernel mode by sending a 802.11 probe
|
||||
response that contains a long SSID. The target MAC address must
|
||||
be provided to use this exploit. The two cards tested fell into the
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'D-Link DWL-G132 Wireless Driver Beacon Rates Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the A5AGU.SYS driver provided
|
||||
with the D-Link DWL-G132 USB wireless adapter. This stack overflow
|
||||
allows remote code execution in kernel mode. The stack overflow is triggered
|
||||
This module exploits a stack buffer overflow in the A5AGU.SYS driver provided
|
||||
with the D-Link DWL-G132 USB wireless adapter. This stack buffer overflow
|
||||
allows remote code execution in kernel mode. The stack buffer overflow is triggered
|
||||
when a 802.11 Beacon frame is received that contains a long Rates information
|
||||
element. This exploit was tested with version 1.0.1.41 of the
|
||||
A5AGU.SYS driver and a D-Link DWL-G132 USB adapter (HW: A2, FW: 1.02). Newer
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'NetGear WG111v2 Wireless Driver Long Beacon Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the NetGear WG111v2 wireless
|
||||
device driver. This stack overflow allows remote code execution in kernel mode.
|
||||
The stack overflow is triggered when a 802.11 Beacon frame is received that
|
||||
This module exploits a stack buffer overflow in the NetGear WG111v2 wireless
|
||||
device driver. This stack buffer overflow allows remote code execution in kernel mode.
|
||||
The stack buffer overflow is triggered when a 802.11 Beacon frame is received that
|
||||
contains more than 1100 bytes worth of information elements.
|
||||
|
||||
This exploit was tested with version 5.1213.6.316 of the WG111v2.SYS driver and
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)',
|
||||
'Name' => 'Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)',
|
||||
'Description' => %q{
|
||||
This module exploits a buffer overflow vulnerability in the
|
||||
LoadAniIcon() function of USER32.dll. The flaw is triggered
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'EMC AlphaStor Agent Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in EMC AlphaStor 3.1.
|
||||
This module exploits a stack buffer overflow in EMC AlphaStor 3.1.
|
||||
By sending a specially crafted message, an attacker may
|
||||
be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'activePDF WebGrabber ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in activePDF WebGrabber 3.8. When
|
||||
This module exploits a stack buffer overflow in activePDF WebGrabber 3.8. When
|
||||
sending an overly long string to the GetStatus() method of APWebGrb.ocx (3.8.2.0)
|
||||
an attacker may be able to execute arbitrary code. This control is not marked safe
|
||||
for scripting, so choose your attack vector accordingly.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA Antivirus Engine CAB Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in CA eTrust Antivirus 8.1.637.
|
||||
This module exploits a stack buffer overflow in CA eTrust Antivirus 8.1.637.
|
||||
By creating a specially crafted CAB file, an an attacker may be able
|
||||
to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'DjVu DjVu_ActiveX_MSOffice.dll ActiveX ComponentBuffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in DjVu ActiveX Component. When sending an
|
||||
This module exploits a stack buffer overflow in DjVu ActiveX Component. When sending an
|
||||
overly long string to the ImageURL() property of DjVu_ActiveX_MSOffice.dll (3.0)
|
||||
an attacker may be able to execute arbitrary code. This control is not marked safe
|
||||
for scripting, so choose your attack vector accordingly.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'EMC ApplicationXtender (KeyWorks) ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in the KeyWorks KeyHelp Activex Control
|
||||
This module exploits a stack buffer overflow in the KeyWorks KeyHelp Activex Control
|
||||
(KeyHelp.ocx 1.2.3120.0). This Activex Control comes bundled with EMC's
|
||||
Documentation ApplicationXtender 5.4.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'CA eTrust PestPatrol ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in CA eTrust PestPatrol. When
|
||||
This module exploits a stack buffer overflow in CA eTrust PestPatrol. When
|
||||
sending an overly long string to the Initialize() property of ppctl.dll (5.6.7.9)
|
||||
an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'gAlan 0.2.1 Buffer Overflow Exploit',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in gAlan 0.2.1
|
||||
This module exploits a stack buffer overflow in gAlan 0.2.1
|
||||
By creating a specially crafted galan file, an an attacker may be able
|
||||
to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'HTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in HTML Help Workshop 4.74
|
||||
This module exploits a stack buffer overflow in HTML Help Workshop 4.74
|
||||
By creating a specially crafted hhp file, an an attacker may be able
|
||||
to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'HTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in HTML Help Workshop 4.74
|
||||
This module exploits a stack buffer overflow in HTML Help Workshop 4.74
|
||||
By creating a specially crafted hhp file, an an attacker may be able
|
||||
to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'HTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in HTML Help Workshop 4.74
|
||||
This module exploits a stack buffer overflow in HTML Help Workshop 4.74
|
||||
By creating a specially crafted hhp file, an an attacker may be able
|
||||
to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'IDEAL Administration 2009 Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in IDEAL Administration v9.7.
|
||||
This module exploits a stack buffer overflow in IDEAL Administration v9.7.
|
||||
By creating a specially crafted ipj file, an an attacker may be able
|
||||
to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'McAfee Remediation Client ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in McAfee Remediation Agent 4.5.0.41. When
|
||||
This module exploits a stack buffer overflow in McAfee Remediation Agent 4.5.0.41. When
|
||||
sending an overly long string to the DeleteSnapshot() method
|
||||
of enginecom.dll (3.7.0.9) an attacker may be able to execute arbitrary code.
|
||||
This control is not marked safe for scripting, so choose your attack vector accordingly.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)',
|
||||
'Description' => %q{
|
||||
This module exploits a stack overflow in Media Jukebox 8.0.400
|
||||
This module exploits a stack buffer overflow in Media Jukebox 8.0.400
|
||||
By creating a specially crafted m3u or pls file, an an attacker may be able
|
||||
to execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue