Section: .. / 1001-exploits /
| /// File Name: |
momecms-sql.txt |
Description:
|
MoME CMS versions 0.8.5 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
| | Author: | cr4wl3r | | File Size: | 750 | | Last Modified: | Jan 17 17:33:15 2010 |
| MD5 Checksum: | 34a6b764dfc62aa2bd09cbba83df1aac |
|
| /// File Name: |
mp3studio1x-overflow.txt |
Description:
|
MP3 Studio version 1.x local stack overflow exploit that creates a malicious .m3u file.
| | Author: | NeoCortex | | Related Exploit: | mp3studio-overflow.txt | | File Size: | 2494 | | Last Modified: | Jan 19 21:24:28 2010 |
| MD5 Checksum: | d44f2b6f2c13ac5e78a98c767d73e578 |
|
| /// File Name: |
mp3studio1xuniv-overflow.txt |
Description:
|
MP3 Studio version 1.x universal local stack overflow exploit that creates a malicious .m3u file.
| | Author: | D3V!L FUCKER,D3V!L FucK3r | | File Size: | 2098 | | Last Modified: | Jan 20 17:51:54 2010 |
| MD5 Checksum: | 821ea74c480aa38fc96bc4adc149712c |
|
| /// File Name: |
mp3tagger-dos.txt |
Description:
|
MP3 Tagger version 1.29 local denial of service proof of concept exploit that creates a malicious .m3u file.
| | Author: | SkuLL-HacKeR | | File Size: | 654 | | Last Modified: | Jan 24 15:06:53 2010 |
| MD5 Checksum: | ccf81401ac70a5442763e1465baa90b5 |
|
| /// File Name: |
mp4-crash.txt |
Description:
|
MP4 Player version 4.0 local crash proof of concept exploit.
| | Author: | sarbot511 | | File Size: | 390 | | Last Modified: | Jan 3 20:55:37 2010 |
| MD5 Checksum: | 707954ebd200f49dee46acd3ba46cc20 |
|
| /// File Name: |
mrdomain-xss.txt |
Description:
|
The Arabic version of Mr.Domain suffers from a cross site scripting vulnerability.
| | Author: | indoushka | | File Size: | 3257 | | Last Modified: | Jan 3 21:10:23 2010 |
| MD5 Checksum: | 3f8ae0afc647264ebb51bcb182234ef6 |
|
| /// File Name: |
ms09_004_sp_replwritetovarbin.rb.tx..> |
Description:
|
A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. This exploit smashes several pointers, as shown below. 1. pointer to a 32-bit value that is set to 0 2. pointer to a 32-bit value that is set to a length influenced by the buffer length. 3. pointer to a 32-bit value that is used as a vtable pointer. In MSSQL 2000, this value is referenced with a displacement of 0x38. For MSSQL 2005, the displacement is 0x10. The address of our buffer is conveniently stored in ecx when this instruction is executed. 4. On MSSQL 2005, an additional vtable ptr is smashed, which is referenced with a displacement of 4. This pointer is not used by this exploit. There are two different methods used by this exploit, which have been named "writeNcall" and "sprayNbrute". The first, "writeNcall", was published by k`sOSe on Dec 17 2008. It uses pointers 2 and 3, as well as a writeable address. This method is quite reliable. However, it relies on the the operation on pointer 2. Newer versions of SQL server (>= 2000 SP3 at least) use a length value that is 8-byte aligned. This imposes a restriction that the code address that leads to the payload (jmp ecx in this case) must match the regex '.[08].[08].[08].[08]'. Unfortunately, no such addresses were found in memory. For this reason, the second method, "sprayNbrute" is used. First a heap-spray is used to prime memory with lots of copies of the address of our code that leads to the payload (jmp ecx). Next, brute force is used to try to guess a value for pointer 3 that points to the sprayed data. A new method of spraying the heap inside MSSQL is presented. Sadly, it only allows the creation of a bunch of 8000 byte buffers.
| | Author: | jduck | | Homepage: | http://www.metasploit.com | | File Size: | 13781 | | Related OSVDB(s): | 50589 | | Related CVE(s): | CVE-2008-5416 | | Last Modified: | Jan 5 18:48:01 2010 |
| MD5 Checksum: | a6ba5011db5fd353bf27497da463eaa4 |
|
| /// File Name: |
msanimated-overflow.txt |
Description:
|
Microsoft Animated Cursor .ANI buffer overflow exploit written in Perl.Works on Windows XP SP2.
| | Author: | Jacky | | File Size: | 2605 | | Last Modified: | Jan 15 19:32:45 2010 |
| MD5 Checksum: | 9b2cc416a644300ebee98679a97eb9fa |
|
| /// File Name: |
msdef1-overflow.txt |
Description:
|
Microsoft Windows Defender Active-X heap overflow proof of concept exploit. Version 1 of this exploit.
| | Author: | sarbot511 | | File Size: | 712 | | Last Modified: | Jan 19 22:18:21 2010 |
| MD5 Checksum: | 5d145527e174a502eb45b1e5aea847f5 |
|
| /// File Name: |
msdef2-overflow.txt |
Description:
|
Microsoft Windows Defender Active-X heap overflow proof of concept exploit. Version 2 of this exploit.
| | Author: | sarbot511 | | File Size: | 754 | | Last Modified: | Jan 19 22:19:32 2010 |
| MD5 Checksum: | 657fc39980268f8aa7dfbda6a7b8b2d2 |
|
| /// File Name: |
mshtmlhelp-overflow.txt |
Description:
|
Microsoft HTML Help Compiler buffer overflow proof of concept exploit.
| | Author: | sasquatch | | File Size: | 2521 | | Last Modified: | Jan 7 00:00:25 2010 |
| MD5 Checksum: | 23d25d92c1cffe6701d33d4f87443c56 |
|
| /// File Name: |
msie67-crash.txt |
Description:
|
Microsoft Internet Explorer versions 6 and 7 local crash exploit.
| | Author: | Pouya Daneshmand | | File Size: | 758 | | Last Modified: | Jan 27 09:01:56 2010 |
| MD5 Checksum: | 1263a34d2a308d13be165e3c0a8bf136 |
|
| /// File Name: |
msn-activex.txt |
Description:
|
Windows Live Messenger 2009 ActiveX heap overflow proof of concept exploit.
| | Author: | sarbot511 | | File Size: | 778 | | Last Modified: | Jan 22 02:47:51 2010 |
| MD5 Checksum: | dc22c01c49260efec1cac4957f875159 |
|
| /// File Name: |
mswinnt-pwn.txt |
Description:
|
Microsoft Windows suffers from an user mode to ring 0 escalation vulnerability.
| | Author: | Tavis Ormandy | | File Size: | 10770 | | Related CVE(s): | CVE-2010-0232 | | Last Modified: | Jan 19 22:32:17 2010 |
| MD5 Checksum: | c93d900c86af294c53bf634faa96fc7c |
|
| /// File Name: |
myphpnukepr-sql.txt |
Description:
|
myPHPNuke suffers from a remote SQL injection vulnerability.
| | Author: | Gamoscu | | Related Exploit: | myphpnukepfp-sql.txt | | File Size: | 877 | | Last Modified: | Jan 15 16:03:57 2010 |
| MD5 Checksum: | 5b0f01521f91332a8e2a284028de0513 |
|
| /// File Name: |
mysmartbb-xss.txt |
Description:
|
MySmartBB version 1.7.9 suffers from a cross site scripting vulnerability.
| | Author: | AnGrY BoY | | File Size: | 1378 | | Last Modified: | Jan 18 20:24:59 2010 |
| MD5 Checksum: | d4b225a796fcdbaca14be49890fcc000 |
|
| /// File Name: |
mysql_yassl_hello.rb.txt |
Description:
|
This Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.
| | Author: | MC | | Homepage: | http://www.metasploit.com | | File Size: | 2438 | | Related OSVDB(s): | 41195 | | Related CVE(s): | CVE-2008-0226 | | Last Modified: | Jan 27 13:46:19 2010 |
| MD5 Checksum: | e84c81f804d3eb481760507625648075 |
|
| /// File Name: |
myteknoloji-disclose.txt |
Description:
|
Myteknoloji Hosting Scripti suffers from a remote database download vulnerability.
| | Author: | LionTurk | | File Size: | 1848 | | Last Modified: | Jan 4 19:48:28 2010 |
| MD5 Checksum: | 242faf010d775506f3a344c4aded1d9c |
|
| /// File Name: |
myuploader-shell.txt |
Description:
|
MyUploader suffers from a remote shell upload vulnerability.
| | Author: | S2K9 | | File Size: | 744 | | Last Modified: | Jan 6 23:02:11 2010 |
| MD5 Checksum: | 3f8748d71732ac9e32e520d2af70ca1f |
|
| /// File Name: |
naxtor-xss.txt |
Description:
|
Naxtor Shopping e-Cart version 1.0 suffers from a cross site scripting vulnerability.
| | Author: | indoushka | | File Size: | 3824 | | Last Modified: | Jan 3 20:48:18 2010 |
| MD5 Checksum: | f1eedee9be0becf52bd6de3ca5bbaae5 |
|
| /// File Name: |
NemesisPlayer.pl.txt |
Description:
|
Nemesis Player versions 1.1 Beta and 2.2 local denial of service proof of concept exploit that creates a malicious .nsp file.
| | Author: | Rehan Ahmed | | Homepage: | http://www.rewterz.com/ | | File Size: | 405 | | Last Modified: | Jan 13 22:05:54 2010 |
| MD5 Checksum: | 1da04d2a227421503d3a582189d754ba |
|
| /// File Name: |
neroexpress-overflow.txt |
Description:
|
Nero Express version 7.9.6.4 local heap overflow proof of concept exploit.
| | Author: | D3V!L FucK3r | | File Size: | 571 | | Last Modified: | Jan 3 19:16:43 2010 |
| MD5 Checksum: | 9798b047d79a30c6a620db7bb437755b |
|
| /// File Name: |
netgitar-disclose.txt |
Description:
|
Net Gitar Shop version 1.0 suffers from a database disclosure vulnerability.
| | Author: | indoushka | | File Size: | 2748 | | Last Modified: | Jan 6 22:59:16 2010 |
| MD5 Checksum: | b5647127dc072d2f1eb6abb418b8b078 |
|
| /// File Name: |
netsupportmanager-dos.txt |
Description:
|
Netsupport Manager versions prior to Jan 11, 2010 suffered from a denial of service vulnerability.
| | Author: | Matthew Whitehead | | File Size: | 1013 | | Last Modified: | Jan 27 11:38:41 2010 |
| MD5 Checksum: | c9ccd1470badea64661a168c38cef217 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
