477 matches found
Updated proftpd packages fix security vulnerabilities
Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...
FreshFTP 5.52 - '.qfl' Crash (PoC)
Exploit Title: FreshFTP .QFL Local DOSWhile Parsing. Date: 9/15/2015 Exploit Author: UnN0n Software Vendor : http://www.freshwebmaster.com/ Software Link: http://www.freshwebmaster.com/download.html Version: 5.52 Tested on: Windows 7 x8632 BIT Steps to Produce the Crash: 1- Goto Directory in whic...
FreshFTP 5.52 - .qfl Crash (PoC)
FreshFTP 5.52 - .qfl Crash PoC Exploit Title: FreshFTP .QFL Local DOSWhile Parsing. Date: 9/15/2015 Exploit Author: UnN0n Software Vendor : http://www.freshwebmaster.com/ Software Link: http://www.freshwebmaster.com/download.html Version: 5.52 Tested on: Windows 7 x8632 BIT Steps to Produce the...
Multiprotocol Network Emulator – Simulator: IMUNES
IMUNES GUI is a simple Tcl/Tk based management console, allowing for specification and management of virtual network topologies. The emulation execution engine itself operates within the operating system kernel. Univesity of Zagreb developed a realistic network topology emulation / simulation...
Juniper Junos Denial of Service Vulnerability (CNVD-2015-04949)
Juniper Networks JUNOS is an operating system that runs on Juniper Networks' line of border routers and more. A denial of service vulnerability exists in Juniper Junos that allows remote attackers to send specially crafted requests that can consume large amounts of CPU resources and cause denial ...
wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates pathnames from file name patterns used by the shell, eg...
PHP <= 5.2.1 hash_update_file() Freed Resource Usage Exploit
No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...
Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)
A denial of service vulnerability has been reported in Apache Tomcat. This vulnerability is due to Tomcat not discarding any extensions included in very long Chunked-transfer requests, even if they were not processed. A remote attacker could exploit this vulnerability by sending a large amount of...
PT-2013-3916 · Schneider Electric · Schneider Electric M340
Name of the Vulnerable Software and Affected Versions: Schneider Electric M340 PLC modules affected versions not specified Description: The issue allows remote attackers to cause a denial of service through resource consumption via unspecified vectors. The vendor reportedly disputes this issue,...
Assassin DoS 2.0.3 - Created By MaxPainCode
Assassin DoS 2.0.3 - Created By MaxPainCode MaxPainCode develop a new dos tool is based on a new attack that uses HTTP Flood to get the site down, this will work if you try with big dedicated server. Another Feature of Assassin DoS is that it will not take all your resources as the most DoS do...
MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability
MOPS-2010-001: PHP hashupdatefile Already Freed Resource Access Vulnerability May 1st, 2010 During Month of PHP Bugs in 2007 the same vulnerability was already disclosed to the general public. Because the issue remained unfixed for three years the Month of PHP Security 2010 starts with this old...
MOPB-already.txt
?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...
PHP 5.2.1 - hash_update_file() Freed Resource Usage
PHP 5.2.1 - hashupdatefile Freed Resource Usage ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the...
MyDNS: Denial of service
Background MyDNS is a DNS server using a MySQL database as a backend. It is designed to allow for fast updates and small resource usage. Description MyDNS contains an unspecified flaw that may allow a remote Denial of Service. Impact An attacker could cause a Denial of Service by sending malforme...
CesarFTP 0.99 : 100% employment of computer resources
Application: CesarFTP http://www.aclogic.com/ Version: 0.99e Bug: 100 employment of computer resources Author: intuit e-mail: [email protected] web: http://rootshells.tk/ 1. Description 2. The bug 3. The fix ^^^^^^^^^^^^^^^^ 1. Description: ^^^^^^^^^^^^^^^^ Vendor's Description: "CesarFTP is a...
WU-FTPD 2.4/2.5/2.6 / Trolltech ftpd 1.2 / ProFTPd 1.2 / BeroFTPD 1.3.4 FTP - glob Expansion
source: https://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates pathnames from file name patterns used by the shell, eg. wildcards denoted by and ?,...
Novell Groupwise Enhancement Pack 5.5 Enhancement Pack - Denial of Service
Novell Groupwise Enhancement Pack 5.5 Enhancement Pack - Denial of Service source: https://www.securityfocus.com/bid/972/info By requesting a long URL from a Novell Groupwise 5.5 webserver with the Enhancement Pack installed, it is possible to cause the server to abend, the Java.nlm to take up al...