Novell GroupWise Messenger Accept-Language buffer overflow

Added: 04/20/2006 CVE: CVE-2006-0992 BID: 17503 OSVDB: 24617 Background Novell GroupWise includes the Messaging Agent which offers an HTTP service on port 8300/TCP. Problem A buffer overflow in the Messaging Agent allows remote attackers to execute commands by sending a long, specially crafted...

Novell GroupWise Messenger Accept-Language buffer overflow

Added: 04/20/2006 CVE: CVE-2006-0992 BID: 17503 OSVDB: 24617 Background Novell GroupWise includes the Messaging Agent which offers an HTTP service on port 8300/TCP. Problem A buffer overflow in the Messaging Agent allows remote attackers to execute commands by sending a long, specially crafted...

Novell Messenger Server 2.0 - Accept-Language Remote Overflow (Metasploit)

Novell Messenger Server 2.0 - Accept-Language Remote Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the...

Novell Messenger Server 2.0 (Accept-Language) Remote Overflow Exploit

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

Novell Messenger Server 2.0 - 'Accept-Language' Remote Overflow (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

Novell Messenger Server 2.0 (Accept-Language) Remote Overflow Exploit

Exploit for novell platform in category remote exploits ===================================================================== Novell Messenger Server 2.0 Accept-Language Remote Overflow Exploit ===================================================================== This file is part of the Metasplo...

Novell Messenger Server 2.0 Accept-Language Overflow

This module exploits a stack buffer overflow in Novell GroupWise Messenger Server v2.0. This flaw is triggered by any HTTP request with an Accept-Language header greater than 16 bytes. To overwrite the return address on the stack, we must first pass a memcpy operation that uses pointers we supply...

Stack overflow

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the...

CVE-2006-0992

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the...

CVE-2006-0992

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the...

Novell GroupWise Messenger buffer overflow

TC/8300 HTTP request oversized Accept-Language header buffer overflow...

Novell GroupWise Messenger Accept-Language Buffer Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Novell GroupWise Messenger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Novell Messaging Agent, a web server that listens by default on TCP port...

Command injection

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service application crash via certain crafted arguments in a DCC command...

linux/x86 TCP Proxy Shellcode 236 bytes

Exploit for linux/x86 platform in category shellcode ======================================= linux/x86 TCP Proxy Shellcode 236 bytes ======================================= // proxylib.c - is located at http://www.milw0rm.com/id.php?id=1476 /str0ke / hey all.. this is my attempt at a very small...

solaris/sparc portbind (port 6666) 240 bytes

No description provided by source. / [email protected] portbind shellcode full description of how it was done and defines at http://www.telegenetic.net/sparc-shellcode.htm / char shellcode= "\x9A\x1A\x40\x09" / xor %o1, %o1, %o5 / "\x90\x10\x20\x02" / mov PFINET, %o0 / "\x92\x10\x20\x02" / mo...

DEBIAN-CVE-2005-3347

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. dot dot sequences in the 1 sensorprogram parameter or the 2...

DEBIAN-CVE-2005-3409

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service segmentation fault by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler...

DEBIAN-CVE-2005-2317

Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLISTTTL is greater than 0 or MACLISTDISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies...

CVE-2005-1634

Multiple cross-site scripting XSS vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 anzahlbeitraege parameter to jgsportal.php, 2 year parameter to jgsportalstatistik.php, 3 year parameter to jgsportalbeitraggraf.php, 4...

windows/XP-sp1 portshell on port 58821 116 bytes

windows/XP-sp1 portshell on port 58821 116 bytes. Shellcode exploit for win32 platform / 116 bytes bindcode hardcoded for Windows XP SP1 / / but you can change the address if you want / / i made it pretty clear where they are / / the bindcode will bind to port 58821 / / by silicon /...