5758 matches found
Citrix Presentation/MetaFrame Server cpprov.dll畸形参数栈缓冲区溢出漏洞
Citrix Presentation Server允许用户通过网络远程访问应用程序。 Citrix Presentation Server的打印提供程序(ccprov.dll)在处理传送给EnumPrintersW和OpenPrinter函数的参数时存在栈溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 如果攻击者能够通过本地API调用或RPC请求向OpenPrinter传送超过130字节的超长字符串做为其第一个参数的话,就可以触发这个溢出,导致在本地系统环境中执行任意代码。 Citrix MetaFrame XP 1.0 Citrix Presentation Server...
Novell NetMail IMAP SUBSCRIBE Buffer Overflow
This module exploits a stack buffer overflow in Novell's NetMail 3.52 IMAP SUBSCRIBE verb. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Mercur Messaging 2005 IMAP Login Buffer Overflow
This module exploits a stack buffer overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results. This module requires Metasploit: https://metasploit.com/download Current source:...
SoftiaCom WMailserver 1.0 Buffer Overflow
This module exploits a stack buffer overflow in SoftiaCom WMailserver 1.0 SMTP via a SEH frame overwrite. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SoftiaCom WMailserver 1.0 Buffer...
Microsoft Internet Explorer isComponentInstalled Overflow
This module exploits a stack buffer overflow in Internet Explorer. This bug was patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
EEYE: Adobe Download Manager AOM Stack Buffer Overflow Vulnerability
eEye Research - http://research.eeye.com Adobe Download Manager AOM Stack Buffer Overflow Vulnerability Release Date: December 5, 2006 Date Reported: November 10, 2006 Severity: High Code Execution Systems Affected: Adobe Download Manager 2.1.x and earlier Overview: eEye Digital Security has...
BlazeVideo HDTV PLF堆栈缓冲区溢出漏洞
BlazeVideo HDTV Player是一款功能强大、简单易用的高清数字电视播放软件。 BlazeVideo HDTV处理plf时存在问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 攻击者可以构建恶意的播放列表文件,诱使用户打开来触发,可导致以应用程序进程权限执行任意指令。 BlazeVideo BlazeVideo HDTV 2.1 目前没有解决方案提供: http://www.blazevideo.com/ / include stdio.h include stdlib.h include string.h int mainint argc, char argv...
Microsoft Plug and Play Service Registry Overflow
This module triggers a stack buffer overflow in the Windows Plug and Play service. This vulnerability can be exploited on Windows 2000 without a valid user account. Since the PnP service runs inside the service.exe process, this module will result in a forced reboot on Windows 2000. Obtaining cod...
MS06-066 Microsoft Services nwwks.dll Module Exploit
This module exploits a stack buffer overflow in the svchost service, when the netware client service is running. This specific vulnerability is in the nwapi32.dll module. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...
MS06-066 Microsoft Services nwapi32.dll Module Exploit
This module exploits a stack buffer overflow in the svchost service when the netware client service is running. This specific vulnerability is in the nwapi32.dll module. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit)
$Id: broadcomwifissid.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow Metasploit $Id: dlinkwifirates.rb 9670 2010-07-03 03:19:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more...
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
$Id: dlinkwifirates.rb 9670 2010-07-03 03:19:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Cesar FTP 0.99g MKD Command Buffer Overflow
This module exploits a stack buffer overflow in the MKD verb in CesarFTP 0.99g. You must have valid credentials to trigger this vulnerability. Also, you only get one chance, so choose your target carefully. This module requires Metasploit: https://metasploit.com/download Current source:...
Omni-NFS Server nfsd.exe栈缓冲区溢出漏洞
Omni-NFS Server可以将Windows机器转换为NFS服务器,这样UNIX用户就可以访问从远程NFS客户端导入Windows资源。 Omni-NFS Server的nfsd.exe在处理接收到的数据时存在边界条件错误,允许攻击者通过发送特制的网络报文触发栈溢出,成功的攻击可能导致执行任意指令。 Xlink Technologies Omni-NFS Server 5.2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.xlink.com/nfsproducts/NFSServer/NFSServer.htm...
Oracle 9i XDB HTTP PASS Overflow (win32)
This module exploits a stack buffer overflow in the authorization code of the Oracle 9i HTTP XDB service. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database XDB, during a seminar on "Variations in exploit methods between Linux and Windows" presented at the...
Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞
Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈(httpstk)没有检查客户端所提供的HTTP Host请求头(如Host: www.host.com)的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞,导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下: define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...
MaxDB WebDBM Database Parameter Overflow
This module exploits a stack buffer overflow in the MaxDB WebDBM service. By sending a specially-crafted HTTP request that contains an overly long database name. A remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the wahttp process. This module h...
US-CERT Vulnerability Note VU#416092
Vulnerability Note VU416092 Microsoft Internet Explorer VML stack buffer overflow Overview Microsoft Internet Explorer IE fails to properly handle Vector Markup Language tags. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. I...
McAfee Subscription Manager Stack Buffer Overflow
This module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack buffer overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of...