MDaemon WorldClient form2raw.cgi Stack Buffer Overflow

This module exploits a stack buffer overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed default, a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When...

VideoLAN VLC Media Player 0.9.9 - smb: URI Stack Buffer Overflow (PoC)

VideoLAN VLC Media Player 0.9.9 - smb: URI Stack Buffer Overflow PoC !/usr/bin/ruby VideoLAN VLC Media Player 0.9.9 smb:// URI Stack-based Buffer Overflow Proof-of-Concept Bugtraq ID: 35500 The vulnerability can also be triggered via the VLC web interface disabled by default:...

Timbuktu Pro < 8.6.7 PlughNTCommand Named Pipe Remote Stack Buffer Overflow

The remote Windows host contains a version of Motorola Inc.'s Timbuktu Pro that is earlier than 8.6.7. Timbuktu Pro allows remote access to a computer's desktop, and versions before 8.6.7 reportedly contain a stack-based buffer overflow that can be triggered when the 'PlughNTCommand' named pipe...

iDefense Security Advisory 06.25.09: Unisys Business Information Server Stack Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 06.25.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 25, 2009 I. BACKGROUND The Unisys Business Information Server is a business information management package providing data access, analysis and reporting for...

TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow

Microsoft Office Excel Malformed Records Stack Buffer Overflow TSL ID : FSC20090609-01 Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01 1. Affected Software Microsoft Office Excel 2000 Microsoft Office Excel 2002 Reference: http://office.microsoft.com/en-us/excel/default.aspx 2...

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH)

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow SEH include include include include include unsigned char rawData = 0x23, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6C, 0x44, 0x4A, 0x20, 0x50, 0x6C, 0x61, 0x79, 0x6C, 0x69, 0x73, 0x74, 0x0D, 0x0A, 0x23, 0x4D, 0x69, 0x78, 0x54, 0x79, 0x70, 0x65,...

AIMP 2.51 build 330 (ID3v1/ID3v2 Tag) Remote Stack BOF PoC (SEH)

Exploit for unknown platform in category dos / poc ================================================================ AIMP 2.51 build 330 ID3v1/ID3v2 Tag Remote Stack BOF PoC SEH ================================================================ | | / | AIMP 2.51 build 330 ID3v1/ID3v2 Tag | /---, |...

AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH)

| | / | AIMP 2.51 build 330 ID3v1/ID3v2 Tag | /---, | Remote Stack Buffer Overflow PoC SEH | ----- ==| | | | : ==| |......................................................| -----'---- | || | ' |==== | /,-,"--"------ //,-, ,-,\\ |/ //,-, ,-, ,-,\ 0 |===|| 0 0 ||- o ' 0 0 0 ||...

AIMP 2.51 build 330 - ID3v1ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH)

AIMP 2.51 build 330 - ID3v1ID3v2 Tag Remote Stack Buffer Overflow PoC SEH | | / | AIMP 2.51 build 330 ID3v1/ID3v2 Tag | /---, | Remote Stack Buffer Overflow PoC SEH | ----- ==| | | | : ==| |......................................................| -----'---- | || | ' |==== | /,-,"--"------ //,-,...

NTP 'ntpd' Autokey栈缓冲区溢出漏洞

Bugraq ID: 35017 CVE ID：CVE-2009-1252 CNCVE ID：CNCVE-20091252 NTP Network Time Protocol是一款客户端用于与时间服务器同步日期和时间的协议。 NTPd在以OpenSSL支持的情况下编译时存在栈缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 ntpd/ntpcrypto.c中cryptorecv函数使用sprintf存在缓冲区溢出，此漏洞需要配置使用autokey才会触发ntpd配置使用公钥加密进行NTP报文验证。远程未授权攻击者可以以ntpd守护程序权限执行任意代码。 Ubuntu...

Microsoft PowerPoint Converter TPrint Record Handling Error (MS09-017; CVE-2009-0227)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A stack buffer overrun vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially crafte...

Microsoft PowerPoint Data Out of Bounds Stack Buffer Overflow (MS09-017; CVE-2009-1128; CVE-2009-1131)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A stack buffer overflow vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading data that is too large from...

ntp -- stack-based buffer overflow

US-CERT reports: ntpd contains a stack buffer overflow which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service...

FreeBSD : libxml2 stack buffer overflow in URI parsing (847ade05-6717-11d8-b321-000a95bc6fae)

Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxm...

Ubuntu 8.04 LTS : firefox-3.0, xulrunner-1.9 regression (USN-645-3)

USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes t...

Elecard AVC HD Player .XPL Stack Buffer Overflow (SEH) PoC

No description provided by source. /ELECARD AVC HD PLAYER STACK BUFFER OVERFLOW SEH OVERWRITE Name: elecard.c CREDITS: the one and only fl0 fl0w 004533AE . F3:A5 REP MOVS DWORD PTR ES:EDI,DWORD PTR DS SEH chain of main thread Address SE handler 0012CB54 FFFFFFFF Open in debugger and you'll see SE...

IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow

This module exploits a stack buffer overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes. This module requires Metasploit: https://metasploit.com/download Current source:...

iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 04.14.09 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 14, 2009 I. BACKGROUND WordPad is a word processing application included with Microsoft Windows. The Word97 converter is used to convert Word97 format...

Elecard AVC HD Player - .XPL Stack Buffer Overflow (SEH) (PoC)

Elecard AVC HD Player - .XPL Stack Buffer Overflow SEH PoC /ELECARD AVC HD PLAYER STACK BUFFER OVERFLOW SEH OVERWRITE Name: elecard.c CREDITS: the one and only fl0 fl0w 004533AE . F3:A5 REP MOVS DWORD PTR ES:EDI,DWORD PTR DS SEH chain of main thread Address SE handler 0012CB54 FFFFFFFF Open in...

Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in Microsoft Whale Intelligent Application Gateway Whale Client. When sending an overly long string to CheckForUpdates method of WhlMgr.dll 3.1.502.64 an attacker may be able to execute arbitrary code. This module requires Metasploit:...