TFTPD32 Long Filename Buffer Overflow

This module exploits a stack buffer overflow in TFTPD32 version 2.21 and prior. By sending a request for an overly long file name to the tftpd32 server, a remote attacker could overflow a buffer and execute arbitrary code on the system. This module requires Metasploit:...

Novell Messenger Server 2.0 Accept-Language Overflow

This module exploits a stack buffer overflow in Novell GroupWise Messenger Server v2.0. This flaw is triggered by any HTTP request with an Accept-Language header greater than 16 bytes. To overwrite the return address on the stack, we must first pass a memcpy operation that uses pointers we supply...

PeerCast URL Handling Buffer Overflow

This module exploits a stack buffer overflow in PeerCast 'PeerCast URL Handling Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in PeerCast 'hdm' , 'License' = MSFLICENSE, 'References' = 'CVE', '2006-1148', 'OSVDB', '23777', 'BID', '17040' , 'Privileged' = false,...

[Full-disclosure] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Relase Date: 2006-03-15 CVE: CVE-2006-0031 Affected Products: ================== Microsoft Office Excel 2000 Microsoft Office Excel XP Microsoft Office Excel 2003 Impact: ======= Microsoft Excel is a popular spreadsheet program of Microsoft Office...

ZDI-06-002: Adobe Macromedia ShockWave Code Execution

ZDI-06-002: Adobe Macromedia ShockWave Code Execution http://www.zerodayinitiative.com/advisories/ZDI-06-002.html February 23, 2006 -- CVE ID: CVE-2005-3525 -- Affected Vendor: Adobe Macromedia -- Affected Products: Macromedia Shockwave Installer -- TippingPointTM IPS Customer Protection:...

[Full-disclosure] SUSE Security Announcement: CASA remote code execution (SUSE-SA:2006:010)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUSE Security Announcement Package: CASA Announcement ID: SUSE-SA:2006:010 Date: Wed, 22 Feb 2006 12:00:00 +0000 Affected Products: Novell Linux Desktop 9 Open Enterprise Server 1 Vulnerability Type: remote code execution Severity 1-10: 10 SUSE Defaul...

KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow

!/usr/bin/perl Sami FTP Server v2.0.1 Remote notepad.exe execution PoC by Critical Security research http://www.critical.lt Tested on Windows XP SP2, Windows XP SP0 and even on FreeBSD 6.0-RELEASE Wine 0.9.6 : use Net::FTP; - jo, að tinginys : use Switch; if @ARGV 3 print...

MS04-031 Microsoft NetDDE Service Overflow

This module exploits a stack buffer overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 2000 SP4, XP SP0. Despite Microsoft's claim that this vulnerability can be exploited without authenticatio...

freeFTPd 1.0 Username Overflow

This module exploits a stack buffer overflow in the freeFTPd multi-protocol file transfer service. This flaw can only be exploited when logging has been enabled non-default. This module requires Metasploit: https://metasploit.com/download Current source:...

Veritas Backup Exec Windows Remote Agent Overflow

This module exploits a stack buffer overflow in the Veritas BackupExec Windows Agent software. This vulnerability occurs when a client authentication request is received with type '3' and a long password argument. Reliable execution is obtained by abusing the stack buffer overflow to smash a SEH...

SlimFTPd LIST Concatenation Overflow

This module exploits a stack buffer overflow in the SlimFTPd server. The flaw is triggered when a LIST command is received with an overly-long argument. This vulnerability affects all versions of SlimFTPd prior to 3.16 and was discovered by Raphael Rigo. This module requires Metasploit:...

eDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow

This module exploits a stack buffer overflow in eDirectory 8.7.3 iMonitor service. This vulnerability was discovered by Peter Winter-Smith of NGSSoftware. NOTE: repeated exploitation attempts may cause eDirectory to crash. It does not restart automatically in a default installation. This module...

SentinelLM UDP Buffer Overflow

This module exploits a simple stack buffer overflow in the Sentinel License Manager. The SentinelLM service is installed with a wide selection of products and seems particular popular with academic products. If the wrong target value is selected, the service will crash and not restart. This modul...

Microsoft IIS ISAPI RSA WebAgent Redirect Overflow

This module exploits a stack buffer overflow in the SecurID Web Agent for IIS. This ISAPI filter runs in-process with inetinfo.exe, any attempt to exploit this flaw will result in the termination and potential restart of the IIS service. This module requires Metasploit:...

AppleFileServer LoginExt PathName Overflow

This module exploits a stack buffer overflow in the AppleFileServer service on MacOS X. This vulnerability was originally reported by Atstake and was actually one of the few useful advisories ever published by that company. You only have one chance to exploit this bug. This particular exploit use...

Mercury/32 v4.01a IMAP RENAME Buffer Overflow

This module exploits a stack buffer overflow vulnerability in the Mercury/32 v.4.01a IMAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mercury/32 v4.01a IMAP RENAME Buffer Overflow'...

WebSTAR FTP Server USER Overflow

This module exploits a stack buffer overflow in the logging routine of the WebSTAR FTP server. Reliable code execution is obtained by a series of hops through the System library. This module requires Metasploit: https://metasploit.com/download Current source:...

CURL-CVE-2005-3185 NTLM Buffer Overflow

libcurl's NTLM function can overflow a stack-based buffer if given a too long username or domain name. This would happen if you enable NTLM authentication and either: A - pass in a username and domain name to libcurl that together are longer than 192 bytes B - allow libcurl to follow HTTP...

[EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability

Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability Release Date: October 11, 2005 Date Reported: August 3, 2005 Severity: High Remote Code Execution with Authentication Medium Privilege Escalation to SYSTEM Vendor: Microsoft Systems Affected: Windows NT 4.0 Windows 2000 Windows XP eEy...

FreeBSD : mozilla -- vCard stack buffer overflow (da690355-1159-11d9-bc4a-000c41e2cdad)

Georgi Guninski discovered a stack-based buffer overflow which may be triggered when viewing email messages with vCard attachments. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyrigh...