MS06-066 Microsoft Services nwapi32.dll Module Exploit

This module exploits a stack buffer overflow in the svchost service when the netware client service is running. This specific vulnerability is in the nwapi32.dll module. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Broadcom Wireless Driver - Probe Response SSID Overflow (Metasploit)

$Id: broadcomwifissid.rb 9669 2010-07-03 03:13:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)

D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow Metasploit $Id: dlinkwifirates.rb 9670 2010-07-03 03:19:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more...

D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)

$Id: dlinkwifirates.rb 9670 2010-07-03 03:19:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Cesar FTP 0.99g MKD Command Buffer Overflow

This module exploits a stack buffer overflow in the MKD verb in CesarFTP 0.99g. You must have valid credentials to trigger this vulnerability. Also, you only get one chance, so choose your target carefully. This module requires Metasploit: https://metasploit.com/download Current source:...

Omni-NFS Server nfsd.exe栈缓冲区溢出漏洞

Omni-NFS Server可以将Windows机器转换为NFS服务器，这样UNIX用户就可以访问从远程NFS客户端导入Windows资源。 Omni-NFS Server的nfsd.exe在处理接收到的数据时存在边界条件错误，允许攻击者通过发送特制的网络报文触发栈溢出，成功的攻击可能导致执行任意指令。 Xlink Technologies Omni-NFS Server 5.2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.xlink.com/nfsproducts/NFSServer/NFSServer.htm...

mIRC IRC URL Buffer Overflow

This module exploits a stack buffer overflow in mIRC 6.1. By submitting an overly long and specially crafted URL to the 'irc' protocol, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Oracle 9i XDB HTTP PASS Overflow (win32)

This module exploits a stack buffer overflow in the authorization code of the Oracle 9i HTTP XDB service. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database XDB, during a seminar on "Variations in exploit methods between Linux and Windows" presented at the...

Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞

Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈（httpstk）没有检查客户端所提供的HTTP Host请求头（如Host: www.host.com）的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞，导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下： define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...

Clam Anti-Virus PE文件头处理堆溢出漏洞

Clam AntiVirus是Unix的GPL杀毒工具包，很多邮件网关产品都在使用。 Clam AV在处理畸形PE文件时存在堆溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令 。 在处理某些PE格式文件时，两个变量可能会被恶意地设置为非常大的值，导致整数溢出。这可能导致分配比预期少的内存，之后的代码可能会覆盖堆缓冲区。 ClamAV ClamAV 0.88.4 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1196-1）以及相应补丁: DSA-1196-1：New clamav packages fix arbitrary code...

Debian DSA-1137-1 : tiff - several vulnerabilities

Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2006-3459 Several stack-buffer overflows have been discovered. - CVE-2006-3460 A heap overflow vulnerability in the...

IA WebMail 3.x Buffer Overflow

This exploits a stack buffer overflow in the IA WebMail server. This exploit has not been tested against a live system at this time. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IA WebMail 3...

MaxDB WebDBM Database Parameter Overflow

This module exploits a stack buffer overflow in the MaxDB WebDBM service. By sending a specially-crafted HTTP request that contains an overly long database name. A remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the wahttp process. This module h...

GLSA-200609-13 : gzip: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200609-13 gzip: Multiple vulnerabilities Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a...

US-CERT Vulnerability Note VU#416092

Vulnerability Note VU416092 Microsoft Internet Explorer VML stack buffer overflow Overview Microsoft Internet Explorer IE fails to properly handle Vector Markup Language tags. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. I...

McAfee Subscription Manager Stack Buffer Overflow

This module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack buffer overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of...

Microsoft IIS ISAPI w3who.dll Query String Overflow

This module exploits a stack buffer overflow in the w3who.dll ISAPI application. This vulnerability was discovered Nicolas Gregoire and this code has been successfully tested against Windows 2000 and Windows XP SP2. When exploiting Windows XP, the payload must call RevertToSelf before it will be...

MS01-033 Microsoft IIS 5.0 IDQ Path Overflow

This module exploits a stack buffer overflow in the IDQ ISAPI handler for Microsoft Index Server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS01-033 Microsoft IIS 5.0 IDQ Path Overflow',...

Kerio Firewall 2.1.4 Authentication Packet Overflow

This module exploits a stack buffer overflow in Kerio Personal Firewall administration authentication process. This module has only been tested against Kerio Personal Firewall 2 2.1.4. This module requires Metasploit: https://metasploit.com/download Current source:...

FutureSoft TFTP Server 2000 Transfer-Mode Overflow

This module exploits a stack buffer overflow in the FutureSoft TFTP Server 2000 product. By sending an overly long transfer-mode string, we were able to overwrite both the SEH and the saved EIP. A subsequent write-exception that will occur allows the transferring of execution to our shellcode via...