6725 matches found
eIQNetworks ESA License Manager LICMGR_ADDLICENSE Overflow
This module exploits a stack buffer overflow in eIQnetworks Enterprise Security Analyzer. During the processing of long arguments to the LICMGRADDLICENSE command, a stack-based buffer overflow occurs. This module has only been tested against ESA v2.1.13. This module requires Metasploit:...
eIQNetworks ESA Topology DELETEDEVICE Overflow
This module exploits a stack buffer overflow in eIQnetworks Enterprise Security Analyzer. During the processing of long arguments to the DELETEDEVICE command in the Topology server, a stack-based buffer overflow occurs. This module has only been tested against ESA v2.1.13. This module requires...
Ipswitch IMail SMTP Server code execution
Stack buffer overflow on oversized hostname string within characters '@' and ':'...
MS04-011 Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
This module exploits a stack buffer overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter. This module...
libTIFF: Multiple vulnerabilities
Background libTIFF provides support for reading and manipulating TIFF images. Description Tavis Ormandy of the Google Security Team discovered several heap and stack buffer overflows and other flaws in libTIFF. The affected parts include the TIFFFetchShortPair, TIFFScanLineSize and...
[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1137-1 [email protected] http://www.debian.org/security/ Martin Schulze August 2nd, 2006 http://www.debian.org/security/faq -...
DSA-1137-1 tiff - several vulnerabilities
Bulletin has no description...
CVE-2006-3600
Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp TunePimp 0.4.2 allow remote user-assisted attackers to cause a denial of service application crash and possibly execute code via a long 1 Album release date MBEReleaseGetDate, 2 data, or 3 error strings...
Microsoft Excel 2003 - Hlink Stack Buffer Overflow (SEH)
Microsoft Excel 2003 - Hlink Stack Buffer Overflow SEH !perl "Microsoft Office Excel 2003" Hlink Stack/SEH Overflow Exploit Author: Manuel Santamarina Suarez The vulnerability was discovered by 'kcope'. First click on the link and then on the "Yes" button to cause the stack overflow. fixed...
MS06-025 Microsoft RRAS Service RASMAN Registry Overflow
This module exploits a registry-based stack buffer overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on...
TFTPD32 Long Filename Buffer Overflow
This module exploits a stack buffer overflow in TFTPD32 version 2.21 and prior. By sending a request for an overly long file name to the tftpd32 server, a remote attacker could overflow a buffer and execute arbitrary code on the system. This module requires Metasploit:...
Novell Messenger Server 2.0 Accept-Language Overflow
This module exploits a stack buffer overflow in Novell GroupWise Messenger Server v2.0. This flaw is triggered by any HTTP request with an Accept-Language header greater than 16 bytes. To overwrite the return address on the stack, we must first pass a memcpy operation that uses pointers we supply...
PeerCast URL Handling Buffer Overflow
This module exploits a stack buffer overflow in PeerCast 'PeerCast URL Handling Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in PeerCast 'hdm' , 'License' = MSFLICENSE, 'References' = 'CVE', '2006-1148', 'OSVDB', '23777', 'BID', '17040' , 'Privileged' = false,...
[Full-disclosure] [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Relase Date: 2006-03-15 CVE: CVE-2006-0031 Affected Products: ================== Microsoft Office Excel 2000 Microsoft Office Excel XP Microsoft Office Excel 2003 Impact: ======= Microsoft Excel is a popular spreadsheet program of Microsoft Office...
ZDI-06-002: Adobe Macromedia ShockWave Code Execution
ZDI-06-002: Adobe Macromedia ShockWave Code Execution http://www.zerodayinitiative.com/advisories/ZDI-06-002.html February 23, 2006 -- CVE ID: CVE-2005-3525 -- Affected Vendor: Adobe Macromedia -- Affected Products: Macromedia Shockwave Installer -- TippingPointTM IPS Customer Protection:...
[Full-disclosure] SUSE Security Announcement: CASA remote code execution (SUSE-SA:2006:010)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUSE Security Announcement Package: CASA Announcement ID: SUSE-SA:2006:010 Date: Wed, 22 Feb 2006 12:00:00 +0000 Affected Products: Novell Linux Desktop 9 Open Enterprise Server 1 Vulnerability Type: remote code execution Severity 1-10: 10 SUSE Defaul...
KarjaSoft Sami FTP Server 2.0.1 - Remote Stack Buffer Overflow
!/usr/bin/perl Sami FTP Server v2.0.1 Remote notepad.exe execution PoC by Critical Security research http://www.critical.lt Tested on Windows XP SP2, Windows XP SP0 and even on FreeBSD 6.0-RELEASE Wine 0.9.6 : use Net::FTP; - jo, að tinginys : use Switch; if @ARGV 3 print...
MS04-031 Microsoft NetDDE Service Overflow
This module exploits a stack buffer overflow in the NetDDE service, which is the precursor to the DCOM interface. This exploit effects only operating systems released prior to Windows XP SP1 2000 SP4, XP SP0. Despite Microsoft's claim that this vulnerability can be exploited without authenticatio...
freeFTPd 1.0 Username Overflow
This module exploits a stack buffer overflow in the freeFTPd multi-protocol file transfer service. This flaw can only be exploited when logging has been enabled non-default. This module requires Metasploit: https://metasploit.com/download Current source:...
Veritas Backup Exec Windows Remote Agent Overflow
This module exploits a stack buffer overflow in the Veritas BackupExec Windows Agent software. This vulnerability occurs when a client authentication request is received with type '3' and a long password argument. Reliable execution is obtained by abusing the stack buffer overflow to smash a SEH...