Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2009/10/30 12:0 a.m.•15 views

Novell eDirectory DHost module load buffer overflow

Added: 10/30/2009 BID: 36815 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

8.7AI score
Exploits0
Saint
Saint
•added 2009/10/01 12:0 a.m.•15 views

ProFTP welcome message buffer overflow

Added: 10/01/2009 BID: 36128 OSVDB: 57394 Background Labtam ProFTP is an FTP client program for Microsoft Windows. Problem A buffer overflow vulnerability allows command execution when a user connects to an FTP server which sends a specially crafted welcome message. Resolution Apply a fix from th...

0.1AI score
Exploits0
Saint
Saint
•added 2009/09/30 12:0 a.m.•15 views

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

1.9AI score
Exploits0
Saint
Saint
•added 2009/05/12 12:0 a.m.•15 views

Oracle Database password weakness

Added: 05/12/2009 Background Oracle Database is a relational database solution available for multiple platforms. Problem The Oracle Database service has accounts with default or easily guessed passwords, which could allow an attacker to make unauthorized SQL queries. Resolution Set a strong...

7.9AI score
Exploits0
Saint
Saint
•added 2009/05/12 12:0 a.m.•15 views

Oracle Database password weakness

Added: 05/12/2009 Background Oracle Database is a relational database solution available for multiple platforms. Problem The Oracle Database service has accounts with default or easily guessed passwords, which could allow an attacker to make unauthorized SQL queries. Resolution Set a strong...

1.5AI score
Exploits0
Saint
Saint
•added 2009/03/18 12:0 a.m.•15 views

Download connection

Added: 03/18/2009 Background This tool allows you to download a file which, when executed, establishes a command connection. Limitations This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused. Platforms Windows Linux...

1.6AI score
Exploits0
Saint
Saint
•added 2009/03/05 12:0 a.m.•15 views

Keystroke Logger

Added: 03/05/2009 Background This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log. Limitations Logger works on Windows targets. A connection to the target is required to run this tool. Platforms Windows...

2.1AI score
Exploits0
Saint
Saint
•added 2009/01/09 12:0 a.m.•15 views

Read passwords stored in web browser

Added: 01/09/2009 Background This tool attempts to retrieve web site passwords which have been stored by Internet Explorer. Limitations A connection to the target is required to run this tool. Due to the encryption algorithm used by Internet Explorer, this tool can only retrieve passwords which...

0.6AI score
Exploits0
Saint
Saint
•added 2008/10/07 12:0 a.m.•15 views

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files .WAB, .PAB on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books locally ...

0.9AI score
Exploits0
Saint
Saint
•added 2008/02/14 12:0 a.m.•15 views

ASPX Shell

Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...

7.2AI score
Exploits0
Saint
Saint
•added 2006/03/01 12:0 a.m.•15 views

MDaemon IMAP AUTHENTICATE command buffer overflow

Added: 03/01/2006 BID: 14317 OSVDB: 18069 Background MDaemon is an e-mail server for Windows. Problem The IMAP service in MDaemon is affected by buffer overflow vulnerabilities in the AUTHENTICATE LOGIN and AUTHENTICATE CRAM-MD5 commands which can be exploited without logging into the server...

1.1AI score
Exploits0
Saint
Saint
•added 2014/03/06 12:0 a.m.•14 views

Eudora WorldMail IMAPd UID Command Buffer Overflow Vulnerability

Added: 03/06/2014 BID: 65650 OSVDB: 104071 Background Eudora WorldMail is an e-mail server for Windows. Problem Eudora WorldMail version 9.0.333.0 and probably earlier IMAPd service is vulnerable to buffer overflow as a result of improper validation of user-supplied input when handling UID...

7.7AI score
Exploits0
Saint
Saint
•added 2013/04/22 12:0 a.m.•14 views

BigAnt IM Server DDNF username Field Remote Overflow

Added: 04/22/2013 BID: 58998 OSVDB: 92239 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt IM Server is vulnerable to buffer overflow in the expsrv.dll library as a result of improper validation of...

8.3AI score
Exploits0
Saint
Saint
•added 2011/07/08 12:0 a.m.•14 views

Lotus Domino HPRAgentName Stack Overflow

Added: 07/08/2011 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem The WebAdmin.nsf resource on the Domino web service contains a buffer overflow vulnerability. Resolution No patch is available at this time. References Limitations This exploit...

0.7AI score
Exploits0
Saint
Saint
•added 2010/08/05 12:0 a.m.•14 views

Apple QuickTime Streaming Debug Error Logging Buffer Overflow

Added: 08/05/2010 BID: 41962 OSVDB: 66636 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime is vulnerable to a stack buffer overflow in QuickTimeStreaming.qtx when processing specially crafted SMIL files. The crafted SMIL files contain an invalid and...

7.7AI score
Exploits0
Saint
Saint
•added 2010/07/29 12:0 a.m.•14 views

Yahoo Messenger WScript.Shell ActiveX control command execution

Added: 07/29/2010 Background Yahoo! Messenger is an instant messaging application. It includes the WScript.Shell ActiveX control. Problem The Execute method of the WScript.Shell ActiveX control allows command execution when a malicious web page is loaded in Internet Explorer. Resolution Set the...

7.4AI score
Exploits0
Saint
Saint
•added 2010/07/23 12:0 a.m.•14 views

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

1.3AI score
Exploits0
Saint
Saint
•added 2010/07/23 12:0 a.m.•14 views

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...

1.3AI score
Exploits0
Saint
Saint
•added 2010/06/17 12:0 a.m.•14 views

Novell ZENworks Configuration Management Preboot Service Code Execution

Added: 06/17/2010 BID: 39111 OSVDB: 65361 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

2.6AI score
Exploits0
Saint
Saint
•added 2010/06/17 12:0 a.m.•14 views

Novell ZENworks Configuration Management Preboot Service Code Execution

Added: 06/17/2010 BID: 39111 OSVDB: 65361 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

8.2AI score
Exploits0
Saint
Saint
•added 2010/05/14 12:0 a.m.•14 views

ReGet Deluxe .wjr file SaveTo attribute buffer overflow

Added: 05/14/2010 BID: 37511 Background ReGet Deluxe is a download manager for Windows. Problem A buffer overflow vulnerability allows command execution when a user opens a .wjr file containing a Download tag with a specially crafted SaveTo attribute. Resolution Do not open untrusted .wjr files...

0.7AI score
Exploits0
Saint
Saint
•added 2010/05/10 12:0 a.m.•14 views

Novell ZENworks Configuration Management UploadServlet Remote Code Execution

Added: 05/10/2010 BID: 39114 OSVDB: 63412 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

Exploits0
Saint
Saint
•added 2010/03/22 12:0 a.m.•14 views

Open and Compact FTP Server Long Password Buffer Overflow

Added: 03/22/2010 Background Open and Compact FTP Server Open-FTPD is a Windows-based compact FTP server. Problem A buffer overflow vulnerability allows command execution as a result of an overly long password. Resolution Upgrade to a version newer than 1.2 when it becomes available, or use a...

1.1AI score
Exploits0
Saint
Saint
•added 2010/02/26 12:0 a.m.•14 views

Oracle Database DBMS_JVM_EXP_PERMS IMPORT_JVM_PERMS privilege elevation

Added: 02/26/2010 BID: 38115 OSVDB: 62184 Background Oracle Database embeds a Java runtime environment called OracleJVM. The DBMSJVMEXPPERMS package is included in Oracle Database and is used for importing and exporting Java permissions between database servers. Problem A privilege elevation...

7.7AI score
Exploits0
Saint
Saint
•added 2010/01/28 12:0 a.m.•14 views

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...

0.4AI score
Exploits0
Saint
Saint
•added 2010/01/28 12:0 a.m.•14 views

PHP Remote File Inclusion

Added: 01/28/2010 Background PHP scripts support the include and require statements, which cause an outside script to be run within the calling script. The included script can be a local file or, in some configurations, the URL of a remote file. Problem The PHP script is vulnerable to a remote fi...

8.1AI score
Exploits0
Saint
Saint
•added 2009/11/23 12:0 a.m.•14 views

Novell eDirectory DHost HTTPSTK buffer overflow

Added: 11/23/2009 BID: 37042 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

0.9AI score
Exploits0
Saint
Saint
•added 2009/10/30 12:0 a.m.•14 views

Novell eDirectory DHost module load buffer overflow

Added: 10/30/2009 BID: 36815 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

2.1AI score
Exploits0
Saint
Saint
•added 2009/09/30 12:0 a.m.•14 views

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

1.9AI score
Exploits0
Saint
Saint
•added 2009/09/23 12:0 a.m.•14 views

Phishing Tool

Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...

6.7AI score
Exploits0
Saint
Saint
•added 2009/09/17 12:0 a.m.•14 views

ACDSee TIFF file handling buffer overflow

Added: 09/17/2009 BID: 35175 OSVDB: 54822 Background ACDSee is a suite of products for viewing and organizing photos. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted TIFF file. Resolution Apply a fix when available. If a fix is not available,...

0.6AI score
Exploits0
Saint
Saint
•added 2009/08/03 12:0 a.m.•14 views

Easy Chat Server Authentication Request Buffer Overflow

Added: 08/03/2009 Background Easy Chat Server is a web-based chat server for Microsoft Windows. Problem The server is vulnerable to a remote buffer-overflow attack which can be triggered by sending a specially crafted password parameter to chat.ghp. Resolution Easy Chat Server 2.2 and earlier are...

7AI score
Exploits0
Saint
Saint
•added 2009/06/04 12:0 a.m.•14 views

Find Metadata

Added: 06/04/2009 Background This tool searches the Internet for PDF and Microsoft Office files in the given domain, and extracts the metadata from those files. This metadata often contains the names or aliases of the document's authors or contributors, which can be used to guess valid e-mail...

1.7AI score
Exploits0
Saint
Saint
•added 2009/05/27 12:0 a.m.•14 views

Password Hash Grabber

Added: 05/27/2009 Background This tool grabs the windows SAM file or password hashes of the target. The SAM file / password hashes can be viewed in the exploit tools previous results section. Results may be used with third party programs to obtain passwords in plain text. Limitations Password Has...

0.5AI score
Exploits0
Saint
Saint
•added 2009/03/05 12:0 a.m.•14 views

Keystroke Logger

Added: 03/05/2009 Background This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log. Limitations Logger works on Windows targets. A connection to the target is required to run this tool. Platforms Windows...

2.1AI score
Exploits0
Saint
Saint
•added 2009/01/30 12:0 a.m.•14 views

Microsoft Office OCX ActiveX controls OpenWebFile program execution

Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...

7.5AI score
Exploits0
Saint
Saint
•added 2009/01/09 12:0 a.m.•14 views

Read passwords stored in web browser

Added: 01/09/2009 Background This tool attempts to retrieve web site passwords which have been stored by Internet Explorer. Limitations A connection to the target is required to run this tool. Due to the encryption algorithm used by Internet Explorer, this tool can only retrieve passwords which...

0.6AI score
Exploits0
Saint
Saint
•added 2009/01/09 12:0 a.m.•14 views

Read passwords stored in web browser

Added: 01/09/2009 Background This tool attempts to retrieve web site passwords which have been stored by Internet Explorer. Limitations A connection to the target is required to run this tool. Due to the encryption algorithm used by Internet Explorer, this tool can only retrieve passwords which...

0.6AI score
Exploits0
Saint
Saint
•added 2008/11/21 12:0 a.m.•14 views

LPViewer ActiveX Control url property buffer overflow

Added: 11/21/2008 CVE: CVE-2008-4384 BID: 31604 OSVDB: 48946 Background The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software. Problem A buffer overflow vulnerability allows command execution when a user opens a w...

9.3CVSS6.7AI score0.28706EPSS
Exploits8
Saint
Saint
•added 2008/05/12 12:0 a.m.•14 views

Citadel SMTP server RCPT TO buffer overflow

Added: 05/12/2008 CVE: CVE-2008-0394 BID: 27376 OSVDB: 40516 Background Citadel is an open-source e-mail and collaboration server. Problem A buffer overflow vulnerability in the makeuserkey function allows remote attackers to execute arbitrary commands by sending a long, specially crafted RCPT TO...

7.5CVSS7.9AI score0.11948EPSS
Exploits4
Saint
Saint
•added 2015/08/13 12:0 a.m.•13 views

PCMan FTP Server PUT buffer overflow

Added: 08/13/2015 Background PCMan's FTP Server is a free FTP server for Windows. Problem A buffer overflow vulnerability in PCMan's FTP Server allows remote attackers to execute arbitrary commands. Resolution There is no known fix for this vulnerability. Use a different FTP server, or block acce...

8.6AI score
Exploits0
Saint
Saint
•added 2010/12/10 12:0 a.m.•13 views

HP Data Protector Manager MMD Service Stack Buffer Overflow

Added: 12/10/2010 BID: 45128 Background HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The Cell Manager is the central point from which backup agents and devic...

7.7AI score
Exploits0
Saint
Saint
•added 2010/08/20 12:0 a.m.•13 views

Symantec Alert Management System Intel Alert Handler command execution

Added: 08/20/2010 BID: 41959 OSVDB: 66807 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager, which listens on port...

0.9AI score
Exploits0
Saint
Saint
•added 2010/07/29 12:0 a.m.•13 views

Yahoo Messenger WScript.Shell ActiveX control command execution

Added: 07/29/2010 Background Yahoo! Messenger is an instant messaging application. It includes the WScript.Shell ActiveX control. Problem The Execute method of the WScript.Shell ActiveX control allows command execution when a malicious web page is loaded in Internet Explorer. Resolution Set the...

7.3AI score
Exploits0
Saint
Saint
•added 2010/05/10 12:0 a.m.•13 views

Novell ZENworks Configuration Management UploadServlet Remote Code Execution

Added: 05/10/2010 BID: 39114 OSVDB: 63412 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server...

8.2AI score
Exploits0
Saint
Saint
•added 2010/02/22 12:0 a.m.•13 views

Xi Software Net Transport eDonkey Protocol Buffer Overflow

Added: 02/22/2010 OSVDB: 61435 Background Net Transport, also known as NetXfer, is a download manager for Windows made by Xi Software. Among the protocols Net Transport can handle is eDonkey, a decentrailized peer to peer network for file sharing. Problem The Net Transport download manager fails ...

8.3AI score
Exploits0
Saint
Saint
•added 2010/02/09 12:0 a.m.•13 views

BigAnt Messenger Server USV Command Buffer Overflow

Added: 02/09/2010 BID: 37520 OSVDB: 61386 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt server version 2.52 and earlier are vulnerable to a remote, unauthenticated buffer overflow attack. The...

7.8AI score
Exploits0
Saint
Saint
•added 2010/01/29 12:0 a.m.•13 views

HP OpenView Storage Data Protector Cell Manager buffer overflow

Added: 01/29/2010 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability in HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands by sending a specially crafted request to the Cell Manager service. Resolution...

8.6AI score
Exploits0
Saint
Saint
•added 2009/11/23 12:0 a.m.•13 views

Novell eDirectory DHost HTTPSTK buffer overflow

Added: 11/23/2009 BID: 37042 Background Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system. Problem A buffer...

8.7AI score
Exploits0
Saint
Saint
•added 2009/11/08 12:0 a.m.•13 views

Serv-U Web Client session cookie handling buffer overflow

Added: 11/08/2009 BID: 36895 OSVDB: 59772 Background Serv-U is an FTP server for Windows platforms. The Serv-U Web Client component provides a browser-based interface to Serv-U. Problem A buffer overflow in the Serv-U Web Client allows remote attackers to execute arbitrary code when overly long...

8.8AI score
Exploits0
Total number of security vulnerabilities4305