This module exploits a stack buffer overflow in Borland Interbase 2007. By sending a specially crafted create-request packet, a remote attacker may be able to execute arbitrary code.
This module exploits a stack buffer overflow in the authentication mechanism of NSI Doubletake which is also rebranded as HP Storage Works. This vulnerability was found by Titon of Bastard Labs.
This exploits a stack buffer overflow in NetTransport Download Manager, part of the NetXfer suite. This module was tested successfully against version 2.90.510.
This module exploits a stack buffer overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code.
This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express CAD Service. By sending a 'ping' packet containing a long string, an attacker can execute arbitrary code. NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order for the vulnerable code to be reached. This state doesn't appear to be reachable when the TSM server is not running. This service does not restart.
This module exploits a stack-based buffer overflow in Mercury/32 <= v4.01b PH Server Module. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
This exploit takes advantage of a buffer overflow vulnerability in Libxine version 1.14 or below. By providing a specially crafted MPEG file, an attacker can trigger a segmentation fault and potentially execute arbitrary code.
This is an exploit for a stack buffer overflow vulnerability in the PunyLib.dll library of Foxmail 5.0. The exploit allows remote attackers to execute arbitrary code on the target system by sending a specially crafted email.
This module exploits a weak password vulnerability in the Lyris ListManager MSDE install. During installation, the 'sa' account password is set to 'lminstall'. Once the install completes, it is set to 'lyris' followed by the process ID of the installer. This module brute forces all possible process IDs that would be used by the installer.
Services By CQR