Mercury imap4 server is vulnerable to a remote buffer overflow exploit. The exploit is triggered when a malicious user sends a specially crafted packet to the vulnerable server. The packet contains an overflow string which is larger than the buffer size, resulting in a buffer overflow. The exploit is successful when the malicious user is able to gain access to the server and execute arbitrary code.
CuteNews 1.4.0(possibly prior versions) is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.
A denial of service vulnerability exists in Fastream NETFile FTP/Web Server 7.1.2 Professional. An attacker can send a specially crafted HTTP request to the server to cause a denial of service condition. This exploit was coded by karak0rsan and the bug was found by bratax ck.
There exists a buffer overflow in Stoneys FTPd that most rxBot mod's use. The problem lies in how the code parses the PORT command and gives an opportunity for a buffer overflow. Problem is that the ftpd also uses select() to handle multiple connections. So when sending the crafted PORT command select() returns NULL making it return and exit the FTPd thread resulting merely in a Denial Of Service of the FTPd with no crash of the bot itself.
This exploit is used to gain access to the user's password of a PHP-Nuke version 7.8 website. It uses a combination of brute force and binary search to find the password. It requires MySQL version 4.0 or higher.
This exploit allows an attacker to gain access to the username and password of a registered user on a vulnerable phpWebSite installation. The exploit works by sending a specially crafted HTTP request to the vulnerable server, which then returns the username and password of the registered user in the response.
This code sends a TCP/IP packet with 4 extra bytes corresponding to the TCP Options [TCP Header]. These 4 bytes are "x05x02x00x00". NOTE !!!: Snort only falls when it is running in verbose mode (-v). This only works testing from one machine to another directly connected (1 single jump; Eg. In a LAN network from PC to PC). It does not work from the Internet, because the TCP->th_sum field is 0 (zero), so the first Router through which this packet passes will discard it for not having a valid checksum.
This exploit allows an attacker to crash the server by sending an invalid command to the server.
Alt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.
This exploit allows an attacker to inject malicious SQL code into the phpMyFamily application, allowing them to gain access to the admin account with the login and password hash.
Services By CQR