Alt-N SecurityGateway is prone to a buffer overflow condition. This is due to insufficient bounds checking on the 'username' parameter. Successful exploitation could result in code execution with SYSTEM level privileges. NOTE: This service doesn't restart, you'll only get one shot. However, it often survives a successful exploitation attempt.
This exploits a stack buffer overflow in the Webster HTTP server. The server and source code was released within an article from the Microsoft Systems Journal in February 1996 titled 'Write a Simple HTTP-based Server Using MFC and Windows Sockets'.
This module exploits a vulnerability in the Computer Associates iTechnology iGateway component. When <Debug>True</Debug> is enabled in igateway.conf (non-default), it is possible to overwrite the stack and execute code remotely. This module works best with Ordinal payloads.
This module exploits a stack buffer overflow in Streamcast <= 0.9.75. By sending an overly long User-Agent in an HTTP GET request, an attacker may be able to execute arbitrary code.
This is a stack buffer overflow exploit for mod_jk 1.2.20. Should work on any Win32 OS.
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to "sprintf_new" in the "isWide" function within "ovalarm.exe". A stack buffer overflow occurs when processing an HTTP request that contains an "Accept-Language" header longer than 100 bytes and an "OVABverbose" URI variable set to "on", "true" or "1". The vulnerability is related to "_WebSession::GetWebLocale()". NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
This module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. This vulnerability exists in the error reporting for unknown Transfer-Encoding headers. You may have to run this twice due to timing issues with handlers.
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to Toolbar.exe, an attacker may be able to execute arbitrary code.
This module exploits a format string vulnerability in HTTPDX HTTP server. By sending an specially crafted HTTP request containing format specifiers, an attacker can corrupt memory and execute arbitrary code. By default logging is off for HTTP, but enabled for the 'moderator' user via FTP.
This module exploits a stack buffer overflow in Amlib's Amlibweb Library Management System (NetOpacs). The webquery.dll API is available through IIS requests. By specifying an overly long string to the 'app' parameter, SeH can be reliably overwritten allowing for arbitrary remote code execution. In addition, it is possible to overwrite EIP by specifying an arbitrary parameter name with an '=' terminator.
Services By CQR