This Perl script exploits a vulnerability in Mail Enable Professional/Enterprise v2.32-7 (win32) by sending a specially crafted payload to the target host. It causes the Mail Enable service to crash, resulting in a denial of service condition.
This program demonstrates how an DDoS attack amplified by NTP servers works.
Python exploit for ApPHP MicroBlog 1.0.1 (Free Version) that allows remote code execution.
Using only 400 characters will cause just a crash of IE7 (or of the software that use this activex), encreasing the number of characters EIP will be overwrite and arbitrary code execution will be possible.
This exploit is for Mail Enable Professional/Enterprise versions up to v2.35 on win32. It causes a denial of service (DoS) by triggering an out of bounds read.
This exploit targets MiniWebsvr version 0.0.6 and causes resource consumption, leading to high CPU usage. The exploit sends multiple GET requests to the server, which results in increased CPU usage.
Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files. An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks.
OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack (CVE-2003-0190). OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds (CVE-2006-5229). This is a simple shell script based on expect meant to remotely analyze timing differences in sshd "Permission denied" replies. Depending on OpenSSH version and configuration, it may lead to disclosure of valid usernames.
A buffer overflow is triggered when a long GET command is sent to the server.
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696 (CVE-2005-2428). According to testing, it's possible to dump all HTTPPassword hashes using the $defaultview view instead of $users. This saves a considerable amount of time.