header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

PCMan’s FTP Server v2.0 – GET command buffer overflow (remote shell)

The PCMan's FTP Server version 2.0 is vulnerable to a buffer overflow in the GET command, which can allow remote code execution and result in a remote shell. This can be exploited by sending a specially crafted GET command with a large payload, causing a buffer overflow and overwriting the return address. This exploit has been tested on Windows XP SP3.

Exploit for Pavuk Web Spider

This exploit targets a buffer overflow vulnerability in the Pavuk Web Spider. The vulnerable code is in the function 'http_get_digest_auth_str', where an input string 'a2' is appended to a buffer 'auth_digest->nonce' without proper bounds checking. This allows an attacker to overwrite the saved EIP and potentially execute malicious code. The exploit takes advantage of this vulnerability to craft a malicious response that includes the username, realm, nonce, uri, and a calculated response.

Programmable Interrupt Timer (PIT) Controller in QEMU Information Disclosure and Heap Overflow

The programmable interrupt timer (PIT) controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and heap-overflow within the context of the host. Depending on the layout of the data beyond the heap allocation, this vulnerability can set various bytes just beyond the heap allocation to non-attacker controlled values (mainly zero), as well as leaking various bytes from beyond the heap allocation back to the guest.

Recent Exploits: