This module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2.
This module exploits a stack buffer overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's excellent MSRPC website.
This module exploits a simple stack buffer overflow in the Sentinel License Manager. The SentinelLM service is installed with a wide selection of products and seems particular popular with academic products. If the wrong target value is selected, the service will crash and not restart.
This module exploits a vulnerability in the CA License Server network service. By sending an excessively long GETCONFIG packet the stack may be overwritten.
This module exploits a vulnerability in the CA License Client service. The vulnerability is a buffer overflow in the GETCONFIG command. By sending a specially crafted GETCONFIG command, an attacker can execute arbitrary code on the target system. The exploit requires the IP address of the attacker to be resolvable from the target system's point of view. This can be achieved by running the 'nmbd' service that comes with Samba on a local network. The exploit also requires UDP port 137 to be open and not filtered. Due to a limitation in the software, only one connection can be made to the agent port before it starts ignoring further connections.
This module exploits a stack buffer overflow in 32bit ftp client, triggered when trying to download a file that has an overly long filename.
This module exploits a stack buffer overflow in the Easy File Sharing 2.0 service. By sending an overly long password, an attacker can execute arbitrary code.
This module exploits a buffer overflow in the SIZE verb in Texas Imperial's Software WFTPD 3.23.
This module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
This module exploits a buffer overflow in the Xftp 3.0 FTP client that is triggered through an excessively long PWD message.
Services By CQR