This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the first one.
098a37312c7769272d53b6747df73473c2997a18bf5130110137953613125b72
This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is installed with HP OpenView Data Protector, HP Application Recovery Manager and potentially other products. This exploit has been tested against versions 6.1, 6.0, and 5.50 of Data Protector. and versions 6.0 and 6.1 of Application Recovery Manager. NOTE: There are actually two consecutive wcscpy() calls in the program (which may be why ZDI considered them two separate issues). However, this module only exploits the second one.
6077abc4561b8bb88f893fcbc753edd3a1b15ac32e3ac4ebcdc7446ce7360c3c
This Metasploit module exploits a stack overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes.
83f6fb7d5ae69011a3539778a65b7fe423e17e94cf8166d8ba3f39790245f70b
This Metasploit module exploits a stack overflow in Lotus Domino's Sametime Server. By sending an overly long POST request to the Multiplexer STMux.exe service we are able to overwrite SEH. Based on the exploit by Manuel Santamarina Suarez.
dbb922034950b5d503d3b1d3a1d7c5b5c97e423e24541e11f69c20a9ef2b6eba
This Metasploit module exploits a simple stack overflow in FreeFTPd 1.0.10. This flaw is due to a buffer overflow error when handling a specially crafted key exchange algorithm string received from an SSH client. This Metasploit module is based on MC's freesshd_key_exchange exploit.
7edeab39559b786875c2e25515c39c1c952e00229cbdac9c0aa83bf02ea93c48
This Metasploit module exploits a buffer overflow in the GlobalSCAPE Secure FTP Server. All versions prior to 3.0.3 are affected by this flaw. A valid user account ( or anonymous access) is required for this exploit to work.
f92b038b30321d1e394a2a78f7f7a4672a2b84c28b02a128fdaf5a46600f586c
This Metasploit module exploits a stack overflow in the SlimFTPd server. The flaw is triggered when a LIST command is received with an overly-long argument. This vulnerability affects all versions of SlimFTPd prior to 3.16 and was discovered by Raphael Rigo.
55e26861520e953f85b098982baa1fa9c82fe412aea320df41475c3eba5a0d70
This Metasploit module exploits a buffer overflow found in the USER command of War-FTPD 1.65.
6b9d1bed980a1f2e6457ad141aab577141467851a1a03a4918a6b4390b1dba54