This Metasploit module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are affected.
ff2e2ce5c94655dfb9465949f75f90f07c48c21db60b136d56f8315fb6e91c26MailEnable's IMAP server contains a buffer overflow vulnerability in the Login command.
a4eceb36c2639afe9fd1c656c7174c4475cb9596985d2e61b7f06f2ea8f79eeaMailEnable's IMAP server contains a buffer overflow vulnerability in the STATUS command. With proper credentials, this could allow for the execution of arbitrary code.
cf73368ca1456ebf0d123b52f99898904ccc211d943abcf2dbfe856cbeb1c9a1This Metasploit module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
f9093da8a1312faacc61443924f7b363bb3f16f4dc7ce7d41e8c1a2f0e1338aeThis Metasploit module exploits a stack overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:\\Program Files\\sdb\\programs\\web\\Documents
ddfaa8c6118e77caf9e117e63cda2d90418cbdc78f05a4580f53a23a6e6acf0dThis is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.
4e64f2bde60479894b56b37f3ca9106dbfee008011c45a3a524a30225b19046bThis Metasploit module exploits a stack overflow in McAfee Remediation Agent 4.5.0.41. When sending an overly long string to the DeleteSnapshot() method of enginecom.dll (3.7.0.9) an attacker may be able to execute arbitrary code. This control is not marked safe for scripting, so choose your attack vector accordingly.
9abe850f29cf5b51dbe8ec828435c9333767d20de08835bb1df724f8f0fb5d57This Metasploit module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of eEye.
44fae6eeb87ba29bf60ae8c26b6d7c50f75e7bf5c2f4e1500856135c1f0e9b56This Metasploit module exploits a stack overflow in the McAfee Visual Trace 3.25 ActiveX Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the "TraceTarget()" method, an attacker may be able to execute arbitrary code.
1af505d58b6ecf4e14a93c0e01d4ebb141dd799f1e203a25a95e8968f3b52aedThis Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
ab790525ee06e4631621b8a149d2cc10a555ebb52be8f2bcf2739624fa36b789This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli
e1e88ec1c914159c02c88aa646f73a91ac2acbc316b4991a9d0f98473b227142This Metasploit module exploits a stack overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\\MDaemon\\RawFiles\\*.raw.
9a7e8845ddbf7fb0e6b7482b9b8e9b1da4f7b29d2b83ac012d206510dc73a91cThis exploit targets a stack overflow in the MediaSrv RPC service of CA BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code.
d0738e71558ee3963626f339518e819ee7c411c21d7fc0126e364448fc0ab696Mercur v5.0 IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Credit to Tim Taylor for discover the vulnerability.
c2b10d51d7fe81041b5773f98702a25cb43650d4819457d1ebaa769257273fc3This Metasploit module exploits a stack overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results.
bcc9986727d1a31fd19c6ec9efeca29335e3bac2e984bdb32e707abede16b9c6This Metasploit module exploits a stack overflow in Mercury Mail Transport System 4.51. By sending a specially crafted argument to the AUTH CRAM-MD5 command, an attacker may be able to execute arbitrary code.
b37bc5cd6705c8e20790a12b9fc47ac4078f2b49f9d0875bc28a3d33e2238c40This Metasploit module exploits a stack overflow in Mercury/32 <= 4.01b IMAPD LOGIN verb. By sending a specially crafted login command, a buffer is corrupted, and code execution is possible. This vulnerability was discovered by (mu-b at digit-labs.org).
a60c2ea6e800b4665a534a6fa0d25415bdd4db2986f35c241060c6a2a5fd36f1This Metasploit module exploits a stack-based buffer overflow in Mercury/32 <= v4.01b PH Server Module. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
e589673cea231d56221ebf93f38777c3c571ba6187848d18fb71e7da338a55b1This Metasploit module exploits a stack overflow vulnerability in the Mercury/32 v.4.01a IMAP service.
b7ce17f5eebf1671ae2fcf43472ecc4b6c37e626369cda2c8082600012b410afThis Metasploit module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
38992c01beb75cb04dd805a9bcadb1dab7921b19db704a8f59418f9d845fc536This Metasploit module exploits a stack overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
c094b78d6e147658a438663b48e4c7ba9f181fadc79f720b680f049d27cc2bbbThis is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack overflow that requires a "jmp esp" to reach the payload, making this difficult to target many platforms at once. This Metasploit module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.
bf2dd8378c0c0c82b912aa8e98c2826676a3f7e41c1c019b8e7c7c3874814359This Metasploit module exploits a stack overflow in mIRC 6.1. By submitting an overly long and specially crafted URL to the 'irc' protocol, an attacker can overwrite the buffer and control program execution.
eb0f1978b41d4e2c8f8e0b4fe0064977eecb2ddfa8365c103cc9ee5faa123030This Metasploit module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be necessary. This Metasploit module is based on the code by SkD.
30d07ff1b1f16f654610067329e7a88dbd7d7e9e8ba0fc52c40272152afc1314This Metasploit module exploits a stack based buffer overflow in the getinfo command of Medal Of Honor Allied Assault.
621e2627d4a2d553d4c0eacaedbbb64109d10e5228a0f618c2e03dbca72168ee
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed