This Metasploit module exploits a remote buffer overflow in the MailEnable web service. The vulnerability is triggered when a large value is placed into the Authorization header of the web request. MailEnable Enterprise Edition versions prior to 1.0.5 and MailEnable Professional versions prior to 1.55 are affected.
ff2e2ce5c94655dfb9465949f75f90f07c48c21db60b136d56f8315fb6e91c26
MailEnable's IMAP server contains a buffer overflow vulnerability in the Login command.
a4eceb36c2639afe9fd1c656c7174c4475cb9596985d2e61b7f06f2ea8f79eea
MailEnable's IMAP server contains a buffer overflow vulnerability in the STATUS command. With proper credentials, this could allow for the execution of arbitrary code.
cf73368ca1456ebf0d123b52f99898904ccc211d943abcf2dbfe856cbeb1c9a1
This Metasploit module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
f9093da8a1312faacc61443924f7b363bb3f16f4dc7ce7d41e8c1a2f0e1338ae
This Metasploit module exploits a stack overflow in the MaxDB WebDBM service. This service is included with many recent versions of the MaxDB and SAPDB products. This particular module is capable of exploiting Windows systems through the use of an SEH frame overwrite. The offset to the SEH frame may change depending on where MaxDB has been installed, this module assumes a web root path with the same length as: C:\\Program Files\\sdb\\programs\\web\\Documents
ddfaa8c6118e77caf9e117e63cda2d90418cbdc78f05a4580f53a23a6e6acf0d
This is an exploit for the McAfee HTTP Server (NAISERV.exe). McAfee ePolicy Orchestrator 2.5.1 <= 3.5.0 and ProtectionPilot 1.1.0 are known to be vulnerable. By sending a large 'Source' header, the stack can be overwritten. This Metasploit module is based on the exploit by xbxice and muts. Due to size constraints, this module uses the Egghunter technique. You may wish to adjust WfsDelay appropriately.
4e64f2bde60479894b56b37f3ca9106dbfee008011c45a3a524a30225b19046b
This Metasploit module exploits a stack overflow in McAfee Remediation Agent 4.5.0.41. When sending an overly long string to the DeleteSnapshot() method of enginecom.dll (3.7.0.9) an attacker may be able to execute arbitrary code. This control is not marked safe for scripting, so choose your attack vector accordingly.
9abe850f29cf5b51dbe8ec828435c9333767d20de08835bb1df724f8f0fb5d57
This Metasploit module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of eEye.
44fae6eeb87ba29bf60ae8c26b6d7c50f75e7bf5c2f4e1500856135c1f0e9b56
This Metasploit module exploits a stack overflow in the McAfee Visual Trace 3.25 ActiveX Control (NeoTraceExplorer.dll 1.0.0.1). By sending a overly long string to the "TraceTarget()" method, an attacker may be able to execute arbitrary code.
1af505d58b6ecf4e14a93c0e01d4ebb141dd799f1e203a25a95e8968f3b52aed
This Metasploit module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts.
ab790525ee06e4631621b8a149d2cc10a555ebb52be8f2bcf2739624fa36b789
This Metasploit module exploits a stack overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli
e1e88ec1c914159c02c88aa646f73a91ac2acbc316b4991a9d0f98473b227142
This Metasploit module exploits a stack overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\\MDaemon\\RawFiles\\*.raw.
9a7e8845ddbf7fb0e6b7482b9b8e9b1da4f7b29d2b83ac012d206510dc73a91c
This exploit targets a stack overflow in the MediaSrv RPC service of CA BrightStor Arcserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code.
d0738e71558ee3963626f339518e819ee7c411c21d7fc0126e364448fc0ab696
Mercur v5.0 IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer. Credit to Tim Taylor for discover the vulnerability.
c2b10d51d7fe81041b5773f98702a25cb43650d4819457d1ebaa769257273fc3
This Metasploit module exploits a stack overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results.
bcc9986727d1a31fd19c6ec9efeca29335e3bac2e984bdb32e707abede16b9c6
This Metasploit module exploits a stack overflow in Mercury Mail Transport System 4.51. By sending a specially crafted argument to the AUTH CRAM-MD5 command, an attacker may be able to execute arbitrary code.
b37bc5cd6705c8e20790a12b9fc47ac4078f2b49f9d0875bc28a3d33e2238c40
This Metasploit module exploits a stack overflow in Mercury/32 <= 4.01b IMAPD LOGIN verb. By sending a specially crafted login command, a buffer is corrupted, and code execution is possible. This vulnerability was discovered by (mu-b at digit-labs.org).
a60c2ea6e800b4665a534a6fa0d25415bdd4db2986f35c241060c6a2a5fd36f1
This Metasploit module exploits a stack-based buffer overflow in Mercury/32 <= v4.01b PH Server Module. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
e589673cea231d56221ebf93f38777c3c571ba6187848d18fb71e7da338a55b1
This Metasploit module exploits a stack overflow vulnerability in the Mercury/32 v.4.01a IMAP service.
b7ce17f5eebf1671ae2fcf43472ecc4b6c37e626369cda2c8082600012b410af
This Metasploit module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code.
38992c01beb75cb04dd805a9bcadb1dab7921b19db704a8f59418f9d845fc536
This Metasploit module exploits a stack overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file system (either anonymously or in conjunction with a real account).
c094b78d6e147658a438663b48e4c7ba9f181fadc79f720b680f049d27cc2bbb
This is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack overflow that requires a "jmp esp" to reach the payload, making this difficult to target many platforms at once. This Metasploit module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.
bf2dd8378c0c0c82b912aa8e98c2826676a3f7e41c1c019b8e7c7c3874814359
This Metasploit module exploits a stack overflow in mIRC 6.1. By submitting an overly long and specially crafted URL to the 'irc' protocol, an attacker can overwrite the buffer and control program execution.
eb0f1978b41d4e2c8f8e0b4fe0064977eecb2ddfa8365c103cc9ee5faa123030
This Metasploit module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be necessary. This Metasploit module is based on the code by SkD.
30d07ff1b1f16f654610067329e7a88dbd7d7e9e8ba0fc52c40272152afc1314
This Metasploit module exploits a stack based buffer overflow in the getinfo command of Medal Of Honor Allied Assault.
621e2627d4a2d553d4c0eacaedbbb64109d10e5228a0f618c2e03dbca72168ee