This Metasploit module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC (0xff) bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth and may in fact be exploitable for remote code execution.
abed1f5c04a53ec53d5c8c7b407c490b68fdb3bae004065e4060e14c0df5f32aThis Metasploit module exploits a denial of service flaw in the Microsoft Windows SMB service on versions of Windows Server 2003 that have been configured as a domain controller. By sending a specially crafted election request, an attacker can cause a pool overflow. The vulnerability appears to be due to an error handling a length value while calculating the amount of memory to copy to a buffer. When there are zero bytes left in the buffer, the length value is improperly decremented and an integer underflow occurs. The resulting value is used in several calculations and is then passed as the length value to an inline memcpy operation. Unfortunately, the length value appears to be fixed at -2 (0xfffffffe) and causes considerable damage to kernel heap memory. While theoretically possible, it does not appear to be trivial to turn this vulnerability into remote (or even local) code execution.
83963f7202852444f496b9b32c24f1f420890784a7bc742ab76e1e65e71e2d4bThis Metasploit module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to yield code execution but is effective at shutting down a remote log daemon. This bug was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5. Compiler differences may prevent this bug from causing any noticeable result on many systems (RHEL6 is affected).
1836af5218b01b297dea76f88ecafa1e2a6576adefd69c53dfff4c3fec648662This Metasploit module exploits a kernel based overflow when sending abnormal PPTP Control Data packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers (Remote Access Services). Kernel memory is overwritten resulting in a BSOD. Code execution may be possible however this module is only a DoS.
f6b900c41ad128f7eb0865eabc39ca4b0dca932339d32bf7d9c3aab93b77cce7This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91Ubuntu Security Notice 6638-1 - Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution.
cb517471393f2b25d84672292a8731ab62b9d85dbfaf6f8ff61eb3870a2e1cb5A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.
94d1415f6fe455813346e8f6de25a1fa7b5b88484ea770a8bc9b669e25457a13Proof of concept exploit for a buffer overflow remote code execution vulnerability in librelp.
e494ed907a60d68aba585cbc21eba08e50daffab41973ff8ba84e679096953dcGentoo Linux Security Advisory 202212-7 - An integer overflow vulnerability has been found in libksba which could result in remote code execution. Versions less than 1.6.3 are affected.
ac69401436c9a575a37a5e7c9a25d6ebc19a3536a7758cb526dd48036ce3f6b7Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).
4054bf326761b93798ba5e87ed9c11954014650895f0887f6de6e704d4f0b728Gentoo Linux Security Advisory 202210-42 - A buffer overflow in zlib might allow an attacker to cause remote code execution. Versions less than 1.2.12-r3 are affected.
c46b3f01897b3c08e7d9420246ac8f8a67021ea56c97c1d6e882c833059e27c5OpenSSL Security Advisory 20221101 - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Other issues were also addressed.
f5b2b5456475218f21e11c204399e21895e40c447a1a4638df485d020701c36bGentoo Linux Security Advisory 202210-23 - An integer overflow vulnerability has been found in libksba which could result in remote code execution. Versions less than 1.6.2 are affected.
5bd9359a4401f309ea439dedb71a5835524adf7ba93c954f7f13000acce6915fRed Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.
c0789250da6e85f6ddbf1eff137427983e596902d3fa57015a6fd21b598eac60Infiray IRAY-A8Z3 thermal camera version 1.0.957 suffers from hardcoded web credential, authenticated remote code execution, buffer overflow, lack of password for root, and outdated software component vulnerabilities.
9d819d8481e8887a675b01f13926006193f4ee62a19071ae5db1494a8550bcb0IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi processes requests from users and passes them to command handlers. Several crashes including an integer overflow were discovered by sending malformed requests to the server, allowing remote users without authentication to perform denial-of-service attacks or potentially crafted for remote code execution as the server's running user. Versions at least up to 1.1 may be affected.
469b8801bf0145e552808075cd1f841e7ae3b8e88fcdd656bd6e310c9da61211This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.
c4e4d56427af88f4e0240499806563abb1fa94b80fc1c5bdc3ba921dbbbafb67Ubuntu Security Notice 5054-1 - Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution.
70d6543ac9f81870c4535f25be6f6b04322fedfa864ce47348fe2904ac701203Shenzhen Skyworth RN510 suffers from a buffer overflow vulnerability that allows for remote code execution.
93aaa64937baf7f896bc583390423bd6be7254ef45979a7f1e67273873d3d9dfChrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.
1cace43b452705e7d3b72d7ffc4cfa52f96f982d0385e1b41735a6a9d29c96ceProCaster LE-32F430 SmartTV remote code execution exploit that leverages a stack overflow vulnerability in GStreamer souphttpsrc libsoup version 2.51.3.
1ad3a65acf697bf1c70bb81022b9b7a2d3b137e69287c12676f5b7dbeb0c2376Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
a470639faa2ee4a0b417e12596275b4d8fa9a29716deb25f60c4b8b3b2b5cd5cNetgear R7000 router remote code execution exploit that leverages a pre-authentication memcpy-based stack buffer overflow vulnerability.
d2bc33188494707131607d3b6428caca3cc95ef4510489bd1325974d0c042945A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
47c3eb61b29367d5a2946ff2994c08510a93a27c3f70aae7b73521d1c8fa4c8eA heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
fbc427324f7bbbd52b32d86534519facca35022c50ab621232e63a61a9d5146c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed