This Metasploit module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC (0xff) bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth and may in fact be exploitable for remote code execution.
abed1f5c04a53ec53d5c8c7b407c490b68fdb3bae004065e4060e14c0df5f32a
This Metasploit module exploits a denial of service flaw in the Microsoft Windows SMB service on versions of Windows Server 2003 that have been configured as a domain controller. By sending a specially crafted election request, an attacker can cause a pool overflow. The vulnerability appears to be due to an error handling a length value while calculating the amount of memory to copy to a buffer. When there are zero bytes left in the buffer, the length value is improperly decremented and an integer underflow occurs. The resulting value is used in several calculations and is then passed as the length value to an inline memcpy operation. Unfortunately, the length value appears to be fixed at -2 (0xfffffffe) and causes considerable damage to kernel heap memory. While theoretically possible, it does not appear to be trivial to turn this vulnerability into remote (or even local) code execution.
83963f7202852444f496b9b32c24f1f420890784a7bc742ab76e1e65e71e2d4b
This Metasploit module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to yield code execution but is effective at shutting down a remote log daemon. This bug was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5. Compiler differences may prevent this bug from causing any noticeable result on many systems (RHEL6 is affected).
1836af5218b01b297dea76f88ecafa1e2a6576adefd69c53dfff4c3fec648662
This Metasploit module exploits a kernel based overflow when sending abnormal PPTP Control Data packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers (Remote Access Services). Kernel memory is overwritten resulting in a BSOD. Code execution may be possible however this module is only a DoS.
f6b900c41ad128f7eb0865eabc39ca4b0dca932339d32bf7d9c3aab93b77cce7
This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91
Ubuntu Security Notice 6638-1 - Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. It was discovered that a buffer overflows exists in EDK2's Network Package An attacker on the local network could potentially use these to impact availability or possibly cause remote code execution.
cb517471393f2b25d84672292a8731ab62b9d85dbfaf6f8ff61eb3870a2e1cb5
A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root.
94d1415f6fe455813346e8f6de25a1fa7b5b88484ea770a8bc9b669e25457a13
Proof of concept exploit for a buffer overflow remote code execution vulnerability in librelp.
e494ed907a60d68aba585cbc21eba08e50daffab41973ff8ba84e679096953dc
Gentoo Linux Security Advisory 202212-7 - An integer overflow vulnerability has been found in libksba which could result in remote code execution. Versions less than 1.6.3 are affected.
ac69401436c9a575a37a5e7c9a25d6ebc19a3536a7758cb526dd48036ce3f6b7
Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).
4054bf326761b93798ba5e87ed9c11954014650895f0887f6de6e704d4f0b728
Gentoo Linux Security Advisory 202210-42 - A buffer overflow in zlib might allow an attacker to cause remote code execution. Versions less than 1.2.12-r3 are affected.
c46b3f01897b3c08e7d9420246ac8f8a67021ea56c97c1d6e882c833059e27c5
OpenSSL Security Advisory 20221101 - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Other issues were also addressed.
f5b2b5456475218f21e11c204399e21895e40c447a1a4638df485d020701c36b
Gentoo Linux Security Advisory 202210-23 - An integer overflow vulnerability has been found in libksba which could result in remote code execution. Versions less than 1.6.2 are affected.
5bd9359a4401f309ea439dedb71a5835524adf7ba93c954f7f13000acce6915f
Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.
c0789250da6e85f6ddbf1eff137427983e596902d3fa57015a6fd21b598eac60
Infiray IRAY-A8Z3 thermal camera version 1.0.957 suffers from hardcoded web credential, authenticated remote code execution, buffer overflow, lack of password for root, and outdated software component vulnerabilities.
9d819d8481e8887a675b01f13926006193f4ee62a19071ae5db1494a8550bcb0
IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi processes requests from users and passes them to command handlers. Several crashes including an integer overflow were discovered by sending malformed requests to the server, allowing remote users without authentication to perform denial-of-service attacks or potentially crafted for remote code execution as the server's running user. Versions at least up to 1.1 may be affected.
469b8801bf0145e552808075cd1f841e7ae3b8e88fcdd656bd6e310c9da61211
This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.
c4e4d56427af88f4e0240499806563abb1fa94b80fc1c5bdc3ba921dbbbafb67
Ubuntu Security Notice 5054-1 - Felix Wilhelm discovered a buffer overflow flaw in the mod_proxy_uwsgi module. An attacker could use this vulnerability to provoke an information disclosure or potentially remote code execution.
70d6543ac9f81870c4535f25be6f6b04322fedfa864ce47348fe2904ac701203
Shenzhen Skyworth RN510 suffers from a buffer overflow vulnerability that allows for remote code execution.
93aaa64937baf7f896bc583390423bd6be7254ef45979a7f1e67273873d3d9df
Chrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.
1cace43b452705e7d3b72d7ffc4cfa52f96f982d0385e1b41735a6a9d29c96ce
ProCaster LE-32F430 SmartTV remote code execution exploit that leverages a stack overflow vulnerability in GStreamer souphttpsrc libsoup version 2.51.3.
1ad3a65acf697bf1c70bb81022b9b7a2d3b137e69287c12676f5b7dbeb0c2376
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
a470639faa2ee4a0b417e12596275b4d8fa9a29716deb25f60c4b8b3b2b5cd5c
Netgear R7000 router remote code execution exploit that leverages a pre-authentication memcpy-based stack buffer overflow vulnerability.
d2bc33188494707131607d3b6428caca3cc95ef4510489bd1325974d0c042945
A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
47c3eb61b29367d5a2946ff2994c08510a93a27c3f70aae7b73521d1c8fa4c8e
A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
fbc427324f7bbbd52b32d86534519facca35022c50ab621232e63a61a9d5146c