This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing SIELCO SISTEMI Winlog when Run TCP/IP server is enabled in CONFIGURATION-OPTIONS-TCP/IP. The vulnerability is caused due to a boundary error within SIELCO SISTEMI Winlog when processing a malformed request. This can be exploited to cause a stack-based buffer overflow in Runtime.exe via a crafted 0x02 opcode packet. Authentication is not required to exploit this vulnerability.
This module exploits a buffer overflow vulnerability in the LDAP service (sidvault.exe) of the SIDVault LDAP application. The exploit triggers a stack-based buffer overflow by sending a specially crafted packet to port 389/TCP of the vulnerable system and installs an agent if successful.
This module exploits a stack overflow in Serv-U Web Client by sending a specially crafted POST request.
Serv-U supports an FTP command, "MDTM", which is used to change a file's modification time. An internal memory buffer may be overrun while handling an malformed time zone as MDTM argument. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the serv-u process, typically administrator or system. The Serv-U server will be left inaccessible after successful exploitation.
An internal memory buffer may be overrun while handling "site chmod" command with an overly long filename. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the serv-u process, typically administrator or system. This bug requires the FTP user to have write privileges on at least one directory to be exploited. The Serv-U server will be left inaccessible after successful exploitation.
The Modbus Serial Driver creates a listener on Port 27700/TCP. When a connection is made, the Modbus Application Header is first read into a buffer. If a large buffer size is specified in this header, a stack-based buffer overflow can be done.
This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397.
This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to crash the application.
This module exploits a buffer overflow vulnerability in Savant Web Server.
The Message Server component of SAP Netweaver is prone to a memory corruption vulnerability when the _MsJ2EE_AddStatistics function handles a specially crafted request with iflag value 0x0c MS_J2EE_SEND_TO_CLUSTERID, or 0x0d MS_J2EE_SEND_BROADCAST. This vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable server. This exploit bypasses Data Execution Prevention (DEP). Agents installed with this module will run under the SAPService user account.