This module exploits a remote buffer overflow vulnerability in the ihDataArchiver.exe service included in several GE SCADA applications by sending a malformed packet to the 14000/TCP port.
This module exploits a buffer overflow in FutureSoft TFTP Server, that allows remote attackers to execute arbitrary code via a long malformed filename and installs an agent if successful.
This module exploits a remote buffer overflow in the Fujitsu SystemcastWizard application by sending a specially crafted packet to the port 4011/UDP.
After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the user used to login to the FTP server (for example, ftp). However, the UID (as opposite to the EUID) of the agent will be that of the super user in most cases (usually 0), and it can be changed by using the setuid module (see "setuid"). When an anonymous user is used, or if the server is configured to do this for other users, the deployed agent will be running inside a chroot jail. This situation does not prevent the use of the agent, and after setting the EUID to that of the super user, the chroot breaker module (see "chroot breaker") can be used to escape the chroot jail.
By exploiting this vulnerability, the return address in the stack can be arbitrarily altered, allowing the auditor to gain control of the target host. After successful exploitation an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the user used to login to the FTP server (for example, ftp). However, the UID (as opposite to the EUID) of the agent will be that of the super user in most cases (usually 0), and it can be changed by using the setuid module (see "setuid"). When an anonymous user is used, or if the server is configured to do this for other users, the deployed agent will be running inside a chroot jail. This situation does not prevent the use of the agent, and after setting the EUID to that of the super user, the chroot breaker module (see "chroot breaker") can be used to escape the chroot jail. As a side effect of this exploit execution, two new directories will be created on the target host, namely 'A' and 'AAAAAAAAA...' inside the former. They can be deleted after the module finishes execution.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Free Download Manager Control Server. The vulnerability is caused due to a boundary error within Free Download Manager Control Server when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
A vulnerability in the freeSSHd SSH Server allows remote attackers to bypass authentication via a crafted session. This module exploits the vulnerability and installs an agent into the target host.
An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the FreeFTPdService.exe process. FreeFTPD will be left inaccessible after successful exploitation.
An internal memory buffer may be overrun while handling long "PASS" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the FreeFTPdService.exe process. FreeFTPD will be left inaccessible after successful exploitation.
FreeFloat FTP server is prone to a buffer-overflow vulnerability when handling overly long replies.