This module exploits a buffer overflow vulnerability in the handling of Error Packet for overwrite all the .bss section and some portion of the .idata section.
The vulnerability is caused due to a boundary error within Cisco Secure ACS UCP when processing users info with CSuserCGI.exe vulnerable module.
WonderWare is supplier of industrial automation and information software solutions. According to the company's website:
* one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil and Gas, Food and Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more
The vulnerability found in Wonderware SuiteLink Service (slssvc.exe) could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet.
* one third of the world's plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil and Gas, Food and Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more
The vulnerability found in Wonderware SuiteLink Service (slssvc.exe) could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet.
By sending a malformed 'Directory' request it is possible to create a condition where free() is called on memory that is still in use. This can result in an exploitable condition when free() is called on the memory chunk a second time.
The agent installed by this exploit runs with administrative privileges.
This update improve the exploit reliability.
The agent installed by this exploit runs with administrative privileges.
This update improve the exploit reliability.
This module exploits a vulnerability in the WireShark LDAP dissector, sending a specially crafted LDAP packet, causing WireShark to crash.
This package updates the Arkeia Network Backup exploit.
This module exploits a buffer overflow in SurgeMail Mail Server and installs an agent into the target host. A buffer overflow vulnerability is located in the function which handles the real CGI executables. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module.
This exploit perform three attempts to disable DEP in XP SP2 and Windows 2003.
This exploit perform three attempts to disable DEP in XP SP2 and Windows 2003.
This module exploits a buffer overflow in CA Brightstor Tape Engine in BrightStor ARCserve Backup v11.5. This package makes a slight change in the documentation of the module.
This module exploits a stack buffer overflow in the Workstation Service. This package addresses a compatibility problem when porting the module from version 7.0 to 7.5 of the framework.
This update fixes an issue with the 'reuse connection' mode on Impact V7.5