A boundary error exists in the HTTP Protocol Stack (httpstk) component of iMonitor within the "BuildRedirectURL()" function when processing "Host" HTTP headers. This can be exploited to cause a stack-based buffer overflow via a specially crafted request with an overly long "Host" header.
This vulnerability allows remote attackers to execute arbitrary code on installations of Net Transport Server, which can be exploited by malicious people to compromise a vulnerable system. Net Transport is prone to a stack-based buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data.
An internal memory buffer may be overrun while handling long "USER" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the NetTerm NetFTPD.exe process. FreeFTPD will be left inaccessible after successful exploitation.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Netmechanica NetDecision HTTP Server. A buffer overflow in NetDecision's HTTP service is exploited when a long URL is managed by the HTTP Server's active window. For successfull exploitation, the victim need to have the HttpSvr's window open. Authentication is not required to exploit this vulnerability.
Subscribe to Impact