NetBackup Java user-interface is affected by a remote format string vulnerability. An attacker can exploit this vulnerability by crafting a malicious request that contains format specifiers. A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation with SYSTEM or superuser privileges.
This module exploits a stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, allowing remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument. This module only works with localagent set as source.
An internal memory buffer may be overrun while handling long "APPE" command. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the ftpbasicsvr.exe process. UplusFtp server will be left inaccessible after successful exploitation.
This module exploits a remote command execution vulnerability found in some distributions of UnrealIRCd that contain a backdoor and installs an agent into the target host. The backdoor is present on the file Unreal3.2.8.1.tar.gz that was maliciously replaced on certain mirrors. The vulnerable file has the following MD5 checksum: 752e46f2d873c1679fa99de3f52a274d.
This module exploits a remote buffer overflow in the Unisys Business Information Server by sending a specially crafted packet to the 3989/TCP port.
This exploit sends messages of 256 bytes to "cam.exe" service in order to fill all target memory with the exploit code. The last message forces a buffer overflow and executes the code sent embedded in the previous messages.
This vulnerability allows remote attackers to execute arbitrary code on a server running Mini HTTPD. The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Authentication is not required to exploit this vulnerability.
This module exploits a buffer overflow vulnerability in TurboFTP Server. This vulnerability can be exploited remotely by sending a specially crafted PORT command to port TCP/21.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro OfficeScan Corporate Edition. The vulnerability is caused due to a boundary error within Trend Micro OfficeScan Corporate Edition when processing passwords with cgiChkMasterPwd.exe vulnerable module. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to this module.
The CmdProcessor.exe service of Trend Micro Control Manager is prone to a stack-based buffer overflow, which can be exploited by remote unauthenticated attackers to execute arbitrary code by sending a specially crafted IPC packet to the vulnerable service. This exploit bypasses Data Execution Prevention (DEP).