This module exploits a vulnerability in Citrix EdgeSight Software, when a crafted package is send to port 18747.
This module shuts down the Cerberus FTP Server because it fails to properly handle user-supplied input with an overly long USER command.
This module shuts down the Blackmoon FTP Server because it fails to properly handle user-supplied malformed packets.
This module hangs the BakBone NetVault SmartDisk Server because it fails to properly handle user-supplied malformed packets.
This module exploits a vulnerability in Avast Internet Security driver (aswFW.sys). The IOCTL handler in the aswFW.sys device driver allows local users to overwrite memory via malformed parameters.
This module exploits a vulnerability in Avast Internet Security driver (aswFW.sys). The IOCTL handler in the aswFW.sys device driver allows local users to overwrite memory via malformed parameters.
This module sends HTTP requests with specially crafted headers making Apache server consume a lot of resources. This attack prevents the victim server from accepting connections from legitimate clients and probably would make the server non-operational. The performance of this exploit depends on the contents of the path parameter. It works better when the requested path points to a static html page, and it's size is not too small.
The mod_isapi module unloads ISAPI modules before the request processing is complete, potentially leaving orphaned callback pointers behind. This can be exploited by sending a specially crafted request followed by a reset packet.
This module sends HTTP requests with incomplete headers that prevents the Apache server to accept connections from legitimate clients. When the module is stopped the server continues working normally.
Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. The vulnerability can be triggered when an LDAP version 3 search request with many Base "Distinguised name" statements is sent to the server, resulting in a heap overflow and subsequent crash of the Lsaas.exe service. This in turn, will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated. The possibility of exploiting this vulnerability to execute arbitrary code on a vulnerable server has not been proved but is not discarded.