An internal memory buffer may be overrun while handling "site chmod" command with an overly long filename. This condition may be exploited by attackers to ultimately execute instructions with the privileges of the serv-u process, typically administrator or system. This bug requires the FTP user to have write privileges on at least one directory to be exploited. The Serv-U server will be left inaccessible after successful exploitation.
The Modbus Serial Driver creates a listener on Port 27700/TCP. When a connection is made, the Modbus Application Header is first read into a buffer. If a large buffer size is specified in this header, a stack-based buffer overflow can be done.
This Stack-based buffer overflow exploits a vulnerability in Schneider Electric's Interactive Graphical SCADA System (IGSS) that allows remote attackers to execute arbitrary code by sending a specially crafted packet to TCP port-12397.
This module exploits a heap overflow vulnerability in the Schneider Electric Accutech Manager Server by sending a malformed packet to the 2537/TCP port to crash the application.
This module exploits a buffer overflow vulnerability in Savant Web Server.
The Message Server component of SAP Netweaver is prone to a memory corruption vulnerability when the _MsJ2EE_AddStatistics function handles a specially crafted request with iflag value 0x0c MS_J2EE_SEND_TO_CLUSTERID, or 0x0d MS_J2EE_SEND_BROADCAST. This vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable server. This exploit bypasses Data Execution Prevention (DEP). Agents installed with this module will run under the SAPService user account.
The DiagTraceR3Info function of the disp+work.exe component of SAP Netweaver is prone to a remote buffer overflow when the worker process trace level is set to values 2 or 3 for the Dialog Processor component. This vulnerability can be exploited to execute arbitrary code on the vulnerable machine by sending a specially crafted packet containing ST_R3INFO CODEPAGE items. This exploit bypasses Data Execution Prevention (DEP). Agents installed with this module will run under the SAPServiceSNP user account.
This module exploits a remote command-injection vulnerability on the database server. No authentication to the database is required.
This module exploits a stack buffer overflow vulnerability in SAP MaxDB by sending a specially crafted packet to 7210/TCP port.
A buffer overflow is triggered while handling long 0x01 command. This condition may be exploited by attackers to execute arbitrary code.