Metasploit Exploits
3,294 exploits tracked across all sources.
XM Easy Personal FTP Server 5.6.0 - DoS
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
Microsoft Internet Information Services FTP Service 7.0-7.5 - Remote Code Execution via Crafted FTP Command
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
by Matthew Bergin, jduck
Solar FTP Server < 2.1.1 - Denial of Service via USER Command Format String
Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.
GuildFTPd 0.999.14 - Denial of Service and Possible Remote Code Execution via Long CWD and LIST Arguments
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
Solaris 7-10 - Unauthenticated Directory Traversal and Arbitrary File Deletion via LPD Unlink Command
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
by hdm
FreeBSD 6.0 - Denial of Service via NFS Mount Request
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
by MC
avahi < 0.6.24 - Denial of Service via mDNS Packet with Source Port 0
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
Android 4.0.3 - Denial of Service via Crafted Market URI in IFRAME
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
by Jean Pascal Pereira, Jonathan Waggoner
ntp < 4.2.4p8 and 4.2.5 - Denial of Service via MODE_PRIVATE Packet Spoofing
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
by todb
miniupnpd < 1.4 - Denial of Service via Crafted SSDP Request
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
by hdm, Dejan Lukan
HP Data Protector Manager 6.11 - Denial of Service via Large Data Packet to RDS Service
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
IBM Tivoli Storage Manager FastBack < 6.1.12 - Stack-Based Buffer Overflow
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
by Gianni Gnesa
memcached < 1.4.5 - Denial of Service via Integer Signedness Error
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Dopewars 1.5.12 - Denial of Service via Invalid REQUESTJET Message
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
IBM Lotus Sametime 8.5.2-8.5.2.1 - Denial of Service via Crafted Audio Visual Session
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.
by Chris John Riley, kicks4kittens
OpenSSL < 0.9.8i - Denial of Service via DTLS ChangeCipherSpec Packet
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
OpenSSL DTLS Fragment Buffer Overflow DoS
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
OpenSSL 1.0.1 - Denial of Service via Crafted CBC Data in AES-NI
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
rsyslog 4.6.x < 4.6.8 and 5.2.0-5.8.4 - Denial of Service via Long TAG in Legacy Syslog Message
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.
Wireshark < 0.99.6 - Denial of Service via Crafted Chunked Encoding in HTTP Response
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Wireshark 0.99.2-0.99.8 - Denial of Service via Malformed LDAP Packet
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
by MC
Wireshark 1.6.x-1.6.16 and 1.8.x-1.8.8 - Denial of Service in CAPWAP Dissector
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
by Laurent Butti, j0sm1
Wireshark 1.0.x 1.2.0-1.2.14 1.4.0-1.4.3 - Denial of Service via SMB or CLDAP Packet
Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet.
Monkey HTTP Daemon < 1.2.1 - Stack-Based Buffer Overflow via Crafted HTTP Header
Stack-based buffer overflow in the mk_request_header_process function in mk_request.c in Monkey HTTP Daemon (monkeyd) before 1.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP header.
Ruby on Rails 3.x < 3.2.16 and 4.x < 4.0.2 - Denial of Service via Invalid MIME Type Header
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.
by Toby Hsieh, joev, sinn3r
By Source