CVE-2013-5019

This exploit targets a stack buffer overflow in Ultra MiniHTTPd 1.2 via a maliciously crafted HTTP GET request. It uses a combination of shellcode, an egg hunter, and a return address to achieve remote code execution (RCE) by spawning calc.exe.

This exploit targets a stack buffer overflow in Mini HTTPD 1.21 via a maliciously crafted POST request. It uses a multi-stage payload to allocate memory, spawn a new thread for shellcode execution, and suspend the current thread to stabilize exploitation.

This exploit triggers a stack-based buffer overflow in Ultra Mini HTTPD 1.21 via a maliciously crafted POST request with an overly long URL. It leverages a JMP ESP instruction from user.dll to redirect execution to a shellcode payload that binds a shell to a TCP port.

This Metasploit module exploits a stack-based buffer overflow in Ultra Mini HTTPD 1.21 via a long resource name in an HTTP GET request, allowing remote code execution. It uses a known return address from msvcrt.dll to redirect execution to the payload.

This exploit targets a stack buffer overflow in Ultra Mini HTTPD 1.21 by sending an overly long HTTP GET request. The payload includes a shellcode that binds a shell to a TCP port, leveraging a JMP ESP instruction from ntdll.dll.

This Metasploit module exploits a stack-based buffer overflow in Ultra Mini HTTPD 1.21 via a long HTTP resource name, executing arbitrary code by leveraging VirtualAlloc and CreateThread to maintain persistence despite the application's thread termination mechanism.