CVE-2000-1080
published 2000-11-01CVE-2000-1080: Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
PriorityP414medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.68%
74.0th percentile
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| id_software | quake | — | — |
| j_p_grossman | proquake | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft WINS - Service Memory Overwrite (MS04-045) (Metasploit)
exploitdb·2010-09-20
CVE-2004-1080 Microsoft WINS - Service Memory Overwrite (MS04-045) (Metasploit)
Microsoft WINS - Service Memory Overwrite (MS04-045) (Metasploit)
---
##
# $Id: ms04_045_wins.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft WINS Service Memory Overwrite',
'Description' => %q{
This module exploits an arbitrary memory write flaw in the
WINS service. This exploit has been tested against Windows
2000 only.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 10394 $',
'References' =>
[
[ 'CVE', '2004-1080'],
[ 'OSVDB', '12378'],
[ 'BID', '11763'],
[ '
Exploit-DB
Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)
exploitdb·2005-04-12
CVE-2004-1080 Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)
Microsoft Windows - 'WINS' Remote Buffer Overflow (MS04-045) (3)
---
/*
Windows Internet Name Service (WINS)
Remote Heap Buffer Overflow
Advisory credits:
Nicolas Waisman of Immunity Inc. (www.immunitysec.com)
Advisory link:
immunitysec.com/downloads/instantanea.pdf
Fix:
support.microsoft.com/kb/870763 (MS04-045)
Exploit method:
PEB (RtlEnterCriticalSection)
Tested Working:
Win2k SP4 Server ENGLISH (should be all langages, not sure)
Win2k SP4 Advanced Server ENGLISH (should be all langages, not sure)
(KB870763 removed!)
Note:
A HAT-SQUAD view on this hole; exploitable and remaining critic for Windows 2000.
May need update for Windows 2003 due to the different
structure of wins.exe in it but the bug remain exploitable
with no KB870763 of course....
If you look closely at my co
Exploit-DB
AnalogX Proxy 4.0 - Socks4A Buffer Overflow
exploitdb·2002-07-01
CVE-2002-1001 AnalogX Proxy 4.0 - Socks4A Buffer Overflow
AnalogX Proxy 4.0 - Socks4A Buffer Overflow
---
source: https://www.securityfocus.com/bid/5138/info
AnalogX Proxy is prone to a buffer overflow condition when attempting to handle malformed SOCKS4A requests (via TCP port 1080). This may be exploited to create a denial of service condition or to potentially execute arbitrary instructions with the privileges of the AnalogX Proxy process.
#!/usr/local/bin/perl
#-----------------------------------------------------------
# AnalogX Proxy Version 4.10 exploit for Japanese Windows 2000 Pro (SP2)
# written by Kanatoko
# http://www.jumperz.net/
# thanx to: hsj (http://hsj.shadowpenguin.org/)
#-----------------------------------------------------------
use Socket;
$connect_host = "socks.example.com";
$port = 1080;
$iaddr = inet_aton($connect_h
Exploit-DB
Standard & Poors ComStock 4.2.4 - Command Execution
exploitdb·2000-03-24
CVE-2000-0109 Standard & Poors ComStock 4.2.4 - Command Execution
Standard & Poors ComStock 4.2.4 - Command Execution
---
source: https://www.securityfocus.com/bid/1080/info
Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In addition, it contains numerous accounts with weak, or nonexistent passwords.
The ComStock MultiCSP machine is intended to provide a realtime stock quote stream. It runs a proprietary service called 'mcsp' to provide this service. These machines acquire their data via a leased line, or other dedicated data connection. They used reserved address space. However, no attempt is made to prevent these ComStock machines from being used to compromise other machines on the private n
Exploit-DB
Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow
exploitdb·2000-03-16
CVE-2000-0239 Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow
Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow
---
source: https://www.securityfocus.com/bid/1056/info
WebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser.
Insufficient boundary checking exists in the code which handles GET requests, specifically on port 1080. Issuing a GET request containing a string of over 1000 characters on port 1080 will cause the WebView WebMail-Client application to crash.
eg.
http: //target/&mail_user=
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19810-1.exe
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19810-2.zip
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=97318797630246&w=2http://proquake.ai.mit.edu/http://www.securityfocus.com/bid/1900https://exchange.xforce.ibmcloud.com/vulnerabilities/5527http://marc.info/?l=bugtraq&m=97318797630246&w=2http://proquake.ai.mit.edu/http://www.securityfocus.com/bid/1900https://exchange.xforce.ibmcloud.com/vulnerabilities/5527
2000-11-01
Published