CVE-2006-1999
published 2006-04-25CVE-2006-1999: The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
9.15%
94.7th percentile
The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openttd | openttd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
exploitdb·2017-12-13·CVSS 7.8
CVE-2017-1000409 [HIGH] GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
---
Qualys Security Advisory
Buffer overflow in glibc's ld.so
Contents
Summary
Memory Leak
Buffer Overflow
Exploitation
Acknowledgments
Summary
We have discovered a memory leak and a buffer overflow in the dynamic
loader (ld.so) of the GNU C Library (glibc):
- the memory leak (CVE-2017-1000408) first appeared in glibc 2.1.1
(released on May 24, 1999) and can be reached and amplified through
the LD_HWCAP_MASK environment variable;
- the buffer overflow (CVE-2017-1000409) first appeared in glibc 2.5
(released on September 29, 2006) and can be triggered through the
LD_LIBRARY_PATH environment variable.
Further investigation showed that:
- the buffer overflow is not exploitable if
/proc/sys/fs/protected_hardl
Exploit-DB
CactuShop 6.0 - Database Disclosure
exploitdb·2009-12-26
CVE-2007-3061 CactuShop 6.0 - Database Disclosure
CactuShop 6.0 - Database Disclosure
---
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
/_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
[�] ~ Note : Forever RevengeHack.Com
[�] CactuShop v6 Database Disclosure Vulnerability
[�] Script: [ CactuShop v6 ]
[�] Language: [ ASP ]
[�] Download: [ http://www.aspindir.com/Goster/3114]
[�] Founder: [ LionTurk - [email protected] }
[�] My Home: [ RevengeHack.com ]
[�]N0T3 : Yeni Ac�klar�m� Bekleyin
###########################################################################
===[ Exploit And Dork ]===
[�] http://[target].com/[path]/database/cactushop6.mdb
[�] CactuShop v6 ASP Shopping Cart �1999-2006 Cactusoft International FZ-LLC & Cactusoft Ltd. All rights reserved.
[�
Exploit-DB
Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)
exploitdb·2006-11-01
CVE-2006-5710 Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)
Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)
---
# A proof-of-concept exploit has been added to the Metasploit Framework 3.0 source tree:
# msf > use auxiliary/dos/wireless/daringphucball
require 'msf/core'
module Msf
class Auxiliary::Dos::Wireless::DaringPhucball 'Apple Airport 802.11 Probe Response Kernel Memory Corruption',
'Description' => %q{
The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs)
is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning
mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading
to arbitrary code execution. This vulnerability is triggered when a probe response frame is received
that does not c
Exploit-DB
Solaris 8/9 - '/usr/ucb/ps' Local Information Leak
exploitdb·2006-08-22
CVE-1999-1587 Solaris 8/9 - '/usr/ucb/ps' Local Information Leak
Solaris 8/9 - '/usr/ucb/ps' Local Information Leak
---
#!/bin/sh
#
# $Id: raptor_ucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $
#
# raptor_ucbps - information leak with Solaris /usr/ucb/ps
# Copyright (c) 2006 Marco Ivaldi
#
# A security vulnerability in the "/usr/ucb/ps" (see ps(1B)) command may allow
# unprivileged local users the ability to see environment variables and their
# values for processes which belong to other users (Sun Alert ID: 102215).
#
# Absolutely nothing fancy, but it may turn out to be useful;)
#
# Usage:
# $ chmod +x raptor_ucbps
# $ ./raptor_ucbps
# [...]
#
# Vulnerable platforms (SPARC):
# Solaris 8 without patch 109023-05 [tested]
# Solaris 9 without patch 120240-01 [tested]
#
# Vulnerable platforms (x86):
# Solaris 8 without patch 109024-05 [untested]
# Solaris
Exploit-DB
OpenTTD 0.4.7 - Multiple Vulnerabilities
exploitdb·2006-04-23
CVE-2006-1999 OpenTTD 0.4.7 - Multiple Vulnerabilities
OpenTTD 0.4.7 - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: OpenTTD
http://www.openttd.org
Versions: <= 0.4.7
Platforms: Windows, *nix, *BSD, Mac and others
Bugs: A] program termination through big error number
B] broadcast clients disconnection in multiplayer menu
Exploitation: A] remote, versus server and client (in-game)
B] remote, versus clients (broadcast)
Date: 23 Apr 2006
Author: Luigi Auriemma
e-mail: [email protected]
web: http://aluigi.altervista.org
#######################################################################
Backup: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1709.zip (04232006-openttdx.zip)
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/openttdx-adv.txthttp://secunia.com/advisories/19768http://secunia.com/advisories/21799http://security.gentoo.org/glsa/glsa-200609-03.xmlhttp://www.securityfocus.com/archive/1/431871/100/0/threadedhttp://www.securityfocus.com/bid/17661http://www.vupen.com/english/advisories/2006/1480https://exchange.xforce.ibmcloud.com/vulnerabilities/26004http://aluigi.altervista.org/adv/openttdx-adv.txthttp://secunia.com/advisories/19768http://secunia.com/advisories/21799http://security.gentoo.org/glsa/glsa-200609-03.xmlhttp://www.securityfocus.com/archive/1/431871/100/0/threadedhttp://www.securityfocus.com/bid/17661http://www.vupen.com/english/advisories/2006/1480https://exchange.xforce.ibmcloud.com/vulnerabilities/26004
2006-04-25
Published