CVE-2004-0798

Related Files

Ipswitch WhatsUp Gold 8.03 Buffer Overflow

Posted Nov 26, 2009

Authored by MC | Site metasploit.com

This Metasploit module exploits a buffer overflow in IPswitch WhatsUp Gold 8.03. By posting a long string for the value of 'instancename' in the _maincfgret.cgi script an attacker can overflow a buffer and execute arbitrary code on the system.

tags | exploit, overflow, arbitrary, cgi

advisories | CVE-2004-0798

SHA-256 | 62eb863206132195a6a057fb1d894ec0ce16b0816953299778e3c89dca60d6d1

Download | Favorite | View

iDEFENSE Security Advisory 2004-08-25.t

Posted Aug 26, 2004

Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 08.25.04 - Remote exploitation of a buffer overflow vulnerability in Ipswitch Inc.'s WhatsUp Gold allows attackers to execute arbitrary code under the privileges of the user that instantiated the application. The problem specifically exists in the _maincfgret.cgi script accessible through the web server installed by WhatsUp Gold. By posting a long string for the value of 'instancename', a buffer overflow occurs allowing an attacker to redirect the flow of control and eventually execute arbitrary code. Fixed in version 8.03 Hotfix 1.

tags | advisory, remote, web, overflow, arbitrary, cgi

advisories | CVE-2004-0798

SHA-256 | 0ea91303c6cef00a91d278839e653ac5d8f44462a6f9b9b03560ebc10458660d

Download | Favorite | View