Published: 13/06/2014 Updated: 02/09/2015

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in Kolibri 2.0 allows remote malicious users to execute arbitrary code via a long URI in a GET request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
senkas kolibri 2.0

Senkas Kolibri WebServer version 20 is vulnerable to remote code execution via an overly long POST request Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the application's binary itself, which once executed, will allow the attacker to execute his/her payload located in the H ...

#!/usr/bin/python # Exploit Title : Kolibri WebServer 20 Get Request SEH Exploit # Exploit Author : Revin Hadi S # Date : 14/07/2014 # Vendor : wwwsenkascom # Version : 20 # Tested on : Windows XP SP2 Eng, Windows Server 2003 Eng, Win 7 SP1 Eng import socket, sys help = """Kolibri WebServer 20 Get Request SEH Exploit Target [1] ...

#!/usr/bin/python # Exploit Title: Kolibri GET request Stack buffer Overflow # Date: 25 April 2014 # Exploit Author: Christian (Polunchis) Ramirez intrusionlabsorg # Vendor Homepage: wwwsenkascom/kolibri/downloadphp # Version: Kolibri 20 # Tested on: Windows XP SP3, Spanish # Thanks:To my wife for putting up with my possessi ...

CWE-119 http://osvdb.org/show/osvdb/70808 http://www.exploit-db.com/exploits/33027 http://packetstormsecurity.com/files/126332/Kolibri-2.0-Stack-Buffer-Overflow.html http://www.exploit-db.com/exploits/34059 http://osvdb.org/show/osvdb/108090 http://www.securityfocus.com/bid/68195 https://nvd.nist.gov https://packetstormsecurity.com/files/127912/Senkas-Kolibri-WebServer-2.0-Buffer-Overflow.html https://www.exploit-db.com/exploits/34059/

CVE-2014-4158

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect