what you don't know can hurt you
Showing 1 - 25 of 39 RSS Feed

Files from Mark Litchfield

Email addressmark at ngssoftware.com
First Active2000-05-17
Last Active2014-02-22
Google XXE Injection
Posted Feb 22, 2014
Authored by Mark Litchfield | Site securatary.com

Google's public data explorer suffered from an XML external entity injection vulnerability.

tags | advisory, xxe
MD5 | b6eda7034168424c5cc31c890dccd8e7
eBay GoStoreGo Authentication Bypass
Posted Feb 12, 2014
Authored by Mark Litchfield | Site securatary.com

A privilege escalation vulnerability was discovered in gostorego.com that allowed a remote, unauthenticated attacker the ability to create an administrative user.

tags | advisory, remote, bypass
MD5 | 6479ee85e1d2d4fe470d65f13d71a9b4
Ektron CMS Account Hijacking
Posted Jan 30, 2014
Authored by Mark Litchfield | Site securatary.com

This whitepaper discusses how to perform a take over of the Ektron CMS. It demonstrates how to hijack the builtin and admin accounts.

tags | exploit
MD5 | 0856fe75f96c637a28b5646229e477c2
Sitecore XML Cross Site Scripting
Posted Jan 29, 2014
Authored by Mark Litchfield

Sitecore's special way of display XML controls allows for a cross site scripting attack.

tags | exploit, xss
MD5 | 8a1d6020303110b15116e663f27f4bd7
NGS-sapdb-stack.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP DB suffers from a web server stack overflow.

tags | advisory, web, overflow
MD5 | c823ea29d081276a258e94ba91c12010
NGS-icm-dos.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP Internet Communication Manager suffers from a denial of service vulnerability.

tags | advisory, denial of service
MD5 | e3f4853040c4be709e26414e2dbf44df
NGS-sapmes-heap.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP Message Server suffers from a heap overflow vulnerability.

tags | exploit, overflow
MD5 | 72db16bfa2209f429848a0d5b5240971
NGS-sapigs-xssheap.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP Internet Graphics Server suffers from a cross site scripting vulnerability and a heap overflow vulnerability.

tags | exploit, overflow, xss
MD5 | 8a8ab41bdc4c3616dd7b721a26f9e1ef
NGS-enjoysap-stack.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

EnjoySAP, the SAP GUI for Windows, suffers from a stack overflow vulnerability.

tags | exploit, overflow
systems | windows
MD5 | 7858e6d835ccdceaaaa9e721ce70d344
NGS-enjoysap-heap.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

EnjoySAP, the SAP GUI for Windows, suffers from a heap overflow vulnerability.

tags | exploit, overflow
systems | windows
MD5 | 8253022f79fe526d2c8b63ed60a3d7d8
SYM07-002.txt
Posted Feb 24, 2007
Authored by Mark Litchfield | Site symantec.com

Symantec Security Advisory SYM07-002 - Vulnerabilities were identified in third-party trouble-shooting ActiveX controls, developed by SupportSoft, www.supportsoft.com. Two of these controls were signed, shipped and installed with the identified versions of Symantec's consumer products and as part of the Symantec Automated Support Assistant support tool. The vulnerability identified in the Symantec shipped controls could potentially result in a stack overflow requiring user interaction to exploit. If successfully exploited this vulnerability could potentially compromise a user's system possibly allowing execution of arbitrary code or unauthorized access to system assets with the permissions of the user's browser.

tags | advisory, overflow, arbitrary, vulnerability, activex
advisories | CVE-2006-6490
MD5 | ef738e6cc836e4b569b9df1624c54701
NGS-traversal.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

Oracle 10g R2 Enterprise Manager suffers from a classic directory traversal flaw. Details provided.

tags | exploit, file inclusion
MD5 | 0c5b1958a382b2b56a78fd3ccad8e0f0
NGS00401.txt
Posted Feb 1, 2007
Authored by Mark Litchfield, John Heasman | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote resource exhaustion vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause LGSERVER.EXE to write very large files to the system disk. In addition, the LGSERVER.EXE process becomes unresponsive until the file has been written.

tags | advisory, remote, tcp
MD5 | f96044c51bcb9897bf083cf6eebbb52b
NGS00402.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote denial of service vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause the process to terminate.

tags | advisory, remote, denial of service, tcp
MD5 | 865b0f8edf04493798df6cd6397e3b54
NGS00403.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote c ode execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 1900, it is possible to cause a stack overflow that allows arbitrary code execution as Local System.

tags | advisory, remote, overflow, arbitrary, local, tcp, code execution
MD5 | bb9d6d34d81c344270cf41343b5ab20a
NGS00404.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote code execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to execute arbitrary code as SYSTEM on a Windows Platform.

tags | advisory, remote, arbitrary, tcp, code execution
systems | windows
MD5 | b7f57a2008ba7f24d464595979b82415
sybase-ase.txt
Posted Apr 17, 2005
Authored by Mark Litchfield, Chris Anley, Sherief Hammad | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Sybase ASE versions prior to 12.5.3 ESD#1 suffer from multiple buffer overflows and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
MD5 | 1392d5ea3050f7066d79e8fec0f1e656
realHeap.txt
Posted Mar 3, 2005
Authored by Mark Litchfield | Site ngssoftware.com

Various versions of Realplayer are susceptible to a heap overflow vulnerability in the .WAV file format when being opened. Under Windows, the following versions are affected: RealPlayer 10.5 (6.0.12.1056 and below), RealPlayer 10, RealOne Player V2, RealOne Player V1, RealPlayer 8, RealPlayer Enterprise. Under Linux, the following versions are affected: RealPlayer 10 (10.0.0.2 and below), Helix Player.

tags | advisory, overflow
systems | linux, windows
MD5 | dd6093f2a24f68d4270f967975b7a600
athoc-01full.txt
Posted Jan 22, 2005
Authored by Mark Litchfield, John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Multiple vulnerabilities have been discovered in the AtHoc toolbar which can allow remote code execution through Internet Explorer when browsing to a specially crafted webpage.

tags | advisory, remote, vulnerability, code execution
MD5 | 62679db7da76b3863a3d74fff2664639
Next Generation Security Advisory 223122004K
Posted Dec 31, 2004
Authored by Mark Litchfield, NGSSoftware | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004J - IBM's DB2 database server contains a function, rec2xml, used to format a string in XML. This function suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.

tags | advisory, overflow
MD5 | 8131309f4210d2ed68cd045c14a04b82
realr3t.txt
Posted Apr 7, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR17042004 - By crafting malformed .R3T file it is possible to cause a stack based overruns in RealPlayer / RealOne Player. By forcing a browser to a website containing such a file, code could be executed on the target machine running in the context of the logged on user, alternatively the end user would be required to open the .R3T file as a mail attachment. Systems Affected: RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and RealPlayer Enterprise (all versions, stand-alone and as configured by the RealPlayer Enterprise Manager).

tags | advisory, overflow
systems | windows
MD5 | 8a44b94ceef060ecc84da83319fa44ed
nisrce.txt
Posted Mar 19, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR19042004b - Symantec's Norton Internet Security 2004 Professional makes use of an ActiveX component that is marked safe for scripting, particularly WrapUM.dll. Using the LaunchURL method an attacker has the ability to force the browser to run arbitrary executables on the target.

tags | advisory, arbitrary, activex
MD5 | 463931f265ad4a0daff86e14957d6f76
antispam.txt
Posted Mar 19, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR19042004a - Installed with Symantec's Norton AntiSpam 2004 product is an ActiveX component that is marked safe for scripting, particularly symspam.dll. However, when the method LaunchCustomRuleWizard is called with an overly long parameter, an attacker can cause a stack based overflow allowing for arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution, activex
MD5 | a351a8120d24537eb9f59f6ae9e60f6c
NGSrealone.txt
Posted Feb 5, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR04022004a - By crafting malformed .RP, .RT, .RAM, .RPM or .SMIL file, it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player.

tags | advisory, overflow
MD5 | 0d5f21938ce0d94310e6cd768dad55e2
sybase.txt
Posted Dec 15, 2003
Authored by Mark Litchfield, Sherief Hammad, Rob Horton | Site ngssoftware.com

Sybase Adaptive Server Anywhere v9.0.0, the relational database at the core of SQL Anywhere Studio 8 contains over 50 vulnerabilities including format string overflows, buffer overflows, and denial of service conditions. Fix available here.

tags | advisory, denial of service, overflow, vulnerability
MD5 | ccf2d70529b44d3c0360904cc678eac0
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    7 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close