exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files from Mark Litchfield

Email addressmark at ngssoftware.com
First Active2000-05-17
Last Active2014-02-22
Google XXE Injection
Posted Feb 22, 2014
Authored by Mark Litchfield | Site securatary.com

Google's public data explorer suffered from an XML external entity injection vulnerability.

tags | advisory, xxe
SHA-256 | f1f93b1a77eeff328b95a62faf8d24425b8847dd2d7576805d6e28322cdc50d6
eBay GoStoreGo Authentication Bypass
Posted Feb 12, 2014
Authored by Mark Litchfield | Site securatary.com

A privilege escalation vulnerability was discovered in gostorego.com that allowed a remote, unauthenticated attacker the ability to create an administrative user.

tags | advisory, remote, bypass
SHA-256 | fd4a8bf76717b3109d12eccb9649183d623437e3a934794546f17e7fd08872d2
Ektron CMS Account Hijacking
Posted Jan 30, 2014
Authored by Mark Litchfield | Site securatary.com

This whitepaper discusses how to perform a take over of the Ektron CMS. It demonstrates how to hijack the builtin and admin accounts.

tags | exploit
SHA-256 | 4051126d4a1554f5aa1a371e3823fe1746489da90272c4a0bd3f21fffb9a0ce0
Sitecore XML Cross Site Scripting
Posted Jan 29, 2014
Authored by Mark Litchfield

Sitecore's special way of display XML controls allows for a cross site scripting attack.

tags | exploit, xss
SHA-256 | 332c44062becbe780354571679bbca0e59d1468bef6e56ac13e0ebfa8d53931a
NGS-sapdb-stack.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP DB suffers from a web server stack overflow.

tags | advisory, web, overflow
SHA-256 | 0749c32ef0d9c060f3d5e24c3f8a13e4ffa2c55ae533dcc7bbbf4b19e62ae074
NGS-icm-dos.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP Internet Communication Manager suffers from a denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 3854d1251268dac04e302b6d8b502a6a84ac55220bf172bc4ddff70550560b3b
NGS-sapmes-heap.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP Message Server suffers from a heap overflow vulnerability.

tags | exploit, overflow
SHA-256 | f0067ae9b255a470a410cce57416f08c6a0878c3437509ae1415b1141910ec3c
NGS-sapigs-xssheap.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

The SAP Internet Graphics Server suffers from a cross site scripting vulnerability and a heap overflow vulnerability.

tags | exploit, overflow, xss
SHA-256 | 765df3e3026044a65328944f7a4494ae170aee42c1789d8a3707eb8de4989b7f
NGS-enjoysap-stack.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

EnjoySAP, the SAP GUI for Windows, suffers from a stack overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 64f5aa6fc4f12c13f5c5d24b6cdf2e92f8451f609f253bb3d31c002dfc2f0b5a
NGS-enjoysap-heap.txt
Posted Jul 7, 2007
Authored by Mark Litchfield | Site ngssoftware.com

EnjoySAP, the SAP GUI for Windows, suffers from a heap overflow vulnerability.

tags | exploit, overflow
systems | windows
SHA-256 | 142ff655dae0e4a77bdd173861a8fb4488b208319a8efec9fcfa5526c6ac2e33
SYM07-002.txt
Posted Feb 24, 2007
Authored by Mark Litchfield | Site symantec.com

Symantec Security Advisory SYM07-002 - Vulnerabilities were identified in third-party trouble-shooting ActiveX controls, developed by SupportSoft, www.supportsoft.com. Two of these controls were signed, shipped and installed with the identified versions of Symantec's consumer products and as part of the Symantec Automated Support Assistant support tool. The vulnerability identified in the Symantec shipped controls could potentially result in a stack overflow requiring user interaction to exploit. If successfully exploited this vulnerability could potentially compromise a user's system possibly allowing execution of arbitrary code or unauthorized access to system assets with the permissions of the user's browser.

tags | advisory, overflow, arbitrary, vulnerability, activex
advisories | CVE-2006-6490
SHA-256 | 6d8c791e06133fa8ef47db22bc1c4eced26f2df9a68bb88f0f840ec2843249d6
NGS-traversal.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

Oracle 10g R2 Enterprise Manager suffers from a classic directory traversal flaw. Details provided.

tags | exploit, file inclusion
SHA-256 | 7b239d813c0b71f35706e82ceb10a5685fed697cf244b62a9ea0ed16b798e32f
NGS00401.txt
Posted Feb 1, 2007
Authored by Mark Litchfield, John Heasman | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote resource exhaustion vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause LGSERVER.EXE to write very large files to the system disk. In addition, the LGSERVER.EXE process becomes unresponsive until the file has been written.

tags | advisory, remote, tcp
SHA-256 | 5e363b53e6622717f68088020395485bc3abf558e7989dfb9923e72982cf384e
NGS00402.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote denial of service vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause the process to terminate.

tags | advisory, remote, denial of service, tcp
SHA-256 | b2beae78b9dc5bc4bf16421bd8c3f8c7bbb339c861377bc711310256b5da4cd2
NGS00403.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote c ode execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 1900, it is possible to cause a stack overflow that allows arbitrary code execution as Local System.

tags | advisory, remote, overflow, arbitrary, local, tcp, code execution
SHA-256 | 93b42c48737208bb1775e556207027438baca25f161de47442e043e659a7b1e6
NGS00404.txt
Posted Feb 1, 2007
Authored by Mark Litchfield | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote code execution vulnerability. By sending a specially crafted packet to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to execute arbitrary code as SYSTEM on a Windows Platform.

tags | advisory, remote, arbitrary, tcp, code execution
systems | windows
SHA-256 | 474a498ff00370f5a46dd87ae7f9feeac3510fc1c6ca6e8ff022be0dc35ff0c6
sybase-ase.txt
Posted Apr 17, 2005
Authored by Mark Litchfield, Chris Anley, Sherief Hammad | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Sybase ASE versions prior to 12.5.3 ESD#1 suffer from multiple buffer overflows and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
SHA-256 | 8057a9b0c4794a5ecce8eb94c3a4e21b6ee749420f1666aa849c032a94346f39
realHeap.txt
Posted Mar 3, 2005
Authored by Mark Litchfield | Site ngssoftware.com

Various versions of Realplayer are susceptible to a heap overflow vulnerability in the .WAV file format when being opened. Under Windows, the following versions are affected: RealPlayer 10.5 (6.0.12.1056 and below), RealPlayer 10, RealOne Player V2, RealOne Player V1, RealPlayer 8, RealPlayer Enterprise. Under Linux, the following versions are affected: RealPlayer 10 (10.0.0.2 and below), Helix Player.

tags | advisory, overflow
systems | linux, windows
SHA-256 | 359c580e54c96a6991290df4135edc4fda022168df80da8721508a4c75bfe410
athoc-01full.txt
Posted Jan 22, 2005
Authored by Mark Litchfield, John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Multiple vulnerabilities have been discovered in the AtHoc toolbar which can allow remote code execution through Internet Explorer when browsing to a specially crafted webpage.

tags | advisory, remote, vulnerability, code execution
SHA-256 | 47bfb3702c540e74e290ac45de0ac6236c9dac1d8ea51d84b10c5a95b4edf519
Next Generation Security Advisory 223122004K
Posted Dec 31, 2004
Authored by Mark Litchfield, NGSSoftware | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR2122004J - IBM's DB2 database server contains a function, rec2xml, used to format a string in XML. This function suffers from a stack based buffer overflow vulnerability. Systems Affected: DB2 8.1/7.x.

tags | advisory, overflow
SHA-256 | b8613611d22ef6e27ef52155f6315c5d527c17d33199e9824cdca2fd21abca6f
realr3t.txt
Posted Apr 7, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR17042004 - By crafting malformed .R3T file it is possible to cause a stack based overruns in RealPlayer / RealOne Player. By forcing a browser to a website containing such a file, code could be executed on the target machine running in the context of the logged on user, alternatively the end user would be required to open the .R3T file as a mail attachment. Systems Affected: RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and RealPlayer Enterprise (all versions, stand-alone and as configured by the RealPlayer Enterprise Manager).

tags | advisory, overflow
systems | windows
SHA-256 | 6d743136e2278e3913a2b15ed69ed2788f1f4b991aaed8aef0dce1951f4208cf
nisrce.txt
Posted Mar 19, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR19042004b - Symantec's Norton Internet Security 2004 Professional makes use of an ActiveX component that is marked safe for scripting, particularly WrapUM.dll. Using the LaunchURL method an attacker has the ability to force the browser to run arbitrary executables on the target.

tags | advisory, arbitrary, activex
SHA-256 | 11d31d97538a7637add15397dc05b7907d588a0e9216c80ae9fa4a9502a8ba11
antispam.txt
Posted Mar 19, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR19042004a - Installed with Symantec's Norton AntiSpam 2004 product is an ActiveX component that is marked safe for scripting, particularly symspam.dll. However, when the method LaunchCustomRuleWizard is called with an overly long parameter, an attacker can cause a stack based overflow allowing for arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution, activex
SHA-256 | b73892705e2a76c1e0de0b2b6bf520d003b24ba8a85ea693d80dca4775212c39
NGSrealone.txt
Posted Feb 5, 2004
Authored by Mark Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR04022004a - By crafting malformed .RP, .RT, .RAM, .RPM or .SMIL file, it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player.

tags | advisory, overflow
SHA-256 | 08c196447e2192d2c612710832b2422a990dbc5bd70ac8d47941a572f399a72a
sybase.txt
Posted Dec 15, 2003
Authored by Mark Litchfield, Sherief Hammad, Rob Horton | Site ngssoftware.com

Sybase Adaptive Server Anywhere v9.0.0, the relational database at the core of SQL Anywhere Studio 8 contains over 50 vulnerabilities including format string overflows, buffer overflows, and denial of service conditions. Fix available here.

tags | advisory, denial of service, overflow, vulnerability
SHA-256 | 85b020d178f9754cbb630b420899e0a35ec15ff5fd3c3ba755e03d19390d2f14
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close