exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files from Thor Larholm

Email addressprivate
First Active2002-05-20
Last Active2007-07-26
View User Profile
mozillaprotocolabuse.zip
Posted Jul 26, 2007
Authored by Thor Larholm | Site larholm.com

The Mozilla application platform currently has an unpatched input validation flaw which allows you to specify arbitrary command line arguments to any registered URL protocol handler process. Thunderbird version 2.0.0.5 fixes this. Full exploits included.

tags | exploit, arbitrary, protocol
SHA-256 | b87dd83511bb3193b27560787656bb08cbc129eb12d1eb43241e8ff546fbf7fb
ie-protocol.txt
Posted Jul 11, 2007
Authored by Thor Larholm

There is a URL protocol handler command injection vulnerability in Internet Explorer for Windows that allows you to execute shell commands with arbitrary arguments. This vulnerability can be triggered without user interaction simply by visiting a webpage.

tags | advisory, arbitrary, shell, protocol
systems | windows
SHA-256 | 97817c440ccad36fa887930439c3bdaf4a4453e3d8bf7987f58f1e95ea0330a9
safari-windows.txt
Posted Jun 13, 2007
Authored by Thor Larholm

Safari 3 for Windows beta remote command execution proof of concept exploit.

tags | exploit, remote, proof of concept
systems | windows
SHA-256 | 9a4308881a1a075b2196e199766d0f712a4c0161fa63fc94e0ea6dd4af3e7b95
phpmail.txt
Posted Jun 13, 2007
Authored by Thor Larholm

PHPMailer as included with applications such as WordPress, Mantis, etc, suffers from a remote command execution vulnerability.

tags | advisory, remote
SHA-256 | f2c609d930657cbbc333da78bb6360b7c18eb1bb0cdb23b91c07449ca9511476
firefox-traverse.txt
Posted Jun 7, 2007
Authored by Thor Larholm

The directory traversal fix in Firefox version 2.0.0.4 only partially fixed the flaw and accidentally circumvents an existing input validation check.

tags | advisory, file inclusion
SHA-256 | 4ad3e4fcce8b9bfb38e0e28040599ebf2b9642a4772941a3340a59feac189edf
thorISA.txt
Posted Jul 18, 2003
Authored by Thor Larholm

The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.

tags | advisory, xss
SHA-256 | 28d4e09c66a69895f688844fb1bccd3d2a1a91ee3d29b78564222eda4b3156f0
isaxss.txt
Posted Jul 18, 2003
Authored by Thor Larholm, Brett Moore SA | Site security-assessment.com

The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.

tags | advisory, xss
SHA-256 | 051076503bc72c2b87f59aeb4ad73074c982cd00eb77cfd9f35afb69941adc65
tl004.txt
Posted Oct 4, 2002
Authored by Thor Larholm | Site PivX.com

Thor Larholm security advisory TL#004 - Microsoft Windows 98 through XP contains an overflow in the Windows Help facility which allows arbitrary code execution. Denial of service exploit information included. Demonstration available here.

tags | denial of service, overflow, arbitrary, code execution
systems | windows
SHA-256 | bea9be97470c7487053026c3e2c1f3610d8ef2897d9cfc633dcf350e2450936c
ie.css.txt
Posted May 20, 2002
Authored by Thor Larholm | Site jscript.dk

IE 6sp1 for Windows 2000 and 98 has bugs in the showModalDialog and showModelessDialog methods of displaying dialog boxes which can be used to execute arbitrary commands. Most unpatched IE and Outook installations are vulnerable. Online demonstration exploit MS02-023, but IE 5.5 and 5.0 are still vulnerable.

tags | exploit, arbitrary
systems | windows
SHA-256 | adc13976e792486d71a781d3724cb4456937c63b31fb36bdbe418a967f248f48
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close