exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files from Matthew Murphy

First Active2002-08-31
Last Active2006-04-29
IE-UserInterface.txt
Posted Apr 29, 2006
Authored by Matthew Murphy | Site student.missouristate.edu

Microsoft Internet Explorer suffers from a potential user interaction race in its handling of security dialogs. As a result, it may be possible for a malicious web site to install software on a visiting system or take other actions that may compromise the privacy or the security of the visitor.

tags | advisory, web
SHA-256 | 2e80f78b30be81e611a091caa94ab96e849742fa4ccfafa6ca94c1f6bd9cb89f
ietest.html.txt
Posted Apr 28, 2006
Authored by Matthew Murphy

POC for the Internet Explorer Modal Dialog Issue: A malicious user could create content that would request the user to click an object or press a sequence of keys. By delivering a security prompt during this process, the site could subvert the prompting and obtain permission for actions that were not necessarily authorized.

tags | exploit
SHA-256 | 37b851304649abe9415c7b7d8d0de6665b6c40ea7e57d02ef76eb6162b600e0a
wmp_overflow.htm.txt
Posted Feb 26, 2006
Authored by Matthew Murphy

Microsoft Windows Media Player 10 Plug-In EMBED overflow universal exploit that makes use of the flaw discussed in MS06-006.

tags | exploit, overflow
systems | windows
SHA-256 | 2773662b377c0c196a0104ce112087de801337f51b5949420cc9fc8330f312a6
wmp-profiteer.zip
Posted Feb 26, 2006
Authored by Matthew Murphy

Exploit for the Windows Media Player vulnerabilities discussed in MS06-006. Written in Perl.

tags | exploit, perl, vulnerability
systems | windows
SHA-256 | bb7d11bbd0b5d375eb88156ba7c14a48802c78cd9b354a8fddc33c3472cc07b2
NTFSinfo.txt
Posted Jul 1, 2005
Authored by Matthew Murphy

An error in Microsoft Windows NTFS driver code causes the file system to incorrectly assign disk blocks to files before they have been initialized. Following a recovery from a system shutdown, uninitialized data may be visible in files from previously allocated disk blocks.

tags | advisory
systems | windows
SHA-256 | 19a6813bec80b15a790ba4bf91503c452214f0dd11e222e2104658130b26d1f5
monit.txt
Posted Apr 5, 2004
Authored by Matthew Murphy

Monit versions 4.2 and below have two basic authentication flaws that allow for a remote denial of service and a buffer overflow that can lead to arbitrary code execution. An off-by-one vulnerability also exists with POST requests.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
SHA-256 | 810840b17572800a7f7b3a1a0f1869203058b4950c0967687cd2f0ee5da4baf4
badblue052003.txt
Posted May 23, 2003
Authored by Matthew Murphy

BadBlue web server versions 2.2 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The engine attempts to restrict access to non-html files by requiring that 'ht' be the first letters of the target file's extension, and also requiring that requests to access '.hts' files are submitted by 127.0.0.1 and contain a proper 'Referer' header. This security feature is accomplished with a simple binary replace of the first two characters of the file extension. The two security checks are performed in an incorrect order, meaning that the first security check can inadvertently bypass the latter.

tags | exploit, remote, web
SHA-256 | f852c3fef86aa05736d86e2685e0f3081337c1845300cb0286f034f7f66f44f0
eserv-mem.txt
Posted May 12, 2003
Authored by Matthew Murphy

eServ's connection handling routine contains a memory leak that may be exploited to cause the eServ daemon to become unavailable. After several thousand successful connections, memory use on the system becomes exceedingly high, resulting in a denial of service.

tags | exploit, denial of service, memory leak
SHA-256 | d2f4390109435ee36d5dc375522685bfd5454f284c2857c2ce225b3a35457ead
ANHTTPd.txt
Posted Apr 22, 2003
Authored by Matthew Murphy

AN HTTPd versions 1.42h and prior ships with a script called count.pl which allows remote attackers to use a directory traversal attack to overwrite the contents of files on the system.

tags | exploit, remote
SHA-256 | a74b48909192b5c91b042611f88dcec0fb0d56626236be2a2851014e83d805c1
mod_ntlm.txt
Posted Apr 21, 2003
Authored by Matthew Murphy

mod_ntlm is the Apache module for versions 1.3 and 2.0 which gives Apache the ability to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. The log() function contains two remotely exploitable vulnerabilities. Both a heap overflow and an incorrect call to ap_log_rerror() allow for arbitrary code execution.

tags | exploit, overflow, arbitrary, vulnerability, code execution
SHA-256 | 802cd05c619e98126a7d5192a17c55f423eeb343fb55248fd94b28417e566c3d
monkeyHTTPd.txt
Posted Apr 21, 2003
Authored by Matthew Murphy

The Monkey HTTPd v0.6.1 web server is vulnerable to a remote buffer overflow in the handling of forms submitted with the POST request method. The unchecked buffer lies in the PostMethod() procedure.

tags | exploit, remote, web, overflow
SHA-256 | 0301f75e2783269edb2b7a6fa9c640c16ea311a21771c827602cb320b112c4d0
badblue.txt
Posted Apr 21, 2003
Authored by Matthew Murphy

BadBlue web server versions 2.15 and below have a vulnerability that allows remote attackers to gain administrative control of a server. The ext.dll that allows pages parsing with the LoadPage command attempts to prevent remote users from accessing .hts pages by checking the 'referer' HTTP header of requests, and also verifying that all requests for .hts pages originate from 127.0.0.1 (the loopback). By appending certain illegal characters to the requested filename, it is possible to cause BadBlue to interpret .hts files from a remote system, thereby yielding administrative control of the server to the attacker.

tags | exploit, remote, web
SHA-256 | 7c9fcc98b57a0be0b7411ecaa6864241a66336a2bf516c6147bd84a47cdcbafb
XPracecondition.txt
Posted Apr 21, 2003
Authored by Matthew Murphy

A race condition exists in Windows XP Service Control Manager Service Shutdown Mechanism when a service shutdown is not correctly completed in a desired time period. Normal users can access open files which may end up with randomly cached data that could contain restricted data. Microsoft has not announce any plans to backport a patch but has announced that this issue will be addressed in Windows Server 2003.

tags | advisory
systems | windows
SHA-256 | 41a02ad828c3ebc0dc61cce406afdab9e7375f885ee18abb77135abf5f1365c2
Apache 2.x Memory Leak
Posted Apr 9, 2003
Authored by Matthew Murphy

Apache 2.x memory leak proof of concept exploit.

tags | exploit, proof of concept, memory leak
SHA-256 | d4fbe74bb18c6e0f994d19cdb1e82f8a0689fa3ca218b404294e09b094809d44
acFreeProxy.txt
Posted Nov 25, 2002
Authored by Matthew Murphy

acFreeProxy (aka "acfp") is an HTTP/1.x proxy for Microsoft Windows that generates error pages when unable to reach a destination host. The results of the error page do not have any input validation leaving it vulnerable to cross-site scripting attacks.

tags | web, xss
systems | windows
SHA-256 | b73cb37d7003a95b03e17334931602a4021c36c50e68d3f36d09ad572bddca2d
zerooexploit.txt
Posted Nov 24, 2002
Authored by Matthew Murphy

Zeroo HTTPd server remote command execution exploit. Based on advisory by InetCop.

tags | exploit, remote
SHA-256 | 5fe342e390df430cbaf5f6ff02493e0c6a4b87aee4b723dd0bd56fe633aef058
liteserve.txt
Posted Nov 17, 2002
Authored by Matthew Murphy

A vulnerability in the LiteServe combination server for Win32 exists in that the handling of filenames on Win32 platforms may reveal the code of a desired CGI script to an attacker. Windows handles file names with the period character (0x2E) on the end as if the character had been removed. LiteServe fails to compensate for this behavior, and is vulnerable to a simple CGI disclosure attack.

tags | exploit, cgi
systems | windows
SHA-256 | 2c3ca28c00d0930e2a9c6fbc4f72dc74895e351d73e4de6f97aa89bb5230a2ad
keyfocus.txt
Posted Nov 15, 2002
Authored by Matthew Murphy

The KeyFocus Web server, a Win32 HTTP server with web administration, contains a flaw that enables attackers to traverse above the webroot in the directory structure. Only files with recognized MIME types can be compromised as there are internal defenses by the server that disallow retrieval of other files.

tags | exploit, web
systems | windows
SHA-256 | dc22d736a755b10bd7c27a85bf36efee3c7f89158ea10d7ed13173909498eafa
idefense.solarwinds.txt
Posted Oct 25, 2002
Authored by David Endler, Matthew Murphy | Site idefense.com

iDEFENSE Security Advisory 10.24.02 - The Solarwinds TFTP server v5.0.55 and below contains a directory traversal bug which allows remote users to download any file on the system.

tags | remote
SHA-256 | a7a4ff629f7e930a627e2df7c2e09b6d40a316d099e31b0a622bdad02850eb20
apache-2-xss.txt
Posted Oct 2, 2002
Authored by Matthew Murphy

The Apache servers prior to 2.0.43 insecurely include the value of the 'Host:' header field, received from a connected client, into the SSI error pages. This can be abused for remote cross-site scripting. Apache 1.3.x servers are not affected.

tags | remote, xss
SHA-256 | d50f05528a29fbb5a05af733fd529fd69f45701adeb8c86c64d8718b418adecd
FactoSystem.txt
Posted Aug 31, 2002
Authored by Matthew Murphy

Multiple SQL injection vulnerabilities exist in the FactoSystem Content Management System that may allow an attacker to introduce instructions into an SQL query. The vulnerabilities exist because the script fails to verify the validity of numeric data or fails to properly escape certain control characters in strings. Example URL's included. IIS 4.0 or later with ASP enabled and FactoSystem CMS is vulnerable.

tags | vulnerability, sql injection, asp
SHA-256 | ee36de64eb584a076aeb54df0ade130381a6b183754d96a8f8b501bcb9428882
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close