exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files from Mitja Kolsek

Email addressmitja.kolsek at acros.si
First Active2002-12-20
Last Active2018-09-10
How We Micropatched A Publicly Dropped 0day In Task Scheduler
Posted Sep 10, 2018
Authored by Mitja Kolsek

Whitepaper called How We Micropatched A Publicly Dropped 0day In Task Scheduler.

tags | paper
MD5 | 391792ec5cdae832b6dbcc61506e6758
COM Server-Based Binary Planting Proof Of Concept
Posted Jun 2, 2011
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

Proof of concept exploit for the COM server-based binary planting presentation given at Hack in the Box in Amsterdam.

tags | exploit, proof of concept
MD5 | 59c56fdde0a97b62758bced24db7c097
ACROS Security Problem Report 2011-02-11-1
Posted Feb 11, 2011
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2011-02-11-1 - A binary planting vulnerability in Adobe Reader allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
advisories | CVE-2011-0562
MD5 | e9a34d79b3a4ba8c215b3e624ca14e8b
Microsoft Visual Studio Binary Planting
Posted Oct 27, 2010
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

Microsoft Visual Studio can automatically make an application binary planting-positive (i.e., vulnerable) even when the developer makes no programming errors.

tags | advisory
MD5 | 8eda94301bba3ffef1d835c36283a4fd
ACROS Security Problem Report 2010-08-18.1
Posted Aug 19, 2010
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2010-08-18-1 - A "binary planting" vulnerability in Apple iTunes for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows, apple
MD5 | beaf2efd4b1f9c820129b1239660c781
ACROS Security Problem Report 2010-04-12.1
Posted Apr 14, 2010
Authored by Mitja Kolsek, ACROS Security, Jure Skofic | Site acrossecurity.com

ACROS Security Problem Report #2010-04-12-1 - A "binary planting" vulnerability in VMware Tools for Windows allows local or remote (possibly Internet-based) attackers to deploy and execute malicious code on virtual Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
MD5 | 3abe7dacb0d79ee1c2f8e026e3ea8f70
ACROS Security Problem Report 2010-04-12.2
Posted Apr 14, 2010
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2010-04-12-2 - A "binary planting" vulnerability in VMware Tools for Windows allows a local non-administrative attacker, under certain circumstances, to execute a malicious executable on virtual Windows machines in the context of logged- on users.

tags | advisory, local
systems | windows
MD5 | d14bd142dde588469aa74f987b83d2b5
ASPR-2008-03-11-1.txt
Posted Mar 13, 2008
Authored by Mitja Kolsek, Sasa Kos | Site acrossecurity.com

A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible.

tags | advisory
MD5 | 1c0c907c128f61e7c8b5352956944985
ASPR-2008-03-11-2.txt
Posted Mar 13, 2008
Authored by Mitja Kolsek | Site acrossecurity.com

A session fixation vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible.

tags | advisory
MD5 | dd858b117867e564a338f0a8acb59c59
ACROS Security Problem Report 2005-05-24.1
Posted Aug 14, 2005
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

WebLogic Server and WebLogic Express, Service Pack 4, are susceptible to cross site scripting flaws.

tags | advisory, xss
MD5 | 208e2f623253d371e0238c3d437fff6c
ACROS Security Problem Report 2005-05-24.2
Posted Aug 14, 2005
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

WebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.

tags | advisory
MD5 | 453ae908c04a7f7f048b987720552cfe
ACROS Security Problem Report 2004-10-14.2
Posted Oct 26, 2004
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2004-10-14-2 - A session fixation vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.

tags | advisory
systems | windows
MD5 | 00349a041db157bf33730c09d6483463
ACROS Security Problem Report 2004-10-14.1
Posted Oct 26, 2004
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2004-10-14-1 - An HTML injection vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions using cross site scripting. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.

tags | advisory, xss
systems | windows
MD5 | 4c1cbc2e092094e137278585bb4198a5
ACROS Security Problem Report 2004-10-14.3
Posted Oct 26, 2004
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2004-10-14-3 - An HTTP response splitting vulnerability exists in JRun server session management. It allows an attacker to issue an arbitrary HTTP header or HTTP body to a browser. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.

tags | advisory, web, arbitrary
systems | windows
MD5 | 4034313ea82759129500af4f2e09535f
ACROS Security Problem Report 2004-10-13.1
Posted Oct 24, 2004
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

ACROS Security Problem Report #2004-10-13-1 - The public report released discussing the poisoning of cached HTTPS documents in Internet Explorer including workarounds and mitigating factors.

tags | advisory, web
advisories | CVE-2004-0845
MD5 | 399a25027718d6b6c0210452ba5f5762
ms04-038.html
Posted Oct 24, 2004
Authored by Mitja Kolsek, John Heasman, Greg Jones | Site microsoft.com

Microsoft Security Advisory MS04-038 - Multiple Internet Explorer vulnerabilities have been patched by Microsoft. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

tags | advisory, vulnerability
advisories | CVE-2004-0842, CVE-2004-0727, CVE-2004-0216, CVE-2004-0839, CVE-2004-0844, CVE-2004-0843, CVE-2004-0841, CVE-2004-0845
MD5 | fa0e1c35065f1d72138fac2cdb0a7cdd
session_fixation.pdf
Posted Dec 20, 2002
Authored by Mitja Kolsek | Site acros.si

Session Fixation Vulnerability in Web-based Applications - Many web-based applications employ some kind of session management to create a user friendly environment. Sessions are stored on a server and associated with respective users by sessions identifiers (IDs). Naturally session IDs present an attractive target for attackers, who, by obtaining them, effectively hijack users' identities. Knowing that, web servers are employing techniques for protecting session IDs from three classes of attacks: interception, prediction, and brute force attacks. This paper reveals a fourth class of session attacks against session IDs: session fixation attacks.

tags | paper, web
MD5 | 80bd06d5c1a4f566c2b657c9f9726f5a
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close