Twenty Year Anniversary
Showing 1 - 25 of 42 RSS Feed

Files from Peter Winter-Smith

Email addresspeter at ngssoftware.com
First Active2003-05-15
Last Active2013-01-18
NVidia Display Driver Buffer Overflow
Posted Jan 18, 2013
Authored by Peter Winter-Smith, Sean de Regge

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.

tags | exploit, remote, overflow
systems | windows
MD5 | 09a2cbba01d4f77458184d45199aab55
NVidia Display Driver Buffer Overflow
Posted Dec 27, 2012
Authored by Peter Winter-Smith

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.

tags | exploit, remote, overflow
systems | windows
MD5 | 1be277706130b299d5676cf85ee08c9e
NGS-ad.txt
Posted Jul 12, 2007
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware has discovered a low risk vulnerability in Active Directory which can allow an unauthenticated user to cause a denial of service condition on any affected system.

tags | advisory, denial of service
MD5 | eca80fa6cf0664aee3fd00b9720dc2cb
ngs-pgp.txt
Posted Jan 27, 2007
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware has discovered a medium risk vulnerability in PGP Desktop versions prior to 9.5.1 which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.

tags | advisory, remote, arbitrary
MD5 | 241330362f1a75aea36240a564a5fc2c
rasman.txt
Posted Jun 15, 2006
Authored by Peter Winter-Smith | Site nextgenss.com

Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in the Microsoft Windows Remote Access Connection Manager (RASMAN) service which (under certain versions of the OS) can allow a remote, anonymous attacker to gain complete control over a vulnerable system.

tags | advisory, remote
systems | windows
MD5 | 0166eb830dc1f396dcf4fb1f31431818
lsoftLISTSERV.txt
Posted Mar 6, 2006
Authored by Peter Winter-Smith | Site ngssoftware.com

Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a critical risk rating.

tags | advisory, vulnerability
MD5 | ec1f4e19483f5759a966abf900bbb886
lexmark.txt
Posted Feb 8, 2006
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware has discovered a high risk vulnerability in the Lexmark Printer Sharing service which could allow a remote, unauthenticated attacker to execute arbitrary code on a Lexmark printer user's computer system with Local System privileges. A workaround is included in the advisory.

tags | advisory, remote, arbitrary, local
MD5 | fbae06f8de8f7f05db51a23123ae4a1d
msinsengfull.txt
Posted Jan 22, 2005
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - All versions of Microsoft Windows, with Microsoft Internet Explorer, come packaged with the Microsoft Active Setup/Install Engine components. These components are marked as safe for scripting and can be invoked by default from any basic web-page. The Install Engine control has been found to be vulnerable to an integer overflow, leading to a heap based buffer overflow which could allow an attacker to run arbitrary code on a vulnerable system through a specially crafted web-page or through a specially crafted HTML email if scripting is enabled.

tags | advisory, web, overflow, arbitrary
systems | windows
MD5 | 54bc91c85d92058a966b89e0ffbbcbdd
ms04-027.html
Posted Sep 15, 2004
Authored by Peter Winter-Smith | Site microsoft.com

Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2004-0573
MD5 | 94f577f5c4461e2fd07ed3dec3763a05
Secunia Security Advisory 12529
Posted Sep 15, 2004
Authored by Peter Winter-Smith, Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability exists in various Microsoft Office products, which can be exploited by malicious people to compromise a user's system. A boundary error within the WordPerfect Converter can be exploited to cause a buffer overflow if a user opens a malicious document. Successful exploitation may allow execution of arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
MD5 | 670e9a6719615b16494f3f23cce9d8be
mstaskjob.txt
Posted Jul 14, 2004
Authored by Peter Winter-Smith | Site ngssoftware.com

Microsoft Windows Task Scheduler is vulnerable to a stack-based buffer overflow. The flaw can be exploited by creating a specially-crafted .job file. This will most frequently be a local exploit, but it is possible to imagine some cases where this could be remotely exploited as well.

tags | advisory, overflow, local
systems | windows
MD5 | cfafc6e92727b06c8186984f6f610665
wildtangent.txt
Posted May 28, 2004
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR27052004 - It is possible to cause a number of buffer overruns within the WildTangent WTHoster and Web Driver modules via any method that takes a filename as a parameter. Version 4.0 tested and others are possibly affected.

tags | advisory, web, overflow
MD5 | f074d3174ebc046ce09221657b72178a
winampheap.txt
Posted Apr 5, 2004
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR05042004 - Due to a lack of boundary checking within the code responsible for loading Fasttracker 2 (.xm) mod media files by the Winamp media plug-in in_mod.dll, it is possible to make Winamp overwrite arbitrary heap memory and reliably cause an access violation within the ntdll.RtlAllocateHeap() function. When properly exploited this allows an attacker to write any value to a memory location of their choosing. In doing so, the attacker can gain control of Winamp's flow of execution to run arbitrary code. This code will run in the security context of the logged on user.

tags | advisory, arbitrary
MD5 | 5a6e44b142eb18625eed1a3655c56317
thepalace.txt
Posted Feb 8, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Palace chat software versions 3.5 and below are susceptible to a stack overflow client-side when accessing hyperlinks.

tags | advisory, overflow
MD5 | 0479f730c38734b20aa54062f0fa4ac0
webxdos.txt
Posted Feb 3, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Web Crossing versions 4.x and 5.x have a denial of service vulnerability. When an HTTP POST request is made to the built-in server, if the 'Content-Length' header supplied with the request is an extremely large or negative number, the server will encounter a set of instructions which lead to an integer-divide-by-zero problem, immediately crashing the server and denying any further service.

tags | exploit, web, denial of service
MD5 | 3a89a2b8bd018e1a6cac5560739325b1
proxyNow2x.txt
Posted Jan 27, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

ProxyNow! versions 2.75 and below are susceptible to both heap memory corruption and stack-based buffer overflows. Exploitation of these vulnerabilities can lead to a denial of service and/or code execution with SYSTEM privileges. Detailed analysis and exploit included.

tags | exploit, denial of service, overflow, vulnerability, code execution
MD5 | 56a50454322d1252538d57d7ca7db26e
rapidcache.txt
Posted Jan 15, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

RapidCache versions 2.2.6 and below suffer from denial of service and directory traversal bugs.

tags | exploit, denial of service
MD5 | 9ec67f2bde13bce339f49f1bd384b38f
windows.ftp.server.txt
Posted Jan 9, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

The Windows FTP Server is a small free third party ftp server which contains a format string vulnerability in v1.6.1 and below.

tags | advisory
systems | windows
MD5 | 279f460bb70cb08f92a777935f164bc4
wcwdpoc.pl
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Webcam Watchdog version 3.63 and below remote exploit that makes use of a stack based buffer overflow in Watchdog's HTTP GET request functionality.

tags | exploit, remote, web, overflow
MD5 | d099f8a6a5e29e45f9af1393f25bb0d1
webcamwatchdog.txt
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Webcam Watchdog version 3.63 and below is vulnerable to a remotely exploitable stack based buffer overflow which can be triggered via an overly long HTTP GET request. Full detailed analysis of the vulnerability is given.

tags | advisory, web, overflow
MD5 | ab8534a516cb7f8c6cac460451b4de8a
msgbox.asm
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

MessageBoxA Shellcode.

tags | shellcode
MD5 | f9040c70bb6f235c9afa1e2766ba823e
switchoff.txt
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Switch Off versions 2.3 and below suffer from a denial of service vulnerability and a stack-based buffer overflow in the message parameter of the application that may allow a remote attacker the ability to gain SYSTEM privileges.

tags | advisory, remote, denial of service, overflow
MD5 | b340ea10c36da09785dfc2bd04752ff9
netobserve.txt
Posted Dec 31, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

NetObserve versions 2.0 and below suffer from a severe security bypass flaw that will enable remote attackers to gain administrative privileges and execute arbitrary code on the server.

tags | exploit, remote, arbitrary
MD5 | 2bd139ff34e8256e5aee6cfc5963c5e9
vampiric.asm
Posted Dec 25, 2003
Authored by Peter Winter-Smith

Vampiric Shellcode - Url Download + Execute for Win32. Vampiric shellcode links to system DLL's so create shellcode that works on many different service packs, more information here.

tags | shellcode
systems | windows
MD5 | f29989ef8b0aca1f8d3c4f18240b1e42
projectforum.txt
Posted Dec 23, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

A fault lies in ProjectForum versions 8.4.2.1 and below that allow an attacker the ability to cause the server application 'projectforum.exe' to crash and stop responding to requests from clients. This can be triggered by sending an overly long 'find' request string to the server in question.

tags | exploit
MD5 | d343ce102b631366e79d2489a662a593
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close