exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 42 RSS Feed

Files from Peter Winter-Smith

Email addresspeter at ngssoftware.com
First Active2003-05-15
Last Active2013-01-18
NVidia Display Driver Buffer Overflow
Posted Jan 18, 2013
Authored by Peter Winter-Smith, Sean de Regge

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.

tags | exploit, remote, overflow
systems | windows
SHA-256 | 824e71b2ccad1dc6738764ed7ad37c509efaedb2901fd0a0583430d31a361995
NVidia Display Driver Buffer Overflow
Posted Dec 27, 2012
Authored by Peter Winter-Smith

This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability.

tags | exploit, remote, overflow
systems | windows
SHA-256 | a93753892580d6dad44444623d6355d154269fccaba04b2dcab06daf83d116a5
NGS-ad.txt
Posted Jul 12, 2007
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware has discovered a low risk vulnerability in Active Directory which can allow an unauthenticated user to cause a denial of service condition on any affected system.

tags | advisory, denial of service
SHA-256 | 8b913d51a0f479f8ae2e362accd80b6bc07755dabb6524a56dcba5c502ec56be
ngs-pgp.txt
Posted Jan 27, 2007
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware has discovered a medium risk vulnerability in PGP Desktop versions prior to 9.5.1 which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.

tags | advisory, remote, arbitrary
SHA-256 | 5061c9fe73a58597f1bf1e699331bbcdc95539889e7c38b2915728e608977c3c
rasman.txt
Posted Jun 15, 2006
Authored by Peter Winter-Smith | Site nextgenss.com

Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in the Microsoft Windows Remote Access Connection Manager (RASMAN) service which (under certain versions of the OS) can allow a remote, anonymous attacker to gain complete control over a vulnerable system.

tags | advisory, remote
systems | windows
SHA-256 | ce666f7ac90d12808bb6374e61c4e98e95f0a4b83af01d5cda10c9d11a769958
lsoftLISTSERV.txt
Posted Mar 6, 2006
Authored by Peter Winter-Smith | Site ngssoftware.com

Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a critical risk rating.

tags | advisory, vulnerability
SHA-256 | 8fa935e14ccd0ecf29d1f5d3d0a445c092c5f2850e266c78c1b8e99b698370f7
lexmark.txt
Posted Feb 8, 2006
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware has discovered a high risk vulnerability in the Lexmark Printer Sharing service which could allow a remote, unauthenticated attacker to execute arbitrary code on a Lexmark printer user's computer system with Local System privileges. A workaround is included in the advisory.

tags | advisory, remote, arbitrary, local
SHA-256 | 17c2a0cb655fbe259348176d404b85e1491d9c102c09b66f0487118c56e74bbc
msinsengfull.txt
Posted Jan 22, 2005
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - All versions of Microsoft Windows, with Microsoft Internet Explorer, come packaged with the Microsoft Active Setup/Install Engine components. These components are marked as safe for scripting and can be invoked by default from any basic web-page. The Install Engine control has been found to be vulnerable to an integer overflow, leading to a heap based buffer overflow which could allow an attacker to run arbitrary code on a vulnerable system through a specially crafted web-page or through a specially crafted HTML email if scripting is enabled.

tags | advisory, web, overflow, arbitrary
systems | windows
SHA-256 | d9a90dc6d979b15bba061d46b49298b04958b6f90ae6a35aadb861dcce281d1e
ms04-027.html
Posted Sep 15, 2004
Authored by Peter Winter-Smith | Site microsoft.com

Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2004-0573
SHA-256 | 66e855df17de149765d7724cc2f3b2514f160cbf62a98e1bbaa3980790cdec12
Secunia Security Advisory 12529
Posted Sep 15, 2004
Authored by Peter Winter-Smith, Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability exists in various Microsoft Office products, which can be exploited by malicious people to compromise a user's system. A boundary error within the WordPerfect Converter can be exploited to cause a buffer overflow if a user opens a malicious document. Successful exploitation may allow execution of arbitrary code with the user's privileges.

tags | advisory, overflow, arbitrary
SHA-256 | 916bddee1b7e0d79ca2c6dd5d0037e96fb779055d3ed5a09840bdce4b20dff21
mstaskjob.txt
Posted Jul 14, 2004
Authored by Peter Winter-Smith | Site ngssoftware.com

Microsoft Windows Task Scheduler is vulnerable to a stack-based buffer overflow. The flaw can be exploited by creating a specially-crafted .job file. This will most frequently be a local exploit, but it is possible to imagine some cases where this could be remotely exploited as well.

tags | advisory, overflow, local
systems | windows
SHA-256 | 8a91f17d4a2fd2983c074e04a451428f0f826e5f1059013c4a6a38db1aee67e2
wildtangent.txt
Posted May 28, 2004
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR27052004 - It is possible to cause a number of buffer overruns within the WildTangent WTHoster and Web Driver modules via any method that takes a filename as a parameter. Version 4.0 tested and others are possibly affected.

tags | advisory, web, overflow
SHA-256 | 1fd4a6d0da967ff355c42ac21d6118964e275521cf330235468cd3d7fe398cc5
winampheap.txt
Posted Apr 5, 2004
Authored by Peter Winter-Smith | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory #NISR05042004 - Due to a lack of boundary checking within the code responsible for loading Fasttracker 2 (.xm) mod media files by the Winamp media plug-in in_mod.dll, it is possible to make Winamp overwrite arbitrary heap memory and reliably cause an access violation within the ntdll.RtlAllocateHeap() function. When properly exploited this allows an attacker to write any value to a memory location of their choosing. In doing so, the attacker can gain control of Winamp's flow of execution to run arbitrary code. This code will run in the security context of the logged on user.

tags | advisory, arbitrary
SHA-256 | f19369974724e97b0e10b88bb80392f6506e21880ffcc74b92f2f54c0d616991
thepalace.txt
Posted Feb 8, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Palace chat software versions 3.5 and below are susceptible to a stack overflow client-side when accessing hyperlinks.

tags | advisory, overflow
SHA-256 | 6b59705371a6f396bf8cd5763612bbfe1c4172c46ed1a2384433e4941833b2fb
webxdos.txt
Posted Feb 3, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Web Crossing versions 4.x and 5.x have a denial of service vulnerability. When an HTTP POST request is made to the built-in server, if the 'Content-Length' header supplied with the request is an extremely large or negative number, the server will encounter a set of instructions which lead to an integer-divide-by-zero problem, immediately crashing the server and denying any further service.

tags | exploit, web, denial of service
SHA-256 | a4cb26465dde1aa7db4e37e9bae87f085ad4ccdeb6c14a77fa125516a33bbbd6
proxyNow2x.txt
Posted Jan 27, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

ProxyNow! versions 2.75 and below are susceptible to both heap memory corruption and stack-based buffer overflows. Exploitation of these vulnerabilities can lead to a denial of service and/or code execution with SYSTEM privileges. Detailed analysis and exploit included.

tags | exploit, denial of service, overflow, vulnerability, code execution
SHA-256 | befbd5bf13e3b6d7dc791bb61f8d8476b36082b54e5da32d7a8aa177d07afba7
rapidcache.txt
Posted Jan 15, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

RapidCache versions 2.2.6 and below suffer from denial of service and directory traversal bugs.

tags | exploit, denial of service
SHA-256 | 9e8235a36daf36f0ef225186bf427d9237e751f7245e744d783a418c71e1d0f5
windows.ftp.server.txt
Posted Jan 9, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

The Windows FTP Server is a small free third party ftp server which contains a format string vulnerability in v1.6.1 and below.

tags | advisory
systems | windows
SHA-256 | 2039204c5b39559e9e823c8993dc86c4a3cc6f900672113b8b81cad3cfec257c
wcwdpoc.pl
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Webcam Watchdog version 3.63 and below remote exploit that makes use of a stack based buffer overflow in Watchdog's HTTP GET request functionality.

tags | exploit, remote, web, overflow
SHA-256 | f3ca05278d3188c23c65faba7db68c687aa6c2e8b31ccf73cee194eebe35d3f4
webcamwatchdog.txt
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Webcam Watchdog version 3.63 and below is vulnerable to a remotely exploitable stack based buffer overflow which can be triggered via an overly long HTTP GET request. Full detailed analysis of the vulnerability is given.

tags | advisory, web, overflow
SHA-256 | 34ec3b6aeb6958e021532b1ec31ba27920f2b0f383ccc1a21f79f4b6fae76fad
msgbox.asm
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

MessageBoxA Shellcode.

tags | shellcode
SHA-256 | 909dad5e4fc6e727d617c894593b75aec4856199ece1f66f6baab8a2831e987b
switchoff.txt
Posted Jan 5, 2004
Authored by Peter Winter-Smith | Site elitehaven.net

Switch Off versions 2.3 and below suffer from a denial of service vulnerability and a stack-based buffer overflow in the message parameter of the application that may allow a remote attacker the ability to gain SYSTEM privileges.

tags | advisory, remote, denial of service, overflow
SHA-256 | 59fe50b91ad162027a185b970c6995d4fd92e10ea3fac2df0d668fc177adbe9d
netobserve.txt
Posted Dec 31, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

NetObserve versions 2.0 and below suffer from a severe security bypass flaw that will enable remote attackers to gain administrative privileges and execute arbitrary code on the server.

tags | exploit, remote, arbitrary
SHA-256 | b897745bb11eafa79c57bfcf0f9d78141ba4c1217c23b19c7d2570c13e545f58
vampiric.asm
Posted Dec 25, 2003
Authored by Peter Winter-Smith

Vampiric Shellcode - Url Download + Execute for Win32. Vampiric shellcode links to system DLL's so create shellcode that works on many different service packs, more information here.

tags | shellcode
systems | windows
SHA-256 | 201361e794813ba49cea12713cc3fdc15fb0b13f46867a91505a6cd6886b717d
projectforum.txt
Posted Dec 23, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

A fault lies in ProjectForum versions 8.4.2.1 and below that allow an attacker the ability to cause the server application 'projectforum.exe' to crash and stop responding to requests from clients. This can be triggered by sending an overly long 'find' request string to the server in question.

tags | exploit
SHA-256 | 65f76484d200b45742b4b7e25e6f7fa7bc5718044f09aef7e4e55d17544ecfc7
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close