exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files from Brett Moore SA

First Active2003-06-29
Last Active2007-08-16
tlbinf32-exec.txt
Posted Aug 16, 2007
Authored by Brett Moore SA | Site security-assessment.com

The TypeLib Information object library, implemented in TlbInf32.dll, suffers from a code execution vulnerability.

tags | advisory, code execution
SHA-256 | e427ba1543206c21303e6311555a57d53749181577fe5dec7f3d533a7b88bb9b
mscbo-overflow.txt
Posted Feb 14, 2007
Authored by Brett Moore SA

Microsoft Interactive Training suffers from a buffer overflow vulnerability when accessing files with .cbo extensions.

tags | advisory, overflow
SHA-256 | ea92dd141ee858165b4262471ac6a3e5cdc1e188ccf30be4703e290ce93ca574
ps2003.txt
Posted Dec 21, 2006
Authored by Brett Moore SA

Microsoft Project Server 2003 suffers from a credential disclosure flaw.

tags | advisory
SHA-256 | fa2f2f3f3bb5a0c92a34f512db769d4e413bbac140300aea7fa40b9cc9ff0ddc
hyperaccess84.txt
Posted Dec 15, 2006
Authored by Brett Moore SA

Hyper Access version 8.4 suffers from multiple command execution vulnerabilities.

tags | advisory, vulnerability
SHA-256 | f80fc49dfe1d0c19441f024ce5707fa40f9889fac4146b376d88524c20396f30
iis51asp.txt
Posted Dec 15, 2006
Authored by Brett Moore SA

IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.

tags | advisory, shell, asp
SHA-256 | 5a7c990b18f1d8d2164f708100f81623d7bd6a8ef8350f992cd9f06143afe20a
sitekiosk-xss.txt
Posted Dec 15, 2006
Authored by Brett Moore SA | Site security-assessment.com

SiteKiosk versions below 6.5.150 suffer from a validation input flaw that allows for cross site scripting and arbitrary filesystem access.

tags | advisory, arbitrary, xss
SHA-256 | 9ea3f03a84207ff83790149a9ca0b630607738fb4f06654ce25f61c61a9518ee
coldfusionMX7.txt
Posted Dec 11, 2006
Authored by Brett Moore SA | Site security-assessment.com

ColdFusion MX7 suffers from path disclosure, internal IP address disclosure, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 55f86e7929a884f0b6dd3f764aaf710b98410a62ad57cf00d38bfc635592b514
aspdll.txt
Posted Jul 20, 2006
Authored by Brett Moore SA | Site security-assessment.com

A buffer overflow exists in ASP.DLL that can be exploited by creating a .asp file containing a parameter for the include SSI command. Software affected include IIS 5.0, 5.1, and 6.0.

tags | advisory, overflow, asp
SHA-256 | 15106fae66f1a64dd28018a095af362d82f101972557818a0a6c8f94dfd36787
skypeVuln.txt
Posted May 22, 2006
Authored by Brett Moore SA | Site security-assessment.com

During the typical installation of the Windows Skype client, several URI handlers are installed. This allows for easy access to the Skype client through various URI types. Due to a flaw in the handling of one of these types, it is possible to include additional command line switches to be passed to the Skype client. One of these switches will initiate a file transfer, sending the specified file to an arbitrary Skype user. All releases prior to and included 2.0.*.104 and releases 2.5.*.0 to and including 2.5.*.78 are affected.

tags | advisory, arbitrary
systems | windows
SHA-256 | fe8684d0edbac32afb8e4bff76ec9538762c80234c607c689d1420885cc275e9
WebArchiveX.dll5.5.0.76.txt
Posted Sep 7, 2005
Authored by Brett Moore SA | Site Security-Assessment.com

Prior to September 6th 2005, the activeX component would install and mark itself 'safe for scripting'. The component offers various methods that when instantiated by a malicious web site, can be used to read files from, or write files to the local computer.

tags | advisory, web, local, activex
SHA-256 | 205c2061f89ca6554517260bf21c4e9b70e17a80b61ff8f9dc384b72dfc2fa40
predebug1.c
Posted Apr 20, 2005
Authored by Brett Moore SA | Site security-assessment.com

Example predebug code execution exploit, demonstrating how programmers being loaded into debuggers can attack the machine running the debugger. Example showing simple command execution.

tags | exploit, code execution
SHA-256 | 76d7d2479d8d488badcb0576ec9f7d6ca96d0d10a0e52cd27298f200805cd49e
predebug2.c
Posted Apr 20, 2005
Authored by Brett Moore SA | Site security-assessment.com

Example predebug code execution exploit, demonstrating how programmers being loaded into debuggers can attack the machine running the debugger.

tags | exploit, code execution
SHA-256 | 33ca07cc4db8f94578af6e6aae40cf6f4c90465438674f0c1438b9825c9a1273
PreDebug.pdf
Posted Apr 18, 2005
Authored by Brett Moore SA | Site security-assessment.com

Bugger the Debugger is a whitepaper written by Brett Moore / Security Assessment describing how malicious code can be forced to run when a binary is loaded into a debugger / disassembler for analysis.

tags | paper
SHA-256 | 7851a9b8ea114b418d8c7b7f3062dfb64509d5da16aa5223a072c4f2c5333223
hyperterm.txt
Posted Dec 30, 2004
Authored by Brett Moore SA

A vulnerability in Microsoft HyperTerminal due to a boundary error in the handling of session files and telnet URLs can cause a buffer overflow by tricking a user into opening a malicious HyperTerminal session file (.ht) or clicking a specially crafted telnet URL in a malicious e-mail or on a website.

tags | advisory, overflow
SHA-256 | d5f48a0b9578759b5f20f38c3291107ddbb5f6e43f50da443fe60a814a424542
winamp505.txt
Posted Dec 11, 2004
Authored by Brett Moore SA | Site security-assessment.com

Detailed analysis and overview of the Winamp 5.05 vulnerability recently patched.

tags | advisory
SHA-256 | 0f5de7b9ebfaf2752d6409fddc9fe0ca060c3f20c2977f51e0bb33c53aa41958
secureCRTrce.txt
Posted Dec 11, 2004
Authored by Brett Moore SA | Site security-assessment.com

SecureCRT versions 4.1 and 4.0 suffer from flaws that allow for remote compromise due to links automatically launching the application.

tags | advisory, remote
SHA-256 | 23f493ba4fa09931d770c4c1e637bbc6b6dda5d8dd4f0c52a75179eeb017df5a
SecureCRT_Remote_Command_Execution.pdf
Posted Nov 24, 2004
Authored by Brett Moore SA | Site security-assessment.com

SecureCRT v4.1 and below contains a remotely exploitable command execution vulnerability. Patch available here.

tags | advisory
SHA-256 | 80795399469e1e338277c2f037190ee6918aae65b2a141bfe5ab27d0d50dbaf9
Winamp_IN_CDDA_Buffer_Overflow.pdf
Posted Nov 24, 2004
Authored by Brett Moore SA | Site security-assessment.com

A remotely exploitable stack overflow has been found in Winamp version 5.05 and below which allows malformed m3u playlists to execute arbitrary code. Fix available here.

tags | advisory, overflow, arbitrary
SHA-256 | 99d0d7a37a9704572d57022f0d3742f404776b272e3755e80703ceb58318934b
excelBOF.txt
Posted Oct 24, 2004
Authored by Brett Moore SA | Site security-assessment.com

When thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.

tags | advisory, overflow, vulnerability
advisories | CVE-2004-0846
SHA-256 | d3572a90acc842149e47149c8cbb247cdee198ab4f24cd4795627dd7cfba6637
SetWindowLong_Shatter_Attacks.pdf
Posted Oct 24, 2004
Authored by Brett Moore SA | Site security-assessment.com

This paper gives an example of the variety of shatter attack which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation.

tags | advisory, local
SHA-256 | b85c177e413daeba0b079bcf4270af5caa8ea90d4ca38f90165174415a48ef12
mstask.txt
Posted Jul 14, 2004
Authored by Brett Moore SA | Site security-assessment.com

A remote code execution vulnerability exists in the Task Scheduler (mstask.dll) because of an unchecked buffer. Affected Software: Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1.

tags | advisory, remote, code execution
systems | windows
advisories | CVE-2004-0212
SHA-256 | b178c0fb6e2cf5a365096e5e090fe21dc3fe55636e18842f57f2b7cdfc145164
HtmlHelpchm.txt
Posted Jul 14, 2004
Authored by Brett Moore SA | Site security-assessment.com

The HtmlHelp application (hh.exe) in Microsoft windows read a value from a .CHM file to set a length parameter. By setting this to a large value, it is possible to overwrite sections of the heap with attacker supplied values. Affected software includes: Microsoft Windows 98, 98SE, ME, Microsoft Windows NT 4.0, Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1, Microsoft Windows Server 2003.

tags | advisory
systems | windows
advisories | CVE-2004-0201
SHA-256 | ac7c55f929b9e971cc8376ae4bda17d5f164652d10bf394f6db55a9ddb4eacb6
0x00_vs_ASP_File_Uploads.pdf
Posted Jul 13, 2004
Authored by Brett Moore SA | Site security-assessment.com

White paper covering the topic of upload systems written in ASP. Many upload systems written in ASP suffer from a common problem whereby a NULL byte can be inserted into the filename parameter leading to any extension, after the null byte, being ignored when writing the file. This means that in some cases it is possible to bypass checks for valid extensions, even if one is appended by the application.

tags | paper, asp
SHA-256 | e3b3b4f30a2a0648c126c82e8737baf56f8691cabd9319b9cf8a4dd23890ba6f
listcombo.txt
Posted Oct 16, 2003
Authored by Brett Moore SA | Site security-assessment.com

Original research advisory for the Listbox And Combobox Control buffer overflows announced by Microsoft Advisory here. Affected Software: Microsoft Windows NT4.0, 2000, XP, and 2003.

tags | advisory, overflow
systems | windows
SHA-256 | afe2bc49b17ee13959bb70c510b9169e409491f6f6bef971239d00a18a2e3d4f
prockill.txt
Posted Oct 2, 2003
Authored by Brett Moore SA | Site security-assessment.com

Inside the PostThreadMessage API, any user of any security level can give a WM_QUIT message causing the process to terminate. Sample exploit code included.

tags | exploit
SHA-256 | dae92371caa61085fff77e818f7e1bd44af495374120d1706c46fb9deee38189
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close