what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Paul Craig

Email addresspaul.craig at security-assessment.com
First Active2004-08-12
Last Active2010-07-27
Hyleos ChemView ActiveX Control Stack Buffer Overflow
Posted Jul 27, 2010
Authored by Paul Craig, jduck, Dz_attacker | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-0679
SHA-256 | e26ab2a5222c307d647627ec82c5fdecaea972d112ff93a4e71a4e9cde863488
Microsoft Help Files (.CHM) Locked File Bypass
Posted Jun 25, 2010
Authored by Paul Craig | Site security-assessment.com

Microsoft Help Files (.CHM) suffer from a locked file bypass.

tags | advisory, bypass
SHA-256 | e45ae5c040766c61df1363f0e608f8404279405777a1070311e610d6b520e0ef
Skype URI Handler Input Validation
Posted Mar 11, 2010
Authored by Paul Craig | Site security-assessment.com

Skype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution.

tags | exploit, remote
SHA-256 | faa86373432c9b156df0c665dcd6633b96c306a1b1b24a4aa08c75976837f5d5
ChemviewX ActiveX 1.9.5 Stack Overflows
Posted Feb 12, 2010
Authored by Paul Craig | Site security-assessment.com

ChemviewX version 1.9.5 suffers from stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | ca82c5689b3fa4412c7a1d5b7159dbe3f9996a36784faa16aa7d5ddaf73b3f21
adobe-heap.txt
Posted Oct 16, 2008
Authored by Paul Craig | Site security-assessment.com

During analysis of the SWF file format used by commercial Flash authoring applications multiple heap overflows were discovered within Adobe Flash CS3 Professional, and Adobe Flash MX 2004.

tags | advisory, overflow
SHA-256 | 56a2664716d1651c7e415eb610e83d73e19e05199ff32e942afdd32b1d66364f
cart32-download.txt
Posted Oct 5, 2007
Authored by Paul Craig | Site security-assessment.com

Cart32 versions 6.3 and below suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
SHA-256 | a92fa9402089256f28b31d6407f2dce1d7e435f93e1b897eed66b1ed6d626af2
dotnet-nullbyte.txt
Posted Jul 11, 2007
Authored by Paul Craig | Site security-assessment.com

The .NET framework suffers from multiple null byte injection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 863f8db0275fbdb8a2657456d78b3f55bfe1293b30c14456c22a025f81c903cd
tipping-bypass.txt
Posted Jul 11, 2007
Authored by Paul Craig | Site security-assessment.com

During security analysis of the Tippingpoint IPS product a signature evasion vulnerability was discovered. The use of specific Unicode characters on particular web servers allows a remote user to bypass IPS detection. TippingPoint IPS running TOS versions 2.1 and 2.2.0 through 2.2.4 are affected.

tags | advisory, remote, web, bypass
SHA-256 | 6f096c7d1575ccab140fb5d74534f518a3bf2d699a01ead2f75f0a29ba1ec679
easymail.txt
Posted Feb 16, 2007
Authored by Paul Craig | Site security-assessment.com

EasyMail Objects version 6.5 suffers from a connect method stack overflow vulnerability.

tags | advisory, overflow
SHA-256 | f573d37e07c602c516381fe5e8f22f92ea915fb7a9c88d07897c6da53200efff
CodeScanLabs_AvatarMod.txt
Posted May 22, 2006
Authored by Paul Craig

The Avatar MOD gives portal administrators the ability to upload avatar images to be used within the forum. CodeScan located a file upload vulnerability in the avatar_upload.asp which can be exploited by a remote user to upload any arbitrary file. Affected is Avatar MOD versions 1.3 for Snitz Forums version 3.4.

tags | advisory, remote, arbitrary, asp, file upload
SHA-256 | 2eb62ab93715f9d4ee641a79883e816bcfc429ad114f94872a12317cca26fde8
Rockliffe.txt
Posted Oct 30, 2005
Authored by Paul Craig | Site security-assessment.com

During an audit of a client, Security-Assessment.com discovered multiple critical vulnerabilities within the RockLiffe MailSite Express WebMail software. The vulnerabilities include the retrieval of arbitrary files from the web server, and bypassing attachment validation routines allowing for remote code execution. Exploitation details included. All versions of RockLiffe MailSite Express WebMail prior to version 6.1.22 are affected.

tags | exploit, remote, web, arbitrary, vulnerability, code execution
SHA-256 | 620b1bc3c58fa84fa86dd64e75b2c243efc3431f8bb6eb7c5bd361422269be97
glftpd.txt
Posted Feb 25, 2005
Authored by Paul Craig | Site pimp-industries.com

glftpd versions 1.26 to 2.00 suffer from directory traversal and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 110718097e5a28b9268a6032bf6f96515d6bdfd15d196ff2016190c1161b2bf3
pimpremote.txt
Posted Dec 12, 2004
Authored by Paul Craig

Remote Execute version 2.30 is susceptible to denial of service after receiving seven connections.

tags | advisory, remote, denial of service
SHA-256 | 49ee6e5ceb0bc99d32ba6587548c39a6ffe58de8d31d3b37d1503dc17b3dea83
MailWorks.txt
Posted Sep 9, 2004
Authored by Paul Craig

MailWorks Pro has a rather trivial session check that is easily bypassed within a cookie. The exploit allows an attacker to have full control over the administration section, without the need to authenticate and allowing the attacker to spoof the admin user functions.

tags | exploit, spoof
SHA-256 | 64f806d87188174506bf5d339c345a68c771bfbe066bd831ff2d52d093ddbc90
HexView Security Advisory 0811-20-04.1
Posted Aug 12, 2004
Authored by HexView, Thomas Ryan, Paul Craig

BlackIce Server Protect versions 3.6cno and below from Internet Security Systems installs a firewall ruleset that can be removed or modified by any trusted or local unprivileged user.

tags | advisory, local
SHA-256 | f4772cb504ab957ef7193a8d03b9130f45c9592b768c32a0241b609c051209a1
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close