exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files from Paul Craig

Email addresspaul.craig at security-assessment.com
First Active2004-08-12
Last Active2010-07-27
Hyleos ChemView ActiveX Control Stack Buffer Overflow
Posted Jul 27, 2010
Authored by Paul Craig, jduck, Dz_attacker | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2010-0679
MD5 | ba64d10e2eab24164863d5807b3b8829
Microsoft Help Files (.CHM) Locked File Bypass
Posted Jun 25, 2010
Authored by Paul Craig | Site security-assessment.com

Microsoft Help Files (.CHM) suffer from a locked file bypass.

tags | advisory, bypass
MD5 | f8ae4902131c75802c40a7a3197fc5c0
Skype URI Handler Input Validation
Posted Mar 11, 2010
Authored by Paul Craig | Site security-assessment.com

Skype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution.

tags | exploit, remote
MD5 | 0a20a3178c435cdde8c2ce8645f77c7b
ChemviewX ActiveX 1.9.5 Stack Overflows
Posted Feb 12, 2010
Authored by Paul Craig | Site security-assessment.com

ChemviewX version 1.9.5 suffers from stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 22de27c9aee08f5ae2809f12bef4f87e
adobe-heap.txt
Posted Oct 16, 2008
Authored by Paul Craig | Site security-assessment.com

During analysis of the SWF file format used by commercial Flash authoring applications multiple heap overflows were discovered within Adobe Flash CS3 Professional, and Adobe Flash MX 2004.

tags | advisory, overflow
MD5 | fcce1ca4b7c42d64566164c020e47a86
cart32-download.txt
Posted Oct 5, 2007
Authored by Paul Craig | Site security-assessment.com

Cart32 versions 6.3 and below suffer from an arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | cce806581647e183818feed3cb1f26f2
dotnet-nullbyte.txt
Posted Jul 11, 2007
Authored by Paul Craig | Site security-assessment.com

The .NET framework suffers from multiple null byte injection vulnerabilities.

tags | exploit, vulnerability
MD5 | a1e4e1151ebf71dac732358f284fd5b7
tipping-bypass.txt
Posted Jul 11, 2007
Authored by Paul Craig | Site security-assessment.com

During security analysis of the Tippingpoint IPS product a signature evasion vulnerability was discovered. The use of specific Unicode characters on particular web servers allows a remote user to bypass IPS detection. TippingPoint IPS running TOS versions 2.1 and 2.2.0 through 2.2.4 are affected.

tags | advisory, remote, web, bypass
MD5 | b75f7017f9550e4dfe22e1b71c777f55
easymail.txt
Posted Feb 16, 2007
Authored by Paul Craig | Site security-assessment.com

EasyMail Objects version 6.5 suffers from a connect method stack overflow vulnerability.

tags | advisory, overflow
MD5 | 42312e8a0f02a0562d27b6a7dfe8f2bf
CodeScanLabs_AvatarMod.txt
Posted May 22, 2006
Authored by Paul Craig

The Avatar MOD gives portal administrators the ability to upload avatar images to be used within the forum. CodeScan located a file upload vulnerability in the avatar_upload.asp which can be exploited by a remote user to upload any arbitrary file. Affected is Avatar MOD versions 1.3 for Snitz Forums version 3.4.

tags | advisory, remote, arbitrary, asp, file upload
MD5 | 5daf0932a8ea7d902524b62c1129c010
Rockliffe.txt
Posted Oct 30, 2005
Authored by Paul Craig | Site security-assessment.com

During an audit of a client, Security-Assessment.com discovered multiple critical vulnerabilities within the RockLiffe MailSite Express WebMail software. The vulnerabilities include the retrieval of arbitrary files from the web server, and bypassing attachment validation routines allowing for remote code execution. Exploitation details included. All versions of RockLiffe MailSite Express WebMail prior to version 6.1.22 are affected.

tags | exploit, remote, web, arbitrary, vulnerability, code execution
MD5 | 3ff38e4d684180018f4aebab2106f220
glftpd.txt
Posted Feb 25, 2005
Authored by Paul Craig | Site pimp-industries.com

glftpd versions 1.26 to 2.00 suffer from directory traversal and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
MD5 | e6685a1998d98ad585272396985d6fe6
pimpremote.txt
Posted Dec 12, 2004
Authored by Paul Craig

Remote Execute version 2.30 is susceptible to denial of service after receiving seven connections.

tags | advisory, remote, denial of service
MD5 | 7d9d209e155ca1c1b21d3c732ccb9de9
MailWorks.txt
Posted Sep 9, 2004
Authored by Paul Craig

MailWorks Pro has a rather trivial session check that is easily bypassed within a cookie. The exploit allows an attacker to have full control over the administration section, without the need to authenticate and allowing the attacker to spoof the admin user functions.

tags | exploit, spoof
MD5 | 55988d7a3dd349776846061e35aca3f2
HexView Security Advisory 0811-20-04.1
Posted Aug 12, 2004
Authored by HexView, Thomas Ryan, Paul Craig

BlackIce Server Protect versions 3.6cno and below from Internet Security Systems installs a firewall ruleset that can be removed or modified by any trusted or local unprivileged user.

tags | advisory, local
MD5 | 0eef793b3c7c3fea0a7027ca07b5e177
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close