Microsoft Windows Server Service code execution exploit that takes advantage of the vulnerability listed in MS08-067.
43b4b06abdc9d1dc848be3b0b2df235bd5a1c33ca656f9b08764ada9e5b5ab7eAdobe Reader Javascript printf buffer overflow exploit that binds a shell to port 4444.
1e213062186279cdaf0882da17b2e65180dd814cce5f690ea88450c1f8b75c9cMultiple CRLF injection aka HTTP response splitting vulnerabilities have been identified in Google AdWords which may be exploited to inject arbitrary HTTP headers.
062562a8590bce4277ad7237fb661cbe785c2f43af14a6b3863075554454d6bdShop-Script suffers from multiple HTTP response splitting vulnerabilities. POC included.
6d26cc8e33feba6e5ec461f5967a7deebc9b5bd0abb14de790021141377573fbMalicious Flash files with explicit java scripts can be embedded within Excel spreadsheets using a "Shockwave Flash Object" which can be made to run once the file is opened by the user.
5a7270e94904c8f983d1492db68f75bb9c93b353ea280930959f3a68958cfd1fFirefox version 1.5.0.3 with IE Tab version 1.0.9 on Windows XP/2k suffers from a null pointer dereference bug.
cc0015c8a3dbf991cbe4abdd828b84520776ba42c305e028b8812cb6094baab5Google reader is supposed to display only those contents which the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using google reader service) to view unwanted web contents carrying malicious payloads.
7b5cfc8166efe4aad445c202f3c534911b697134b00dbe62e5e065872e8c800aw3wp remote DoS exploit due to improper reference of STA COM components in ASP.NET.
012bbb7a3a8e236db1320cbab6d721129dda52a8403343cea4180f2a6ff96e14It is possible to DOS the IIS Worker Process (w3wp) due to improper reference of STA COM components in ASP.NET. POC Exploit included.
08835ab51fb255d6fe3eb1745d1e532f650748175084efc2259cda056de558dcGoogle reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
b1be74e59c96822e90d0d4e5c97dcb26b009d8564d84704e647d8be123188fd9PHPMyChat version 0.14.5 is susceptible to an authentication bypass flaw.
e21132e09686aa0b1fa8aa1535049e3fbce72cb2a85077b7d8d03ec406b83041Zone Alarm products with Advance Program Control or OS Firewall Technology enabled, detects and blocks almost all APIs which are commonly used by malicious programs to send data via http by piggybacking over other trusted programs. However, it is still possible for a malicious programs to make outbound connections to the evil site by piggybacking over trusted Internet browser using "HTML Modal Dialog" in conjunction with simple JavaScript. POC code provided.
6a46a2572af3dd1abd885d847dcf1d1d546bfc278f44b84cfbce2a5e7a3651ebThis proof of concept explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running a pirated copy of Windows XP.
f0ce619089e25cac5ce67e00f1bbdd6bcafd35a9367e9e68693cf0d792c122b2Write up discussing a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.
0bf50c337ec9fbe542418f18b4fc538ccfdf1b3d1c5af837b01094ce509c4dddWhen IE is configured to access internet using proxy, the user's authentication details are cached locally without IE prompting the user. Even though the 'save my password' option is not checked, the user's proxy authentication details are cached locally without the user's knowledge.
0afdaa1201b34beaf9de9a6ea3a190f4c9ef2424ffe6f9567f5212528e587cb3Methods exist to allow for Microsoft ISA authentication bypass when the server is configured as a proxy.
20d67b32faeaa9d4c6a6633a67f0bc202a0ca8b8aa5ad2d7669d258aff6babcc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed