exploit the possibilities
Showing 1 - 25 of 30 RSS Feed

Files from Aviv Raff

Email addressavivra at gmail.com
First Active2005-03-25
Last Active2009-11-26
Internet Explorer VML Fill Method Code Execution
Posted Nov 26, 2009
Authored by H D Moore, Aviv Raff, Trirat Puttaraksa, Mr.Niega, M. Shirk | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.

tags | exploit, overflow, code execution
systems | windows, 2k, xp
advisories | CVE-2006-4868
MD5 | 715a26e332ef319bc61f812179780008
Opera historysearch XSS
Posted Oct 27, 2009
Authored by Aviv Raff, Roberto Suggi Liverani

Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.

tags | exploit, arbitrary
advisories | CVE-2008-4696
MD5 | b217cb641cbc6f7e36e3f249a2a4cc1e
Mozilla Firefox Code Execution
Posted Oct 27, 2009
Authored by H D Moore, Aviv Raff | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.

tags | exploit, code execution
advisories | CVE-2005-2265
MD5 | 4d11bb8de765d259995301791ec60b38
Month Of Twitter Bugs - TweetMeme XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - TweetMeme suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
MD5 | fee558887b9eeb6356386b86c94212b0
Month Of Twitter Bugs - Brightkite XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Brightkite suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
MD5 | e034ddc81758213d370653b4b1f858b4
Month Of Twitter Bugs - TweetGrid XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - TweetGrid suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
MD5 | e9720eff00eaea80d920fb3e01d60915
Month Of Twitter Bugs - Twitturly XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Twitturly suffered from a persistent cross site scripting flaw.

tags | advisory, xss
MD5 | fa0ee023bc813807dc8cbcf669ad5a4d
Month Of Twitter Bugs - Twitiq XSRF/XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - TwitIQ suffered from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | dcc8a08cfb971961e0fe5579794c6979
Month Of Twitter Bugs - Twellow XSS
Posted Jul 9, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Twellow suffered from a reflected cross site scripting vulnerability.

tags | advisory, xss
MD5 | b1f9bd966dd92d57131f8db67c06c1c8
Month Of Twitter Bugs - Twitterfall XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Twitterfall suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f7afdd4f69156b55358ed561bf6ccb8
Month Of Twitter Bugs - yfrog XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The yfrog application suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
MD5 | 231f236d6a6319e6d965d344902fa20f
Month Of Twitter Bugs - TwitPic Issues
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitPic application suffered from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 270c97d358dbd6d7b1d86e223bac60a0
Month Of Twitter Bugs - TwitSnaps XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitSnaps application is susceptible to a reflect cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7a0be33d08640360e9eaa6b8e4e4a48f
Month Of Twitter Bugs - BigTweet XSRF
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The BigTweet bookmarklet tool suffered from a cross site request forgery vulnerability.

tags | advisory, csrf
MD5 | 8ade5d4fd0745c08967192ead612b25d
Month Of Twitter Bugs - TwitWall XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitWall application suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
MD5 | 70dd61815638eeebd88a5cc2abc8b43c
Month Of Twitter Bugs - HootSuite XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The HootSuite Twitter toolbox suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2b886b1f2a8e14a5458d36eefb0d8646
Month Of Twitter Bugs - bit.ly XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The bit.ly service suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 0cb5d861772f62c48fcdbfd5db088d14
opera-xssexecpoc.txt
Posted Oct 23, 2008
Authored by Aviv Raff | Site aviv.raffon.net

Opera version 9.52 and 9.60 stored cross site scripting and remote code execution exploit. This is an expansion on the research performed by Security Assessment.

tags | exploit, remote, code execution, xss
MD5 | 0bde6180586e1de08bdbfad3396bfc7c
msie-crosszone.txt
Posted May 15, 2008
Authored by Aviv Raff | Site aviv.raffon.net

Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature.

tags | exploit
MD5 | ac941e58ffb4c9380b7ee22bd963676f
mozilla-spoof.txt
Posted Jan 3, 2008
Authored by Aviv Raff | Site aviv.raffon.net

It appears that Mozilla Firefox version 2.0.0.11 suffers from an information spoofing attack via the basic authentication dialog box.

tags | advisory, spoof
MD5 | 3fd428441293b128408cec514234ea46
google-spoof.txt
Posted Dec 19, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Google Toolbar allows spoofing the information presented in the dialog which is being displayed when adding a new Google Toolbar button.

tags | advisory, spoof
MD5 | 7350aa8cd043785d4959d429b5f741f1
mobile-csrf.txt
Posted Nov 27, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Mobile phones can be subjected to denial of service attacks via cross site request forgery attacks.

tags | advisory, denial of service, csrf
MD5 | 1756f97c67746f73dac3c2411380a850
aqt-exploit.txt
Posted Sep 19, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Apple Quicktime with Internet Explorer .qtl version XAS remote exploit proof of concept.

tags | exploit, remote, proof of concept
systems | apple
MD5 | 2e01952924f7d6177d801dd6fa121cc9
iDEFENSE Security Advisory 2007-08-14.1
Posted Aug 15, 2007
Authored by iDefense Labs, Aviv Raff | Site idefense.com

iDefense Security Advisory 08.14.07 - Remote exploitation of a Cross Site Scripting (XSS) vulnerability in the Windows Vista Sidebar RSS Gadget allows an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the parsing of the certain elements of the items in an RSS feed. A properly crafted HTML tag within these elements will not be removed, and will be rendered by the RSS gadget. Since the RSS gadget runs in the local zone, the injected JavaScript has full access to the system. iDefense has confirmed the existence of this vulnerability in Microsoft Windows Vista Business. Other versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary, local, javascript, xss
systems | windows, vista
advisories | CVE-2007-3033
MD5 | 1aa166600fa7109e872458bec4156bc6
ie7-phish.txt
Posted Mar 20, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users.

tags | advisory, local, xss
MD5 | 3b996a2ffb89a7c0d6ec5ff9b53a31ae
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close