what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files from Aviv Raff

Email addressavivra at gmail.com
First Active2005-03-25
Last Active2009-11-26
Internet Explorer VML Fill Method Code Execution
Posted Nov 26, 2009
Authored by H D Moore, Aviv Raff, Trirat Puttaraksa, Mr.Niega, M. Shirk | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This Metasploit module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.

tags | exploit, overflow, code execution
systems | windows
advisories | CVE-2006-4868
SHA-256 | dc3cd815cea490d0b9d3e5420cb08f039d38532b17c625f368c3079ec2fe492d
Opera historysearch XSS
Posted Oct 27, 2009
Authored by Aviv Raff, Roberto Suggi Liverani

Certain constructs are not escaped correctly by Opera's History Search results. These can be used to inject scripts into the page, which can then be used to modify configuration settings and execute arbitrary commands. Affects Opera versions between 9.50 and 9.61.

tags | exploit, arbitrary
advisories | CVE-2008-4696
SHA-256 | 8ee97c6c137b092fb141c1b73dea46bcc91809906758777dbdcce9e2f67b0d2b
Mozilla Firefox Code Execution
Posted Oct 27, 2009
Authored by H D Moore, Aviv Raff | Site metasploit.com

This Metasploit module exploits a code execution vulnerability in the Mozilla Suite, Mozilla Firefox, and Mozilla Thunderbird applications. This exploit module is a direct port of Aviv Raff's HTML PoC.

tags | exploit, code execution
advisories | CVE-2005-2265
SHA-256 | b867c0785b780e6498eb0c3b8d27c20f4cec51a630404edc8bd0c545b8e1e652
Month Of Twitter Bugs - TweetMeme XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - TweetMeme suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a727948f3ae8cae320a68fe0f4b06d5f62bdbf9e36caa584d8753fedc1b6380a
Month Of Twitter Bugs - Brightkite XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Brightkite suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dc304b2111a303fe988badb60b5e6514b7c250e477e30558871fbc1a7467a649
Month Of Twitter Bugs - TweetGrid XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - TweetGrid suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8895a1e102b54e7382e73861e7faa95b963552c81c213a287f40a3098f064728
Month Of Twitter Bugs - Twitturly XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Twitturly suffered from a persistent cross site scripting flaw.

tags | advisory, xss
SHA-256 | 10d843ce9b1005e2fe1aca69514d7d331c21c1ea4778cd9c2efa8a4ac6120381
Month Of Twitter Bugs - Twitiq XSRF/XSS
Posted Jul 15, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - TwitIQ suffered from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 7be0a3d4416f7ed804c7757415cbe4c24a6a94509775e3e29239d0d9ad6f8390
Month Of Twitter Bugs - Twellow XSS
Posted Jul 9, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Twellow suffered from a reflected cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 4e86cd7810ff29be5c79806f01a4db208f5d7dfc0a096ee5fbc32af817627926
Month Of Twitter Bugs - Twitterfall XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - Twitterfall suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 65fb9c299abb8b929979fad6222bed58930a27ee64999561b72cba49ccc48252
Month Of Twitter Bugs - yfrog XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The yfrog application suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 283cf7e1ae7038770924277e991ca2898b86c2b7153af6cd01f0d9b8a79318e5
Month Of Twitter Bugs - TwitPic Issues
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitPic application suffered from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | ac99bf0f99e3d52cee2f2163612083138e5101fe349bda2bad006174ab6c2e36
Month Of Twitter Bugs - TwitSnaps XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitSnaps application is susceptible to a reflect cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1aa2f141901738d38bfae80def5fd9ab666dedfd8d188000f20b7e448e099472
Month Of Twitter Bugs - BigTweet XSRF
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The BigTweet bookmarklet tool suffered from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 0b17f72c1dc2da7cf4f3ff5dff5cc5f6a402f6b6e6707938de5e4e5b56ba5e54
Month Of Twitter Bugs - TwitWall XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The TwitWall application suffers from a persistent cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | a58a9c6d750d535f4ccee264e486a17f7058af99920ca033e156007ce493340c
Month Of Twitter Bugs - HootSuite XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The HootSuite Twitter toolbox suffered from a reflected cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f28506907cd78635c4ac90b9095db2b20246930dc6c5c11faee949ae3b552812
Month Of Twitter Bugs - bit.ly XSS
Posted Jul 8, 2009
Authored by Aviv Raff | Site twitpwn.com

Month of Twitter Bugs - The bit.ly service suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 31ec4a5275c9326490446d0db51bcc2382ae41ebdae9b9e899f219a573d60baa
opera-xssexecpoc.txt
Posted Oct 23, 2008
Authored by Aviv Raff | Site aviv.raffon.net

Opera version 9.52 and 9.60 stored cross site scripting and remote code execution exploit. This is an expansion on the research performed by Security Assessment.

tags | exploit, remote, code execution, xss
SHA-256 | 3016c77408b82807e6ba7f702b979b7b81a888b4e82825c954fa6666b48e5e53
msie-crosszone.txt
Posted May 15, 2008
Authored by Aviv Raff | Site aviv.raffon.net

Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature.

tags | exploit
SHA-256 | ab3b393d7e4b97e90d8aa5846710e4ffa6f5a62715e2e70336e0b5c2da459d67
mozilla-spoof.txt
Posted Jan 3, 2008
Authored by Aviv Raff | Site aviv.raffon.net

It appears that Mozilla Firefox version 2.0.0.11 suffers from an information spoofing attack via the basic authentication dialog box.

tags | advisory, spoof
SHA-256 | 47f59d9aae591cbc74235ab2ddb5b49260a968d8b63446411d277d8f679abdb1
google-spoof.txt
Posted Dec 19, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Google Toolbar allows spoofing the information presented in the dialog which is being displayed when adding a new Google Toolbar button.

tags | advisory, spoof
SHA-256 | 23840b25b3fcacc6483afac763d595c2faf7a2d138ebdc52d35d1162be1072c7
mobile-csrf.txt
Posted Nov 27, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Mobile phones can be subjected to denial of service attacks via cross site request forgery attacks.

tags | advisory, denial of service, csrf
SHA-256 | f504c0d2a3b3c5b7011788d04b9270b5fb977102c05e7325c709437fdd4fdc4d
aqt-exploit.txt
Posted Sep 19, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Apple Quicktime with Internet Explorer .qtl version XAS remote exploit proof of concept.

tags | exploit, remote, proof of concept
systems | apple
SHA-256 | de4404cb7f47bc2c5e0fcb7378ef9ef71fe35d3013f67082b48b39e11d466c91
iDEFENSE Security Advisory 2007-08-14.1
Posted Aug 15, 2007
Authored by iDefense Labs, Aviv Raff | Site idefense.com

iDefense Security Advisory 08.14.07 - Remote exploitation of a Cross Site Scripting (XSS) vulnerability in the Windows Vista Sidebar RSS Gadget allows an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the parsing of the certain elements of the items in an RSS feed. A properly crafted HTML tag within these elements will not be removed, and will be rendered by the RSS gadget. Since the RSS gadget runs in the local zone, the injected JavaScript has full access to the system. iDefense has confirmed the existence of this vulnerability in Microsoft Windows Vista Business. Other versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary, local, javascript, xss
systems | windows
advisories | CVE-2007-3033
SHA-256 | b72e8982684f82bb2ef8f850fc5b1d27c583c8eb479eac82601e2686a3b3bac8
ie7-phish.txt
Posted Mar 20, 2007
Authored by Aviv Raff | Site aviv.raffon.net

Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users.

tags | advisory, local, xss
SHA-256 | b2b26c80e92ddc7107b42af7cd66181fbbf55544a6b52617ee681dde95781999
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close