exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files from Aditya K Sood

First Active2007-02-01
Last Active2011-08-25
Dissecting Java Server Faces For Penetration Testing
Posted Aug 25, 2011
Authored by Aditya K Sood, Krishna Raja

Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.

tags | paper, java, web
SHA-256 | bb2851a7d694bdfdc081c72877ac631b96b1d0fc6f302e1493882794b986f6d1
Digging Inside VxWorks OS And Firmware - Holistic Security
Posted Jul 18, 2011
Authored by Aditya K Sood | Site secniche.org

Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.

tags | paper, vulnerability
SHA-256 | 2c622ddb4286be353e85ab46da20fe4b0ca3a0d882e1cf8d909f856256f15449
Oracle I-Recruitment Cross Site Scripting
Posted Jul 16, 2011
Authored by Aditya K Sood

A persistent cross site scripting vulnerability exists in the Oracle I-Recruitment portal. The account information page allows the user to upload his resume in Microsoft Word document. An attacker can construct a malicious MSWord file to conduct the attack by setting a cross site scripting payload in hyperlinks in order to bypass conversion filters. Versions 11.5.10.2, 12.0.6, and 12.1.3 are affected.

tags | advisory, xss
advisories | CVE-2010-2404
SHA-256 | 89565c921950ce4770fa5b14b519ba8f3361837b5def92e74ce9f346295f4bde
NoScript Cross Site Scripting Via SQL Injection
Posted Nov 27, 2010
Authored by Aditya K Sood

NoScript versions prior to 2.0.5.1 suffer from a reflective cross site scripting vulnerability via SQL injection.

tags | exploit, xss, sql injection
SHA-256 | 53211eb119f27445999f7b2d4d02258857dbf572c53a1603288f91e1b535c5c5
Oracle I-Recruitment Redirection
Posted Nov 25, 2010
Authored by Aditya K Sood

An open redirect vulnerability exists in Oracle I-Recruitment versions 11.5.10.2, 12.0.6 and 12.1.3.

tags | exploit
advisories | CVE-2010-2408
SHA-256 | 633bf317c0fc0f479ad1d4d5f83258a4498b718ecae4518ec400a056c5a552bc
Microsoft Word 2003 MSO Null Pointer Dereference
Posted Sep 15, 2010
Authored by Aditya K Sood

A null pointer dereference vulnerability has been noticed in Microsoft Word. The exception results in the MSO.dll library failing to handle the specially crafted buffer in a file. The issue can be potentially triggered by opening a malicious word file which results in a null pointer exception due to invalid memory read.

tags | advisory
advisories | CVE-2010-3200
SHA-256 | 4c01a6e8fca0e345ca53ec2236511ab85597f7b4fcdd81dc24841e0f52f6773f
Whitepaper Called Reverse Honey Trap
Posted Feb 4, 2010
Authored by Aditya K Sood, Rohit Bansal

Whitepaper called Reverse Honey Trap - Striking Deep Inside Online Web Antivirus Engines and Analyzers.

tags | paper, web
SHA-256 | a3dd6b890e3a6906e98d16f6b73224fceeac934f3d11f6b154ead11101018b3f
Google Docs PDF Repurposing
Posted May 11, 2009
Authored by Aditya K Sood | Site secniche.org

This document discusses cookie hijacking in Google Docs through PDF repurposing attacks. This has since been fixed by Google.

tags | advisory
SHA-256 | 84043a14c6b544193ef554abc031b0e021f2e7a63dfe4048ecfc5c7db290d8e8
PDF JavaScript Attacks
Posted May 5, 2009
Authored by Aditya K Sood | Site secniche.org

Whitepaper called PDF Silent HTTP Form Repurposing Attacks.This paper sheds light on the modified approach to trigger web attacks through JavaScript protocol handler in the context of browser when a PDF is opened in it.

tags | paper, web, javascript, protocol
SHA-256 | 0a70dc082e23d38148769997123f5e980a6137b234342a5eeced12fa12639caf
Google Chrome 1.0.154.53 Denial Of Service
Posted Apr 28, 2009
Authored by Aditya K Sood | Site secniche.org

Google Chrome version 1.0.154.53 "throw exception" remote crash and denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 1fd4ca2e8e688fd3ee517eb4b6efdfa11c7e9969f30fa131e3935fb4e5fc6a4f
Mozilla Firefox 3.0.8 Zero Buffer Check Memory Exhaustion / Leaking
Posted Apr 15, 2009
Authored by Aditya K Sood | Site secniche.org

Mozilla Firefox version 3.0.8 zero buffer check memory exhaustion and leaking proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 55bd1981802453b04fbaae6651ddbd514ddedb2596dd3a86acb01ecb680355ee
Evading Web XSS Filters Through Word
Posted Apr 2, 2009
Authored by Aditya K Sood | Site secniche.org

Whitepaper called Evading Web XSS Filters through Word (Microsoft Office and Open Office in Enterprise Web Applications.

tags | paper, web, xss
SHA-256 | 3224c19c42480827ffcd5d08519bf3d651901dc4e69b38378e260f05f7ad01a7
Google Chrome 1.0.154.48 Denial Of Service
Posted Mar 16, 2009
Authored by Aditya K Sood | Site secniche.org

Google Chrome version 1.0.154.48 single thread alert out of bounds memory access exploit.

tags | exploit
SHA-256 | aee43125382eb8595c468b2807c49b4a03835d0339d0495c6b07dfe3afc90195
Google Chrome Click Jacking
Posted Jan 28, 2009
Authored by Aditya K Sood | Site secniche.org

The Google Chrome browser versions 1.0.154.43 and below suffer from a clickjacking vulnerability.

tags | exploit
SHA-256 | 27dcfcdabbcecce3e8e4b66b1588af2538f343cb247465ef7a0c037215785377
Oracle E-Business Suite Information Disclosure
Posted Jan 21, 2009
Authored by Aditya K Sood | Site secniche.org

Oracle E-Business Suite Release 12, version 12.0.6 and Oracle E-Business Suite Release 11i, version 11.5.10.2 both suffer from a sensitive information disclosure vulnerability.

tags | paper, info disclosure
advisories | CVE-2008-5446
SHA-256 | b032dcce1d5cb72ed6d46a15fa7223262285bc592fdb8cca36d2fc2ea54585e3
googlechrome-obfuscate.tgz
Posted Nov 24, 2008
Authored by Aditya K Sood | Site secniche.org

Google Chrome versions 0.2.149.30, 0.2.149.29, and 0.2.149.27 all suffer from a metacharacter URI obfuscation vulnerability. Proof of concept html included.

tags | exploit, proof of concept
SHA-256 | d38d8e01b2b606eaedfeba68c9279763a7a153407e69461fa9d5161bd52eb4f0
operasuppress-dos.txt
Posted Sep 29, 2008
Authored by Aditya K Sood | Site secniche.org

Opera version 9.52 suffers from a window object suppression denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 1587cb915c682de0d9c722a327c193043d134662f0b9a5b00b61225b2b7e16fe
firefoxderef-dos.txt
Posted Sep 29, 2008
Authored by Aditya K Sood | Site secniche.org

The user interface in Mozilla Firefox version 3.0.3 suffers from a null pointer dereference crash.

tags | exploit, denial of service
SHA-256 | bdbacd6f1157c91ff2415ab109326ad8a4de24fade5c25d4249f3781054fafb4
googlesuppress-dos.txt
Posted Sep 29, 2008
Authored by Aditya K Sood | Site secniche.org

Google Chrome version 0.2.149.30 suffers from a window object suppression denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 8bc462a03f9541a1eaa261b99334673942b03d0e593d83de3f4cbc6bafd8f3ab
google-exhaust.txt
Posted Sep 24, 2008
Authored by Aditya K Sood | Site secniche.org

Google Chrome versions 0.2.149.30 and 0.2.149.29 carriage return NULL object memory exhaustion denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 3e5ce87ae7c477aa26912e725ad588fc796a66929314dba366fc69aa2e9bdc68
msiepng-dos.txt
Posted Sep 17, 2008
Authored by Aditya K Sood | Site secniche.org

Microsoft Internet Explorer 7 is susceptible to a denial of service vulnerability when handling malicious PNG files.

tags | advisory, denial of service
SHA-256 | 8105113340df750289b71336193cf66a82c2fe90f1e6af1e9aed5f8577672a3f
Ser_Insec_Bison.pdf
Posted Jul 31, 2007
Authored by Aditya K Sood | Site secniche.org

Whitepaper titled Binary JSON: Insecurity In Implementing Serialization.

tags | paper
SHA-256 | 792f11d34234d4001313b75a5f3a48df168da66310add61910d40a5b0d9c996f
CVE-2007-3816.txt
Posted Jul 23, 2007
Authored by Aditya K Sood | Site secniche.org

JWIG might allow context-dependent attackers to cause a denial of service via loops of references to external templates.

tags | advisory, denial of service
advisories | CVE-2007-3816
SHA-256 | 0ead7d2c9293234988840ac672454f04d0bb39727a583dc26868cfb6d076d5a3
verisign-redirect.txt
Posted Jul 13, 2007
Authored by Aditya K Sood | Site secniche.org

Verisign has various open HTTP redirect servers that may assist phishing.

tags | advisory, web
SHA-256 | e8af84c34d993d2f3a426aa98367353af8697e3b1bdcdae5dba286af1f725cba
AmbiguityInAjaxLockdownFramework.pdf
Posted Feb 13, 2007
Authored by Aditya K Sood | Site zeroknock.metaeye.org

Whitepaper entitled Ambiguity In Ajax Lockdown Framework - Unveiling Some Contradictory Facts.

tags | paper, web
SHA-256 | c72d1fdf0586fb064c35e73407382130
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close