exploit the possibilities
Showing 1 - 25 of 26 RSS Feed

Files from Aditya K Sood

First Active2007-02-01
Last Active2011-08-25
Dissecting Java Server Faces For Penetration Testing
Posted Aug 25, 2011
Authored by Aditya K Sood, Krishna Raja

Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.

tags | paper, java, web
MD5 | 3e0ca590152a28d58e6b4fd24b67f72a
Digging Inside VxWorks OS And Firmware - Holistic Security
Posted Jul 18, 2011
Authored by Aditya K Sood | Site secniche.org

Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.

tags | paper, vulnerability
MD5 | 2fe7af017754aecc2f68198a7bb61a86
Oracle I-Recruitment Cross Site Scripting
Posted Jul 16, 2011
Authored by Aditya K Sood

A persistent cross site scripting vulnerability exists in the Oracle I-Recruitment portal. The account information page allows the user to upload his resume in Microsoft Word document. An attacker can construct a malicious MSWord file to conduct the attack by setting a cross site scripting payload in hyperlinks in order to bypass conversion filters. Versions 11.5.10.2, 12.0.6, and 12.1.3 are affected.

tags | advisory, xss
advisories | CVE-2010-2404
MD5 | 915143d62fe7b7aa1ae2e6f7397f485b
NoScript Cross Site Scripting Via SQL Injection
Posted Nov 27, 2010
Authored by Aditya K Sood

NoScript versions prior to 2.0.5.1 suffer from a reflective cross site scripting vulnerability via SQL injection.

tags | exploit, xss, sql injection
MD5 | a72867c60f313ec24d57275614fa6630
Oracle I-Recruitment Redirection
Posted Nov 25, 2010
Authored by Aditya K Sood

An open redirect vulnerability exists in Oracle I-Recruitment versions 11.5.10.2, 12.0.6 and 12.1.3.

tags | exploit
advisories | CVE-2010-2408
MD5 | 3333af513cf55c5154575bb75e5fbeba
Microsoft Word 2003 MSO Null Pointer Dereference
Posted Sep 15, 2010
Authored by Aditya K Sood

A null pointer dereference vulnerability has been noticed in Microsoft Word. The exception results in the MSO.dll library failing to handle the specially crafted buffer in a file. The issue can be potentially triggered by opening a malicious word file which results in a null pointer exception due to invalid memory read.

tags | advisory
advisories | CVE-2010-3200
MD5 | f3b806eba3e1abc910f546d7ddf25357
Whitepaper Called Reverse Honey Trap
Posted Feb 4, 2010
Authored by Aditya K Sood, Rohit Bansal

Whitepaper called Reverse Honey Trap - Striking Deep Inside Online Web Antivirus Engines and Analyzers.

tags | paper, web
MD5 | 979913c772244ef601f8a0becdd79981
Google Docs PDF Repurposing
Posted May 11, 2009
Authored by Aditya K Sood | Site secniche.org

This document discusses cookie hijacking in Google Docs through PDF repurposing attacks. This has since been fixed by Google.

tags | advisory
MD5 | 6f3ea64aae2840c0c5478f706fc00349
PDF JavaScript Attacks
Posted May 5, 2009
Authored by Aditya K Sood | Site secniche.org

Whitepaper called PDF Silent HTTP Form Repurposing Attacks.This paper sheds light on the modified approach to trigger web attacks through JavaScript protocol handler in the context of browser when a PDF is opened in it.

tags | paper, web, javascript, protocol
MD5 | c479c678c56f00b1d37c49038f79e6c6
Google Chrome 1.0.154.53 Denial Of Service
Posted Apr 28, 2009
Authored by Aditya K Sood | Site secniche.org

Google Chrome version 1.0.154.53 "throw exception" remote crash and denial of service exploit.

tags | exploit, remote, denial of service
MD5 | 006378449d255dc12db2c80fbe873d6f
Mozilla Firefox 3.0.8 Zero Buffer Check Memory Exhaustion / Leaking
Posted Apr 15, 2009
Authored by Aditya K Sood | Site secniche.org

Mozilla Firefox version 3.0.8 zero buffer check memory exhaustion and leaking proof of concept exploit.

tags | exploit, proof of concept
MD5 | 3f2baa2f8b24cf6cb339b7d828a85135
Evading Web XSS Filters Through Word
Posted Apr 2, 2009
Authored by Aditya K Sood | Site secniche.org

Whitepaper called Evading Web XSS Filters through Word (Microsoft Office and Open Office in Enterprise Web Applications.

tags | paper, web, xss
MD5 | f76e72f4a3743def423d7e1772986353
Google Chrome 1.0.154.48 Denial Of Service
Posted Mar 16, 2009
Authored by Aditya K Sood | Site secniche.org

Google Chrome version 1.0.154.48 single thread alert out of bounds memory access exploit.

tags | exploit
MD5 | 1f93f75509617183ceefe6ca07822f2d
Google Chrome Click Jacking
Posted Jan 28, 2009
Authored by Aditya K Sood | Site secniche.org

The Google Chrome browser versions 1.0.154.43 and below suffer from a clickjacking vulnerability.

tags | exploit
MD5 | a9a882cf4eefe4cae82f829e96fa34ea
Oracle E-Business Suite Information Disclosure
Posted Jan 21, 2009
Authored by Aditya K Sood | Site secniche.org

Oracle E-Business Suite Release 12, version 12.0.6 and Oracle E-Business Suite Release 11i, version 11.5.10.2 both suffer from a sensitive information disclosure vulnerability.

tags | paper, info disclosure
advisories | CVE-2008-5446
MD5 | 562ba71c97713005872e8f8546edad39
googlechrome-obfuscate.tgz
Posted Nov 24, 2008
Authored by Aditya K Sood | Site secniche.org

Google Chrome versions 0.2.149.30, 0.2.149.29, and 0.2.149.27 all suffer from a metacharacter URI obfuscation vulnerability. Proof of concept html included.

tags | exploit, proof of concept
MD5 | f26473051cd14f19ff80806f58c603dd
operasuppress-dos.txt
Posted Sep 29, 2008
Authored by Aditya K Sood | Site secniche.org

Opera version 9.52 suffers from a window object suppression denial of service vulnerability.

tags | exploit, denial of service
MD5 | 6278660487e20b372b753680b4f5256c
firefoxderef-dos.txt
Posted Sep 29, 2008
Authored by Aditya K Sood | Site secniche.org

The user interface in Mozilla Firefox version 3.0.3 suffers from a null pointer dereference crash.

tags | exploit, denial of service
MD5 | 9f5af9f0f888657db9feb53e0d6aa5c3
googlesuppress-dos.txt
Posted Sep 29, 2008
Authored by Aditya K Sood | Site secniche.org

Google Chrome version 0.2.149.30 suffers from a window object suppression denial of service vulnerability.

tags | exploit, denial of service
MD5 | e4bba44b67a347594dfd38b5bb879a05
google-exhaust.txt
Posted Sep 24, 2008
Authored by Aditya K Sood | Site secniche.org

Google Chrome versions 0.2.149.30 and 0.2.149.29 carriage return NULL object memory exhaustion denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 4b420b098cbf197783426bca8b1464d9
msiepng-dos.txt
Posted Sep 17, 2008
Authored by Aditya K Sood | Site secniche.org

Microsoft Internet Explorer 7 is susceptible to a denial of service vulnerability when handling malicious PNG files.

tags | advisory, denial of service
MD5 | fe53be703eba1e969a3564fbcf3ecf2a
Ser_Insec_Bison.pdf
Posted Jul 31, 2007
Authored by Aditya K Sood | Site secniche.org

Whitepaper titled Binary JSON: Insecurity In Implementing Serialization.

tags | paper
MD5 | e87fa0203d5d04e163bdf94de4a6f5bc
CVE-2007-3816.txt
Posted Jul 23, 2007
Authored by Aditya K Sood | Site secniche.org

JWIG might allow context-dependent attackers to cause a denial of service via loops of references to external templates.

tags | advisory, denial of service
advisories | CVE-2007-3816
MD5 | cc22107a34b0f9a61e6d37de45ea58fe
verisign-redirect.txt
Posted Jul 13, 2007
Authored by Aditya K Sood | Site secniche.org

Verisign has various open HTTP redirect servers that may assist phishing.

tags | advisory, web
MD5 | cd49eb736abc0756d54da4034f1314b8
AmbiguityInAjaxLockdownFramework.pdf
Posted Feb 13, 2007
Authored by Aditya K Sood | Site zeroknock.metaeye.org

Whitepaper entitled Ambiguity In Ajax Lockdown Framework - Unveiling Some Contradictory Facts.

tags | paper, web
MD5 | c72d1fdf0586fb064c35e73407382130
Page 1 of 2
Back12Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close