exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Dominic Chell

Email addressdmc at deadbeef.co.uk
First Active2007-07-21
Last Active2017-05-11
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Posted May 11, 2017
Authored by Dominic Chell, FireFart, Zhiniang Peng, Chen Wu, zcgonvh, Rich Whitcroft | Site metasploit.com

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2017-7269
SHA-256 | dd14beacc3e87b7064dc160534d469a79690ec06c3cb5fdddd8acbce04733db8
iOS Application (In)Security
Posted May 6, 2012
Authored by Dominic Chell | Site mdsec.co.uk

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

tags | paper, vulnerability
systems | cisco, apple, iphone
SHA-256 | 334c947d960799417387ce8f1c27188fc7f859bd204b9dc50890663d07a20fba
LibAVCodec AMV Out Of Array Write
Posted Aug 1, 2011
Authored by Dominic Chell | Site ngssecure.com

Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2011-1931
SHA-256 | 185b2a8f4df8fd3182b6a8b7c17b80825f8ca66454647c947edaad4f084253e6
Apple Mac OS X ImageIO TIFF Integer Overflow
Posted Jul 5, 2011
Authored by Dominic Chell | Site ngssoftware.com

A heap overflow is caused by a signedness vulnerability within copyImageBlockSetTiff(). The crash occurs within any application using the framework, including Preview, QuickLook, Safari and Mail.

tags | advisory, overflow
SHA-256 | 147af24c2d70bdedd1b38ad38463143eddc00aaf8190e135935aa9b337388a4a
Apple Mac OS X ImageIO TIFF Heap Overflow
Posted Jul 5, 2011
Authored by Dominic Chell | Site ngssoftware.com

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | apple, osx
advisories | CVE-2011-0204
SHA-256 | 215fdcdc27bc0af91ed31034d3dcfaac9d2c8dc0daf9e1f8e21a6270bff6a628
LibAVCodec AMV Out Of Array Write
Posted Apr 27, 2011
Authored by Dominic Chell | Site ngssoftware.com

Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.

tags | advisory, arbitrary, code execution
SHA-256 | 17c0e508710bb4f00f1f179e385b3d378527bd4b35827d30da710e418db26947
Apple Mac OS X ImageIO Integer Overflow
Posted Mar 22, 2011
Authored by Dominic Chell | Site ngssecure.com

Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. Versions affected include Mac OS X 10.6 through 10.6.6, Mac OS X Server 10.6 through 10.6.6.

tags | advisory, overflow, arbitrary, code execution
systems | apple, osx
SHA-256 | 8a7f56c6bf5db4c24979da8deb5a498165e211b83b1662e863496e40d68182ac
ImageIO PSD Memory Corruption
Posted Nov 22, 2010
Authored by Dominic Chell | Site ngssecure.com

Dominic Chell of NGS Secure has discovered a high risk memory corruption vulnerability affecting the ImageIO rendering framework. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. This issue can be remotely (client-side) exploited through any application using the framework including Mail, Safari and QuickLook.

tags | advisory, arbitrary, code execution
advisories | CVE-2010-1845
SHA-256 | 8d1461e6e5256170797a0a396eaeab1b7e0fc4993c990a6ffe56e62e1457d8ae
Sun Java Web Server Exploit
Posted Jul 9, 2010
Authored by Dominic Chell

Sun Java Web Server version 7.0 update 7 remote stack overflow exploit that is capable of bypassing DEP. In order to do this it uses ROP to invoke SetProcessDEPPolicy(). This is the second version of this exploit.

tags | exploit, java, remote, web, overflow
advisories | CVE-2010-0361
SHA-256 | 5ad70f7b7f2e69ccea95b224be4c72b4098e1aff0d6b032f6327e5d85239389e
Sun Java System Web Server Stack Overflow
Posted Jul 3, 2010
Authored by Dominic Chell

Sun Java Web Server version 7.0 update 7 remote stack overflow exploit.

tags | exploit, java, remote, web, overflow
advisories | CVE-2010-0361
SHA-256 | 1d5f8ef617835a71a58262660e2ce215591ca0aad2cd8ed70a7c99368e4b3aec
Mozilla Firefox 2.0.0.16 Buffer Overflow
Posted Sep 15, 2009
Authored by Dominic Chell

Mozilla Firefox version 2.0.0.16 Windows XP SP3 UTF-8 URL buffer overflow exploit that has adduser shellcode.

tags | exploit, overflow, shellcode
systems | windows
SHA-256 | e2739bd0c630b7c4e926b923f3c3c58cec9f87c0f93e6e8bbe38ae0ce616e363
MP3 Studio 1.0 Buffer Overflow
Posted Sep 15, 2009
Authored by Dominic Chell

MP3 Studio version 1.0 local buffer overflow exploit that creates a malicious .m3u file that produces a bind shell on port 4444.

tags | exploit, overflow, shell, local
SHA-256 | c013bed4f41f1ab91decd5f7c7aff548c6e35c9a4a6a42c0676a578da99821be
IPSwitch IMAP Server 9.20 Overflow
Posted Sep 15, 2009
Authored by Dominic Chell

IPSwitch IMAP Server version 9.20 and below remote buffer overflow exploit.

tags | exploit, remote, overflow, imap
advisories | CVE-2007-2795
SHA-256 | c6aa0faefb20ce7196a8c749c9dc1b089bd8b0fac46149e8070c03dbb5c15cae
lotus-overflow.txt
Posted Jul 21, 2007
Authored by prdelka, Dominic Chell

Lotus Domino IMAP4 server version 6.5.4 / Windows 2000 Advanced Server x86 remote buffer overflow exploit.

tags | exploit, remote, overflow, x86
systems | windows
SHA-256 | b914a5a129df141a9e81efa513ca01b96c180ff72cea7dafc716b3203367e1a3
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close