what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from Javier Vicente Vallejo

Comtrend Cross Site Request Forgery

Posted Aug 17, 2015

Authored by Javier Vicente Vallejo

Various Comtrend routers suffer from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf

SHA-256 | e075f47c52d3263edf9bcad894a9d0275e22ef6410176b35861b5f4f4b21a56c

Download | Favorite | View

iDEFENSE Security Advisory 2009-02-24.1

Posted Feb 25, 2009

Authored by iDefense Labs, Javier Vicente Vallejo | Site idefense.com

iDefense Security Advisory 02.24.09 - Remote exploitation of a invalid object reference vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a Shockwave Flash file, a particular object can be created, along with multiple references that point to the object. The object can be destroyed and its associated references removed. However a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 9.0.124.0. Previous versions may also be affected.

tags | advisory, remote, arbitrary

advisories | CVE-2009-0520

SHA-256 | 780e892128d7d79681ecb9f2b0c8adb3af7430a9be41d1863f245d1dd740cf75

Download | Favorite | View

Zero Day Initiative Advisory 08-073

Posted Nov 5, 2008

Authored by Tipping Point, Javier Vicente Vallejo | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. The specific flaw exists within the parsing of PDF objects defined in the file. When a specific object becomes malformed, a small memory corruption occurs which can be leveraged by an attacker to execute arbitrary code under the context of the current user.

tags | advisory, remote, web, arbitrary

advisories | CVE-2008-4813

SHA-256 | 83fcb2c8b363aecd0f52b7d84c9897263d7250d4ee9f6957c6eadeeccb666437

Download | Favorite | View

mswritesmb-dos.txt

Posted Sep 15, 2008

Authored by Javier Vicente Vallejo | Site vallejo.cc

Microsoft Windows is prone to a kernel-related denial of service condition due to the way srv.sys handles malformed WRITE_ANDX SMB packets. Metasploit exploit code included.

tags | exploit, denial of service, kernel

systems | windows

SHA-256 | 78155c1242238f3c779e439c47050b7f13096125447eda1e52928ce1ec4671a2

Download | Favorite | View