exploit the possibilities
Showing 1 - 25 of 138 RSS Feed

Files from Abysssec

Email addressadmin at abysssec.com
First Active2008-11-29
Last Active2013-01-15
DOMSDAY: Analyzing A DOM-Based XSS In Yahoo!
Posted Jan 15, 2013
Authored by Abysssec, Shahin | Site abysssec.com

This is a whitepaper that discusses a reflective cross site scripting issue in *.adspecs.yahoo.com due to sessvars.js not filtering before performing an eval.

tags | paper, xss
SHA-256 | ec7a8bcfbe030e87367b8b94832c2b64cdd0550ea279469bf63bb2f775015438
Novell File Reporter Code Execution
Posted Dec 12, 2012
Authored by Abysssec | Site abysssec.com

Novell File Reporter agent XML parsing remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2012-4959
SHA-256 | d97019b8d30cf82a531d15b67988c264ae384da68ddc63da71ca44d3e9fc1cd0
Avaya WinPMD UniteHostRouter Buffer Overflow
Posted Oct 9, 2012
Authored by Abysssec, juan vazquez, Abdul-Aziz Hariri | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Avaya WinPMD. The vulnerability exists in the UniteHostRouter service, due to the insecure usage of memcpy when parsing specially crafted "To:" headers. The module has been tested successfully on Avaya WinPMD 3.8.2 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows
advisories | OSVDB-82764, OSVDB-73269
SHA-256 | d9b4cfd701509dee98dd35f95bbf2fa0811c43ac505cb1b7aba6619d0bbbbae5
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
Posted Feb 10, 2012
Authored by Abysssec, sinn3r, Alexander Gavrun | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2140, OSVDB-74439
SHA-256 | df9a4f147e437db061fcac07db067da65775ac9fff0ec5fecbe3b18c47f3ceba
Adobe Flash Player Code Execution
Posted Jan 31, 2012
Authored by Abysssec | Site abysssec.com

Adobe Flash Player MP4 SequenceParameterSetNALUnit remote code execution exploit that works against versions 10.3.181.34 and below on XP SP3.

tags | exploit, remote, code execution
advisories | CVE-2011-2140
SHA-256 | 3acb530b7f85bf741ad44237de6b7293c688e170361a89a5dd01b37019556114
Avaya WinPDM UniteHostRouter 3.8.2 Buffer Overflow
Posted Jan 20, 2012
Authored by Abysssec | Site abysssec.com

Avaya WinPDM UniteHostRouter versions 3.8.2 and below remote pre-auth buffer overflow exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell
SHA-256 | e60668fa5b27c23dd1c833eb25b44a403111b5eef0cdf05eb8fb7b3e13fe0967
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
Posted Nov 6, 2011
Authored by Abysssec, sinn3r, Aniway, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | CVE-2011-0105
SHA-256 | 405750635f1d715a040aac5de170b3b1b4dc8f91ecb9723c46a8fa8a207f6fa9
Microsoft Excel 2007 SP2 Buffer Overwrite
Posted Nov 2, 2011
Authored by Abysssec | Site abysssec.com

A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
SHA-256 | 9a5d1f96fbe02680c7966f213409b939e32dceb7cdd048b0e6ab2e26c9aed2cf
Safari 5.0.5 SVG Remote Code Execution
Posted Jul 26, 2011
Authored by Abysssec | Site abysssec.com

WebKit as used in Apple Safari versions prior to 5.0.6 memory corruption exploit with DEP bypass.

tags | exploit
systems | apple
advisories | CVE-2011-0222
SHA-256 | 16a041c37b31ede793a60e292d6bfca2a8af34db4883b9ac92c3e4c061829c85
GDI+ CreateDashedPath Integer Overflow
Posted Jul 19, 2011
Authored by Abysssec, Nicolas Joly | Site abysssec.com

GDI+ CreateDashedPath suffers from an integer overflow vulnerability in gdiplus.dll.

tags | exploit, overflow
systems | linux
advisories | CVE-2011-0041
SHA-256 | e20fc836323223dccecb7e77feedfe083e650997e1791ba72b7c3bf909266bad
Adobe Flash Player Action Script Type Confusion
Posted Apr 19, 2011
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Flash Player versions prior to 10.1.53.64 Action script type confusion exploit.

tags | exploit
systems | linux
advisories | CVE-2010-3654
SHA-256 | 6a3bd8107ea80cac8dbedad82b6d7d57fa7090ea8489291d5ca2ed8531f0f4e4
Adobe Shockwave Player Memory Corruption
Posted Oct 22, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.

tags | exploit
SHA-256 | 19c623243755d4e723f8bafe5e6b21f7bc24f231ced44057c528a648edd4ae9e
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2010-2738
SHA-256 | 6eba272c4ddfe295b0ebe851d90034b775b8db127a39cc09038726b42ce21ce2
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2010-2738
SHA-256 | a260a103493a82aa8d88ddc48ee57997d544d765bc8fd435d880fa00febbd6e1
Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart
Posted Oct 1, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart suffers from a file upload cross site request forgery vulnerability.

tags | advisory, file upload, csrf
SHA-256 | c9d87f8bdde161e2a4f3aa91ce867155cc368c6394a0d5d1640778fdae77f8ae
Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart
Posted Oct 1, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart suffers from a file upload cross site request forgery vulnerability.

tags | exploit, file upload, csrf
SHA-256 | 0fa4a1fc6bc6e257ca606903b050fc285d1914f4683e5197e8247c2ea91c4a70
Month Of Abysssec Undisclosed Bugs - Microsft Excel
Posted Sep 29, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a SxView record parsing heap memory corruption vulnerability.

tags | exploit
advisories | CVE-2010-1245
SHA-256 | 8559cd08f0e1060638d1e482eeca133768c0d9e3701ebe7a1a85f49dee8fc8c9
Month Of Abysssec Undisclosed Bugs - AtomatiCMS
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - AtomatiCMS suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
SHA-256 | d28562311c44508cd04e6a2d947d769787e7775c8b7ae31cc30fa84dc5f502f3
Month Of Abysssec Undisclosed Bugs - AtomatiCMS
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - AtomatiCMS suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | 03ab291bf641d30568d780acd938d6bdb67d57bacf257281de4b95ecc8542208
Month Of Abysssec Undisclosed Bugs - JE CMS 1.0.0
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - JE CMS version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | advisory, remote, sql injection
SHA-256 | 8ff1c794c6ca8b9cc3919b71a881993f309698b518ba50acb5801225179daaad
Month Of Abysssec Undisclosed Bugs - JE CMS 1.0.0
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - JE CMS version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 24a8b84dfdb9146940e4293b16fbe2a2f0ce1c2394f0d532cd9e82bb69f7e65f
Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer suffers from a MSHTML Findtext processing issue.

tags | advisory
SHA-256 | cd2db4facf91ac2f9da02446010e8d0b786f4bd6d1515f92f509060d41aec1ce
Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer suffers from a MSHTML Findtext processing issue.

tags | exploit
SHA-256 | 82c4002637ecaabe051b8f65865135bd49c78c27e7c11535ae9e6abef23f1062
Month Of Abysssec Undisclosed Bugs - Nickel And Dime CMS 0.4rc1
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ndCMS (Nickel and Dime CMS) version 0.4rc1 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | a72c0a1982360127ee903348d0b8938bd690f456683ad6bf873f3abd445cf537
Month Of Abysssec Undisclosed Bugs - Nickel And Dime CMS 0.4rc1
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ndCMS (Nickel and Dime CMS) version 0.4rc1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | ad4dc050d45bec49382e0d73802dea60d359e8e781d82173a61672bf282f3f4b
Page 1 of 6
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close