exploit the possibilities
Showing 1 - 25 of 138 RSS Feed

Files from Abysssec

Email addressadmin at abysssec.com
First Active2008-11-29
Last Active2013-01-15
DOMSDAY: Analyzing A DOM-Based XSS In Yahoo!
Posted Jan 15, 2013
Authored by Abysssec, Shahin | Site abysssec.com

This is a whitepaper that discusses a reflective cross site scripting issue in *.adspecs.yahoo.com due to sessvars.js not filtering before performing an eval.

tags | paper, xss
MD5 | 6d8f64ccc1b56f5cf131440f943b5d8c
Novell File Reporter Code Execution
Posted Dec 12, 2012
Authored by Abysssec | Site abysssec.com

Novell File Reporter agent XML parsing remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2012-4959
MD5 | 01296d5bf3ebabbd5b1832a71092fdca
Avaya WinPMD UniteHostRouter Buffer Overflow
Posted Oct 9, 2012
Authored by Abysssec, juan vazquez, Abdul-Aziz Hariri | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in Avaya WinPMD. The vulnerability exists in the UniteHostRouter service, due to the insecure usage of memcpy when parsing specially crafted "To:" headers. The module has been tested successfully on Avaya WinPMD 3.8.2 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows, xp
advisories | OSVDB-82764, OSVDB-73269
MD5 | 65decb9190e509e354fc7ee1628fee3a
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
Posted Feb 10, 2012
Authored by Abysssec, sinn3r, Alexander Gavrun | Site metasploit.com

This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.

tags | exploit, remote, arbitrary, code execution
advisories | CVE-2011-2140, OSVDB-74439
MD5 | fa4f5d5aff50cce0a0d0d58669a8f81a
Adobe Flash Player Code Execution
Posted Jan 31, 2012
Authored by Abysssec | Site abysssec.com

Adobe Flash Player MP4 SequenceParameterSetNALUnit remote code execution exploit that works against versions 10.3.181.34 and below on XP SP3.

tags | exploit, remote, code execution
advisories | CVE-2011-2140
MD5 | cf02af1c3dc09483a9ca31549d45ec0b
Avaya WinPDM UniteHostRouter 3.8.2 Buffer Overflow
Posted Jan 20, 2012
Authored by Abysssec | Site abysssec.com

Avaya WinPDM UniteHostRouter versions 3.8.2 and below remote pre-auth buffer overflow exploit that binds a shell to port 4444.

tags | exploit, remote, overflow, shell
MD5 | 2f0e85ab508a09e0ebb1db87894629ab
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
Posted Nov 6, 2011
Authored by Abysssec, sinn3r, Aniway, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack-based buffer overflow. This results in arbitrary code execution under the context of the user.

tags | exploit, overflow, arbitrary, code execution
advisories | CVE-2011-0105
MD5 | 52f4fae2645df04c9e459cc1c601657e
Microsoft Excel 2007 SP2 Buffer Overwrite
Posted Nov 2, 2011
Authored by Abysssec | Site abysssec.com

A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
MD5 | cc208cfc08dd7208a5b7d9ac3134291a
Safari 5.0.5 SVG Remote Code Execution
Posted Jul 26, 2011
Authored by Abysssec | Site abysssec.com

WebKit as used in Apple Safari versions prior to 5.0.6 memory corruption exploit with DEP bypass.

tags | exploit
systems | apple
advisories | CVE-2011-0222
MD5 | 049614e5860674219b4c33a3d20076f3
GDI+ CreateDashedPath Integer Overflow
Posted Jul 19, 2011
Authored by Abysssec, Nicolas Joly | Site abysssec.com

GDI+ CreateDashedPath suffers from an integer overflow vulnerability in gdiplus.dll.

tags | exploit, overflow
systems | linux
advisories | CVE-2011-0041
MD5 | b6254f6d6d9996effadd641c9b2d3f48
Adobe Flash Player Action Script Type Confusion
Posted Apr 19, 2011
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Flash Player versions prior to 10.1.53.64 Action script type confusion exploit.

tags | exploit
systems | linux
advisories | CVE-2010-3654
MD5 | 8c9117c92f56abaea8f8297256c1fa1e
Adobe Shockwave Player Memory Corruption
Posted Oct 22, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.

tags | exploit
MD5 | 4d8cb1cad42b76e5b40a9248e227fa53
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2010-2738
MD5 | 9483d4cd1c3443828f7a3a772fc8c077
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2010-2738
MD5 | 4cac8b387c9e8c86b4bbbf12f4c8fb7d
Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart
Posted Oct 1, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart suffers from a file upload cross site request forgery vulnerability.

tags | advisory, file upload, csrf
MD5 | cb668643220bc419123a9b08b22f323e
Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart
Posted Oct 1, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart suffers from a file upload cross site request forgery vulnerability.

tags | exploit, file upload, csrf
MD5 | 27ca3787706cdaa93ce462a73b5ae818
Month Of Abysssec Undisclosed Bugs - Microsft Excel
Posted Sep 29, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a SxView record parsing heap memory corruption vulnerability.

tags | exploit
advisories | CVE-2010-1245
MD5 | c3f32248b631cd7cc20497552726364e
Month Of Abysssec Undisclosed Bugs - AtomatiCMS
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - AtomatiCMS suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
MD5 | 85c7625ac8c4ffb8fb3499927a408582
Month Of Abysssec Undisclosed Bugs - AtomatiCMS
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - AtomatiCMS suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 57f6780fd9b0dcebf8848061152c28f4
Month Of Abysssec Undisclosed Bugs - JE CMS 1.0.0
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - JE CMS version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | advisory, remote, sql injection
MD5 | 879d2eafe039a46a82c8aa6b6e3e96f8
Month Of Abysssec Undisclosed Bugs - JE CMS 1.0.0
Posted Sep 29, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - JE CMS version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 8485e8f7d273ff95ccbd98238aa4c8eb
Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer suffers from a MSHTML Findtext processing issue.

tags | advisory
MD5 | d67a661ea55e1c9627ceb8ce63b43719
Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Internet Explorer suffers from a MSHTML Findtext processing issue.

tags | exploit
MD5 | e9a71f125bb88e4ecd792218fb683f4e
Month Of Abysssec Undisclosed Bugs - Nickel And Dime CMS 0.4rc1
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ndCMS (Nickel and Dime CMS) version 0.4rc1 suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
MD5 | 4a4326f316a94a9a3b6097bc51472979
Month Of Abysssec Undisclosed Bugs - Nickel And Dime CMS 0.4rc1
Posted Sep 28, 2010
Authored by Abysssec | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - ndCMS (Nickel and Dime CMS) version 0.4rc1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 34e0a7eeec0c0c37a21e471d72e4390d
Page 1 of 6
Back12345Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close