exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files from Gaurav Baruah

Email addressbaruah.gaurav at gmail.com
First Active2009-05-05
Last Active2012-12-31
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2012-2176, OSVDB-82166
SHA-256 | 2570396e9a994f0f9128106991e69dcb968d0dde0fbe6d004afd9587713e5cbb
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
Posted Dec 31, 2012
Authored by Gaurav Baruah, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2012-2175, OSVDB-82755
SHA-256 | a5379e9a43da683cd4806d1f1e1d548d9998b0760444a32f658bcd9210c0c210
Google Maps Cross Site Scripting
Posted Jan 12, 2010
Authored by Gaurav Baruah, Pratul Agrawal

Google Maps suffered from a cross site scripting vulnerability. This was patched the same day as it was publicly disclosed.

tags | exploit, xss
SHA-256 | ceadd5d42578a51846404a083d2bc06590816e3f1e2797e178d4f40956bf0b98
SolarWinds TFTP Server 9.2.0.111 Denial Of Service
Posted Sep 1, 2009
Authored by Gaurav Baruah

SolarWinds TFTP Server versions 9.2.0.111 and below remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | cee50b517e8a70d45f5b63ded8e50ae0b5fb619c59073aeef77aec19d4f2c555
Grabit 1.7.2 Beta 3 SEH Overwrite
Posted May 5, 2009
Authored by Gaurav Baruah

Grabit versions 1.7.2 Beta 3 and below SEH overwrite exploit that creates a malicious .nzb file.

tags | exploit
SHA-256 | ded4904079b67e471affc3ad4c0c01de4770c55493c703502b40bdf9fce76a37
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close