This is a whitepaper that discusses a reflective cross site scripting issue in *.adspecs.yahoo.com due to sessvars.js not filtering before performing an eval.
ec7a8bcfbe030e87367b8b94832c2b64cdd0550ea279469bf63bb2f775015438
This Metasploit module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ (recType 0x5D) record an attacker can get the control of the execution flow. This results arbitrary code execution under the context of the user.
acb25995e86f5b15f194ac0612879eb48ebd91be3aa622b8ed431f01c711cbdd
This Metasploit module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. Please note on IE 8 targets, your malicious URL must be a trusted site in order to load the .Net control.
bf8b665e00a66d83f342244fe6468d8bae22e7105c7353d9ceb3aa7194057854
This is a whitepaper called The Arashi (A.K.A Storm). It discusses ASLR/DEP bypass techniques.
dfa912b70bb400100b503c7a03da6c98181c89c6c0691fda5e22af5afb3f5a95
This Metasploit module exploits a stack based overflow vulnerability in the handling of the DXF files by Microsoft Visio 2002. Revisions prior to the release of the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application is used to import a specially crafted DXF file, while parsing the HEADER section of the DXF file. To trigger the vulnerability an attacker must convince someone to insert a specially crafted DXF file to a new document, go to Insert -> CAD Drawing.
f61db5b3c647e82f60841a3bcc9f264bbf908d6398708df6e22042a47f1bc8a0
Adobe Flash Player versions prior to 10.1.53.64 Action script type confusion exploit.
6a3bd8107ea80cac8dbedad82b6d7d57fa7090ea8489291d5ca2ed8531f0f4e4
This Metasploit module exploits a buffer overflow in HP NNM's webappmon.exe. The vulnerability occurs when function "execvp_nc" fails to do any bounds-checking before strcat is used to append user-supplied input to a buffer.
bf5a083c853de0a9689a85f8964a561ceaf21211433507a6060dcd2fcafba338
Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.
19c623243755d4e723f8bafe5e6b21f7bc24f231ced44057c528a648edd4ae9e
Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.
6eba272c4ddfe295b0ebe851d90034b775b8db127a39cc09038726b42ce21ce2
Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.
a260a103493a82aa8d88ddc48ee57997d544d765bc8fd435d880fa00febbd6e1
Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a SxView record parsing heap memory corruption vulnerability.
8559cd08f0e1060638d1e482eeca133768c0d9e3701ebe7a1a85f49dee8fc8c9
Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak suffers from a CVDecompress heap overflow vulnerability in its codec.
65124a656048565c16fe91a3149770e7f68cfbffdd82624e64905bbbb95d814e
Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak suffers from a CVDecompress heap overflow vulnerability in its codec.
00f17424302fd91647dac800773ce43c707c6f598027a71a9f04279d2141a88f
Month Of Abysssec Undisclosed Bugs - Mozilla Firefox suffers from a CSS font-face remove code execution vulnerability.
5b733d55ed5f656b0c8561eae3de28583e3ce6a2888aefb5cad79797ad08def6
Month Of Abysssec Undisclosed Bugs - Mozilla Firefox suffers from a CSS font-face remove code execution vulnerability.
50347efc2c502ca8dd20c3d52507b5f531dbc8450435c3b06a7242942e88a439
Month Of Abysssec Undisclosed Bugs - The Microsoft MPEG Layer-3 audio decoder suffers from a division by zero vulnerability.
e6e26765c878ba55563e6249c698801bf3aa4237f9bda9c3924c9e56df1b61d5
Month Of Abysssec Undisclosed Bugs - The Microsoft MPEG Layer-3 audio decoder suffers from a division by zero vulnerability.
6708fd429929a7aa3fb84cca3be48f2b7faa5660f5bcd5647816d16b3809ea7a
Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.
90e4eca3114e400464524e7809c74e2f36089c0562ac6d2d58447aae06dab5a4
Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.
d9410340312f60b503319f7532053666375cbb0cdcd8a58cfbcbb3d505181aee
Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a HFPicture record parsing memory corruption vulnerability. Proof of concept included.
ed69d60e4c3d59b47aba430326389a5dca35ba90211acc177fc56d413ba87607
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash suffer from a "newfunction" remote code execution vulnerability.
1bc1e5853aff3fb7f9bb1f522028e4556e70e177036a9d130790516e86aefd38
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash suffer from a "newfunction" remote code execution vulnerability.
6c33254241b469c1f265f347ed24dc65c92f8ef79a26884ed512ba2b8437ad5d
Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director suffers from a tSAC Chunk memory corruption vulnerability.
ced57ebaada34cf4eedbeb7b75ff1d8d9a0a559814a00a6fd280fb114a190e7d
Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director suffers from a tSAC Chunk memory corruption vulnerability.
cfed80acab1852e1bb402c1bfba8bb492b562d6271a0ca9214fd4361e41ae355
Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a WOPT record parsing heap memory corruption vulnerability. Proof of concept included.
fe880ccab01d65f59e8f668c6229f63f7ddcc6fc21b3ff91caf035b6a6c9da43