exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 73 RSS Feed

Files from Shahin

Email addressshahin at abysssec.com
First Active2010-09-01
Last Active2013-01-15
DOMSDAY: Analyzing A DOM-Based XSS In Yahoo!
Posted Jan 15, 2013
Authored by Abysssec, Shahin | Site abysssec.com

This is a whitepaper that discusses a reflective cross site scripting issue in *.adspecs.yahoo.com due to sessvars.js not filtering before performing an eval.

tags | paper, xss
SHA-256 | ec7a8bcfbe030e87367b8b94832c2b64cdd0550ea279469bf63bb2f775015438
MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
Posted Nov 23, 2011
Authored by Nicolas Joly, Shahin, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ (recType 0x5D) record an attacker can get the control of the execution flow. This results arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2010-0822, OSVDB-65236
SHA-256 | acb25995e86f5b15f194ac0612879eb48ebd91be3aa622b8ed431f01c711cbdd
MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
Posted Aug 13, 2011
Authored by Javier G. Sanchez, Shahin, juan vazquez, Yamata Li | Site metasploit.com

This Metasploit module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. Please note on IE 8 targets, your malicious URL must be a trusted site in order to load the .Net control.

tags | exploit, overflow, shellcode
advisories | CVE-2010-0480, OSVDB-63749
SHA-256 | bf8b665e00a66d83f342244fe6468d8bae22e7105c7353d9ceb3aa7194057854
The Arashi AKA Storm
Posted Jul 3, 2011
Authored by Shahriyar Jalayeri, Shahin

This is a whitepaper called The Arashi (A.K.A Storm). It discusses ASLR/DEP bypass techniques.

tags | paper
SHA-256 | dfa912b70bb400100b503c7a03da6c98181c89c6c0691fda5e22af5afb3f5a95
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
Posted Jun 27, 2011
Authored by Core Security Technologies, Shahin, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack based overflow vulnerability in the handling of the DXF files by Microsoft Visio 2002. Revisions prior to the release of the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application is used to import a specially crafted DXF file, while parsing the HEADER section of the DXF file. To trigger the vulnerability an attacker must convince someone to insert a specially crafted DXF file to a new document, go to Insert -> CAD Drawing.

tags | exploit, overflow
advisories | CVE-2010-1681, OSVDB-64446
SHA-256 | f61db5b3c647e82f60841a3bcc9f264bbf908d6398708df6e22042a47f1bc8a0
Adobe Flash Player Action Script Type Confusion
Posted Apr 19, 2011
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Flash Player versions prior to 10.1.53.64 Action script type confusion exploit.

tags | exploit
systems | linux
advisories | CVE-2010-3654
SHA-256 | 6a3bd8107ea80cac8dbedad82b6d7d57fa7090ea8489291d5ca2ed8531f0f4e4
HP NNM CGI webappmon.exe execvp Buffer Overflow
Posted Mar 23, 2011
Authored by sinn3r, Shahin | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP NNM's webappmon.exe. The vulnerability occurs when function "execvp_nc" fails to do any bounds-checking before strcat is used to append user-supplied input to a buffer.

tags | exploit, overflow
advisories | CVE-2010-2703, OSVDB-66514
SHA-256 | bf5a083c853de0a9689a85f8964a561ceaf21211433507a6060dcd2fcafba338
Adobe Shockwave Player Memory Corruption
Posted Oct 22, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.

tags | exploit
SHA-256 | 19c623243755d4e723f8bafe5e6b21f7bc24f231ced44057c528a648edd4ae9e
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2010-2738
SHA-256 | 6eba272c4ddfe295b0ebe851d90034b775b8db127a39cc09038726b42ce21ce2
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2010-2738
SHA-256 | a260a103493a82aa8d88ddc48ee57997d544d765bc8fd435d880fa00febbd6e1
Month Of Abysssec Undisclosed Bugs - Microsft Excel
Posted Sep 29, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a SxView record parsing heap memory corruption vulnerability.

tags | exploit
advisories | CVE-2010-1245
SHA-256 | 8559cd08f0e1060638d1e482eeca133768c0d9e3701ebe7a1a85f49dee8fc8c9
Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak
Posted Sep 28, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak suffers from a CVDecompress heap overflow vulnerability in its codec.

tags | advisory, overflow
advisories | CVE-2010-2553
SHA-256 | 65124a656048565c16fe91a3149770e7f68cfbffdd82624e64905bbbb95d814e
Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak
Posted Sep 28, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak suffers from a CVDecompress heap overflow vulnerability in its codec.

tags | exploit, overflow
advisories | CVE-2010-2553
SHA-256 | 00f17424302fd91647dac800773ce43c707c6f598027a71a9f04279d2141a88f
Month Of Abysssec Undisclosed Bugs - Mozilla Firefox CSS Font-Face
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Mozilla Firefox suffers from a CSS font-face remove code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2010-2752
SHA-256 | 5b733d55ed5f656b0c8561eae3de28583e3ce6a2888aefb5cad79797ad08def6
Month Of Abysssec Undisclosed Bugs - Mozilla Firefox CSS Font-Face
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Mozilla Firefox suffers from a CSS font-face remove code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2010-2752
SHA-256 | 50347efc2c502ca8dd20c3d52507b5f531dbc8450435c3b06a7242942e88a439
Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft MPEG Layer-3 audio decoder suffers from a division by zero vulnerability.

tags | advisory
SHA-256 | e6e26765c878ba55563e6249c698801bf3aa4237f9bda9c3924c9e56df1b61d5
Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft MPEG Layer-3 audio decoder suffers from a division by zero vulnerability.

tags | exploit
SHA-256 | 6708fd429929a7aa3fb84cca3be48f2b7faa5660f5bcd5647816d16b3809ea7a
Month Of Abysssec Undisclosed Bugs - Microsoft Excel OBJ
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2010-0822
SHA-256 | 90e4eca3114e400464524e7809c74e2f36089c0562ac6d2d58447aae06dab5a4
Month Of Abysssec Undisclosed Bugs - Microsoft Excel OBJ
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2010-0822
SHA-256 | d9410340312f60b503319f7532053666375cbb0cdcd8a58cfbcbb3d505181aee
Month Of Abysssec Undisclosed Bugs - Microsoft Excel HFPicture Record Parsing
Posted Sep 24, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a HFPicture record parsing memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
SHA-256 | ed69d60e4c3d59b47aba430326389a5dca35ba90211acc177fc56d413ba87607
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader
Posted Sep 24, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash suffer from a "newfunction" remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2010-2168
SHA-256 | 1bc1e5853aff3fb7f9bb1f522028e4556e70e177036a9d130790516e86aefd38
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader
Posted Sep 24, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash suffer from a "newfunction" remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2010-2168
SHA-256 | 6c33254241b469c1f265f347ed24dc65c92f8ef79a26884ed512ba2b8437ad5d
Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director
Posted Sep 23, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director suffers from a tSAC Chunk memory corruption vulnerability.

tags | advisory
SHA-256 | ced57ebaada34cf4eedbeb7b75ff1d8d9a0a559814a00a6fd280fb114a190e7d
Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director
Posted Sep 23, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director suffers from a tSAC Chunk memory corruption vulnerability.

tags | exploit
SHA-256 | cfed80acab1852e1bb402c1bfba8bb492b562d6271a0ca9214fd4361e41ae355
Month Of Abysssec Undisclosed Bugs - Microsoft Excel WOPT
Posted Sep 21, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a WOPT record parsing heap memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
advisories | CVE-2010-0824
SHA-256 | fe880ccab01d65f59e8f668c6229f63f7ddcc6fc21b3ff91caf035b6a6c9da43
Page 1 of 3
Back123Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    33 Files
  • 8
    Feb 8th
    34 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close