what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 23 of 23

Files from Saif El-Sherei

ManageEngine Applications Manager Build 12700 Information Disclosure / SQL Injection

Posted May 5, 2016

Authored by Saif El-Sherei

ManageEngine Applications Manager build 12700 suffers from information disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure

SHA-256 | 9638bd04858f548d97b6c5c4af204f6913898488f0894e3070466dacb592dded

Download | Favorite | View

VLC Media Player 2.1.2 Denial Of Service

Posted Feb 6, 2014

Authored by Saif El-Sherei

VLC Media Player version 2.1.2 denial of service proof of concept integer division by zero exploit.

tags | exploit, denial of service, proof of concept

advisories | CVE-2014-1684

SHA-256 | e8080f60a26416fb2e3fb8b700578598d70d8d39ad0a3beed77c793a95aaa73c

Download | Favorite | View

Understanding C Integer Boundaries

Posted Sep 24, 2013

Authored by Saif El-Sherei

This is a brief whitepaper tutorial to help facilitate the understanding of C integer boundaries (overflows and underflows).

tags | paper, overflow

SHA-256 | 9017f0c8e3e11504b161f2abf7f058a5d57d87373489674675bfd92f1d5caf25

Download | Favorite | View

Return-to-libc Tutorial

Posted Sep 24, 2013

Authored by Saif El-Sherei

This is a brief whitepaper tutorial discussing return-to-libc exploitation.

tags | paper

SHA-256 | f1935f980e5eab5d3c4772be6b97efb487d82c08b13fc527519a912c04c08094

Download | Favorite | View

Integer Overflow / Underflow Exploitation Tutorial

Posted Sep 24, 2013

Authored by Saif El-Sherei

This is a brief whitepaper tutorial that discusses integer overflows and underflows.

tags | paper, overflow

SHA-256 | 9b9f3ebcd70a62a4189cceeaf49edd91a6d027ae60c29bc9f51bfd8eb1a1f3fa

Download | Favorite | View

Stack Based Buffer Overflow Exploitation Tutorial

Posted Sep 23, 2013

Authored by Saif El-Sherei

This is a brief whitepaper tutorial discussing stack-based buffer overflow exploitation.

tags | paper, overflow

SHA-256 | 11b14091592ce665a4052fa63c683bede3f54a2039f3e8ac022b17bc903078c5

Download | Favorite | View

Format String Exploitation Tutorial

Posted Sep 23, 2013

Authored by Saif El-Sherei

This is a brief whitepaper tutorial that discusses format string exploitation.

tags | paper

SHA-256 | 1544465d9c53bc46b45f199277e5af8bfc93c0c6d2f40f5ff2478c2db9d3714b

Download | Favorite | View

Off-By-One Exploitation Tutorial

Posted Sep 23, 2013

Authored by Saif El-Sherei

This whitepaper is called Off-By-One Exploitation Tutorial. The off by one vulnerability in general means that if an attacker supplied input with certain length if the program has an incorrect length condition the program will write one byte outside the bounds of the space allocated to hold this input causing one of two scenarios depending on the input.

tags | paper

SHA-256 | 5f0e7988d1f9efa82633300226d7ad14a89ebbc4f3ad3eb4a3d67306232ea70c

Download | Favorite | View

Return-Oriented-Programming

Posted Sep 23, 2013

Authored by Saif El-Sherei

Whitepaper called Return-Oriented-Programming (ROP FTW).

tags | paper

SHA-256 | 0df3dba7ba4fbf596b77ccb6bcaf64bddf65e2fae569ec24d7481f4b6ce3f8b6

Download | Favorite | View

WordPress UPM-POLLS 1.0.4 Blind SQL Injection

Posted Dec 11, 2011

Authored by Saif El-Sherei

WordPress UPM-POLLS plugin version 1.0.4 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 98921f30cbd1957f41300ca9134e7e6e2f77a9de7141c68ac2698d31cd442e95

Download | Favorite | View

WeBid 1.0.2 Cross Site Scripting / SQL Injection

Posted Jun 17, 2011

Authored by Saif El-Sherei

WeBid version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 0bce39b5bffc7a4bc13046662ad8b39b8fab588076ace249f26f92528f70f715

Download | Favorite | View

ZenPhoto 1.4.0.3 Cross Site Scripting

Posted Apr 22, 2011

Authored by Saif El-Sherei

ZenPhoto version 1.4.0.3 suffers from a x-forwarded-for HTTP header persistent cross site scripting vulnerability.

tags | exploit, web, xss

SHA-256 | 31943b0ed4c18db66f55e83de7afe3e61f31ce216337eebd49027363f3ec405c

Download | Favorite | View

Relevanssi 2.7.2 Cross Site Scripting

Posted Feb 24, 2011

Authored by Saif El-Sherei

WordPress plugin Relevanssi User Searches version 2.7.2 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 76749fc499c98e9eac65ec4bb7effa27387d7bc7dfdddba9afb3483a0f68f2ea

Download | Favorite | View

GigPress 2.1.10 Cross Site Scripting

Posted Feb 24, 2011

Authored by Saif El-Sherei

WordPress plugin GigPress version 2.1.10 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 60271d96a706125046c8d70c43a6ff00813e622943ff4ae8ee8dbfffeb923397

Download | Favorite | View

Icy Phoenix 1.3.0.53a Cross Site Scripting

Posted Feb 20, 2011

Authored by Saif El-Sherei

Icy Phoenix version 1.3.0.53a suffers from a HTTP referer stored cross site scripting vulnerability.

tags | exploit, web, xss

SHA-256 | 7e21dc6cb916e5754d234f2cc69721fa5bf810a752f56e4374e0459c035fe46e

Download | Favorite | View

Eventum 2.3.1 Stored Cross Site Scripting

Posted Feb 20, 2011

Authored by Saif El-Sherei

Eventum version 2.3.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | cb295a1e7e93f019aa19e9a36adcdb63bce4b05f67ec606e15dee157e351b661

Download | Favorite | View

PHP-Fusion Auto Database System 1.0 Infusion SQL Injection

Posted Feb 8, 2011

Authored by Saif El-Sherei

PHP-Fusion Auto Database System version 1.0 Infusion suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection

SHA-256 | 707572eda0949f9187d7f0eb4227494189e0f6d0dd2ddc05a645688c48d316b8

Download | Favorite | View

JAKCMS 2.0 PRO RC5 Stored Cross Site Scripting

Posted Feb 7, 2011

Authored by Saif El-Sherei

JAKCMS version 2.0 PRO RC5 suffers from a stored cross site scripting vulnerability that is leveraged via user-agent HTTP header injection.

tags | exploit, web, xss

SHA-256 | 0fa14945da66a1025b90d7c2d83ae4c10d8911af357302c935b38825ea48f490

Download | Favorite | View

NinkoBB 1.3RC5 Stored Cross Site Scripting

Posted Jan 26, 2011

Authored by Saif El-Sherei

NinkoBB version 1.3RC5 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | fdd928f2d4a74862bfd438ea010c17bdf53d51bdf3ec9be94e314271f040f726

Download | Favorite | View

PHP-Fusion Team Structure Infusion SQL Injection

Posted Jan 16, 2011

Authored by Saif El-Sherei

PHP-Fusion Team Structure Infusion suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection

SHA-256 | fe56cc3ad8cf8d69a82f6cfc1199c45c4a0f776e96da2f877885d15711d94004

Download | Favorite | View

glfusion CMS 1.2.1 Cross Site Scripting

Posted Jan 14, 2011

Authored by Saif El-Sherei

glfusion CMS version 1.2.1 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 7a3e610c9d58ff611844e59f6bd52516278164a8d1fc59bf3d06bec32059c272

Download | Favorite | View

Lifetype 1.2.10 HTTP Referer Cross Site Scripting

Posted Jan 12, 2011

Authored by Saif El-Sherei

Lifetype version 1.2.10 suffers from a HTTP referer persistent cross site scripting vulnerability.

tags | exploit, web, xss

SHA-256 | 8561472683c237f97e479ff45778a4766cfc551b2fe037369ecf260a0e801a25

Download | Favorite | View

WordPress statspressCN 1.9.0 Stored Cross Site Scripting

Posted Jan 20, 2010

Authored by Saif El-Sherei

The WordPress statspressCN plugin version 1.9.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | f6bd7dda63607ede5e4c13e0fc24faa70b7abb9bce55899b1ff2b68e12c7f8ee

Download | Favorite | View