Showing 1 - 9 of 9

Files from Thor Larholm

mozillaprotocolabuse.zip: Posted Jul 26, 2007; Authored by Thor Larholm | Site larholm.com; The Mozilla application platform currently has an unpatched input validation flaw which allows you to specify arbitrary command line arguments to any registered URL protocol handler process. Thunderbird version 2.0.0.5 fixes this. Full exploits included.; tags | exploit, arbitrary, protocol; SHA-256 | b87dd83511bb3193b27560787656bb08cbc129eb12d1eb43241e8ff546fbf7fb; Download | Favorite | View

ie-protocol.txt: Posted Jul 11, 2007; Authored by Thor Larholm; There is a URL protocol handler command injection vulnerability in Internet Explorer for Windows that allows you to execute shell commands with arbitrary arguments. This vulnerability can be triggered without user interaction simply by visiting a webpage.; tags | advisory, arbitrary, shell, protocol; systems | windows; SHA-256 | 97817c440ccad36fa887930439c3bdaf4a4453e3d8bf7987f58f1e95ea0330a9; Download | Favorite | View

safari-windows.txt: Posted Jun 13, 2007; Authored by Thor Larholm; Safari 3 for Windows beta remote command execution proof of concept exploit.; tags | exploit, remote, proof of concept; systems | windows; SHA-256 | 9a4308881a1a075b2196e199766d0f712a4c0161fa63fc94e0ea6dd4af3e7b95; Download | Favorite | View

phpmail.txt: Posted Jun 13, 2007; Authored by Thor Larholm; PHPMailer as included with applications such as WordPress, Mantis, etc, suffers from a remote command execution vulnerability.; tags | advisory, remote; SHA-256 | f2c609d930657cbbc333da78bb6360b7c18eb1bb0cdb23b91c07449ca9511476; Download | Favorite | View

firefox-traverse.txt: Posted Jun 7, 2007; Authored by Thor Larholm; The directory traversal fix in Firefox version 2.0.0.4 only partially fixed the flaw and accidentally circumvents an existing input validation check.; tags | advisory, file inclusion; SHA-256 | 4ad3e4fcce8b9bfb38e0e28040599ebf2b9642a4772941a3340a59feac189edf; Download | Favorite | View

thorISA.txt: Posted Jul 18, 2003; Authored by Thor Larholm; The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.; tags | advisory, xss; SHA-256 | 28d4e09c66a69895f688844fb1bccd3d2a1a91ee3d29b78564222eda4b3156f0; Download | Favorite | View

isaxss.txt: Posted Jul 18, 2003; Authored by Thor Larholm, Brett Moore SA | Site security-assessment.com; The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.; tags | advisory, xss; SHA-256 | 051076503bc72c2b87f59aeb4ad73074c982cd00eb77cfd9f35afb69941adc65; Download | Favorite | View

tl004.txt: Posted Oct 4, 2002; Authored by Thor Larholm | Site PivX.com; Thor Larholm security advisory TL#004 - Microsoft Windows 98 through XP contains an overflow in the Windows Help facility which allows arbitrary code execution. Denial of service exploit information included. Demonstration available here.; tags | denial of service, overflow, arbitrary, code execution; systems | windows; SHA-256 | bea9be97470c7487053026c3e2c1f3610d8ef2897d9cfc633dcf350e2450936c; Download | Favorite | View

ie.css.txt: Posted May 20, 2002; Authored by Thor Larholm | Site jscript.dk; IE 6sp1 for Windows 2000 and 98 has bugs in the showModalDialog and showModelessDialog methods of displaying dialog boxes which can be used to execute arbitrary commands. Most unpatched IE and Outook installations are vulnerable. Online demonstration exploit MS02-023, but IE 5.5 and 5.0 are still vulnerable.; tags | exploit, arbitrary; systems | windows; SHA-256 | adc13976e792486d71a781d3724cb4456937c63b31fb36bdbe418a967f248f48; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days