Microsoft Windows Server Service code execution exploit that takes advantage of the vulnerability listed in MS08-067.
43b4b06abdc9d1dc848be3b0b2df235bd5a1c33ca656f9b08764ada9e5b5ab7e
Adobe Reader Javascript printf buffer overflow exploit that binds a shell to port 4444.
1e213062186279cdaf0882da17b2e65180dd814cce5f690ea88450c1f8b75c9c
Multiple CRLF injection aka HTTP response splitting vulnerabilities have been identified in Google AdWords which may be exploited to inject arbitrary HTTP headers.
062562a8590bce4277ad7237fb661cbe785c2f43af14a6b3863075554454d6bd
Shop-Script suffers from multiple HTTP response splitting vulnerabilities. POC included.
6d26cc8e33feba6e5ec461f5967a7deebc9b5bd0abb14de790021141377573fb
Malicious Flash files with explicit java scripts can be embedded within Excel spreadsheets using a "Shockwave Flash Object" which can be made to run once the file is opened by the user.
5a7270e94904c8f983d1492db68f75bb9c93b353ea280930959f3a68958cfd1f
Firefox version 1.5.0.3 with IE Tab version 1.0.9 on Windows XP/2k suffers from a null pointer dereference bug.
cc0015c8a3dbf991cbe4abdd828b84520776ba42c305e028b8812cb6094baab5
Google reader is supposed to display only those contents which the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using google reader service) to view unwanted web contents carrying malicious payloads.
7b5cfc8166efe4aad445c202f3c534911b697134b00dbe62e5e065872e8c800a
w3wp remote DoS exploit due to improper reference of STA COM components in ASP.NET.
012bbb7a3a8e236db1320cbab6d721129dda52a8403343cea4180f2a6ff96e14
It is possible to DOS the IIS Worker Process (w3wp) due to improper reference of STA COM components in ASP.NET. POC Exploit included.
08835ab51fb255d6fe3eb1745d1e532f650748175084efc2259cda056de558dc
Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
b1be74e59c96822e90d0d4e5c97dcb26b009d8564d84704e647d8be123188fd9
PHPMyChat version 0.14.5 is susceptible to an authentication bypass flaw.
e21132e09686aa0b1fa8aa1535049e3fbce72cb2a85077b7d8d03ec406b83041
Zone Alarm products with Advance Program Control or OS Firewall Technology enabled, detects and blocks almost all APIs which are commonly used by malicious programs to send data via http by piggybacking over other trusted programs. However, it is still possible for a malicious programs to make outbound connections to the evil site by piggybacking over trusted Internet browser using "HTML Modal Dialog" in conjunction with simple JavaScript. POC code provided.
6a46a2572af3dd1abd885d847dcf1d1d546bfc278f44b84cfbce2a5e7a3651eb
This proof of concept explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running a pirated copy of Windows XP.
f0ce619089e25cac5ce67e00f1bbdd6bcafd35a9367e9e68693cf0d792c122b2
Write up discussing a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.
0bf50c337ec9fbe542418f18b4fc538ccfdf1b3d1c5af837b01094ce509c4ddd
When IE is configured to access internet using proxy, the user's authentication details are cached locally without IE prompting the user. Even though the 'save my password' option is not checked, the user's proxy authentication details are cached locally without the user's knowledge.
0afdaa1201b34beaf9de9a6ea3a190f4c9ef2424ffe6f9567f5212528e587cb3
Methods exist to allow for Microsoft ISA authentication bypass when the server is configured as a proxy.
20d67b32faeaa9d4c6a6633a67f0bc202a0ca8b8aa5ad2d7669d258aff6babcc