| Real Name | High-Tech Bridge SA |
|---|---|
| Email address | advisory at htbridge.com |
| Website | www.htbridge.com |
| First Active | 2010-04-20 |
| Last Active | 2016-08-03 |
Whitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.
14893704b2ff4c3c7c7d92d60513c25bdb78d545d4d5a830b05d02acc259c996Social Slider version 5.6.2 suffers from a remote SQL injection vulnerability.
def2191cb4107ddcc9252bd156c2594d941ad065ef2ace5efac7e521f3953933eShop version 6.2.8 for WordPress suffers from a cross site scripting vulnerability.
703af6dc7198a454e22868ca4a7b17b13d1cb18381b409a9e414b2b25db5fad8HESK version 2.2 suffers from a cross site scripting vulnerability.
b407c62c329e834a9a10ae96e3c300a0c059cfc6e17fbd66601882e193114937ThreeDify Designer version 5.0.2 suffers from Active-X insecure method and buffer overflow vulnerabilities.
a9ef54977565ac62eb5fc5f2fbc83d8daf0981d58baae77d3116595349ead071The WordPress e-Commerce plugin version 3.8.5 suffers from a cross site scripting vulnerability.
f6db083a8fefeb5aef1c60ab5ef8a34c887bb04e1a50a4a1d5d65763f9666a74PHPJunkyard 1.3 suffers from an open redirection vulnerability.
d235ad3a7ba3f0c743348f449d622badf370df041465698bce0d3d51132d2012GBook PHP Guestbook version 1.7 suffers from multiple cross site scripting vulnerabilities.
59588e417db809bf333435c7a8cabc9f2c8964839b18cfe2446d56abeb28c186Tiki Wiki CMS version 7.0 suffers from a cross site scripting vulnerability.
ec2d6bdcaf4a432a3e5516e038616a3e5f122796fa5e7f94f350407a10a545eePaltalk Messenger version 10.0 suffers from an Active-X insecure method vulnerability.
3b4401939b9bca69589a54c90655ff168e700c9fd2e7f74591bc6d8108accfefaTube Catcher version 2.3.570 suffers from an insecure method vulnerability.
44a65c7fda84418a50d45584ee5618db08b4401eb2fe2ad6667112c3fff99959iDrive Online Backup version 3.4.0 suffers from an insecure method vulnerability.
0f2708d94c32bd9303abeeb64b2876314479075db4dd0484443c170f5e29afadWhitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.
f469442a5a92bed1a1086a83f8aebc86f786d426e10337f16a54d94b71969b8eWhitepaper called Structured Exception Handler Exploitation. The SEH exploitation technique was publicly documented by David Litchfield September, 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.
6e3042b60dc7dac5ac44837519701c34752fa6f26c6addfd50be7b699eb1b3b2Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
0305582fef0a334d0098bff6db770a8a71c665735a44588fdd53e7b219351d8cWhitepaper called Become Fully Aware of the Potential Dangers of Active-X Attacks. Exploiting Active-X components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
9eeb90330cfbccc1cd8f8478aef2e4c16a609d57f5f1172310f841fe03112f37Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
2c1afb10f1f364d84902aa704ae75b54b7d538279adb0348248fba3c6e22acf9FlatPress version 0.1010.1 suffers from multiple cross site scripting vulnerabilities.
156e35a641b41edf78ba633dd306e6c81d81b83382ecc5115b126f90b9f07374Open-Realty version 3.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
e0bc18dbde6cc2bf1528cf84d03fe9e43b02f03c04a394af0f07f2ad8bb0950cAshampoo 3D CAD Professional version 3.0.1 suffers from an insecure method vulnerability.
8a1349f1a272f4679fe1272c1710a1de10a3496369c90b59b41bfd07080086c3The Easewe FTP OCX ActiveX control suffers from an insecure method vulnerability.
4a9c90d45d0c708c1708e291908cb56414bc74ffcd886c5df2f50def8f299887Kofax version 2.5.0.933 suffers from an arbitrary file overwrite vulnerability.
3281c8b5dece97ac0a85e385b7de5c6f12504838d5c29db6be1e5e33f9c43352FanUpdate version 3.0 suffers from a cross site scripting vulnerability.
8aa6260c4a3817754f9c4fb660d63880ee97da901ced7c5af5b923f779758630N-13 News version 4.0.1 suffers from a cross site scripting vulnerability.
c17aa361bfc2f6a23221bee79bc39454c793bad9b8908c13976f67d8307cf15bMiniblog version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
8b565f2831b1710eebd03f8ffad05323b9419a9dbb712cca3ad4c811d6d17212
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed