Real Name | High-Tech Bridge SA |
---|---|
Email address | advisory at htbridge.com |
Website | www.htbridge.com |
First Active | 2010-04-20 |
Last Active | 2016-08-03 |
Whitepaper called Userland Hooking in Windows. This document is the first of a series of five articles relating to the art of hooking. As a test environment, it will use an English Windows Seven SP1 operating system distribution.
14893704b2ff4c3c7c7d92d60513c25bdb78d545d4d5a830b05d02acc259c996
Social Slider version 5.6.2 suffers from a remote SQL injection vulnerability.
def2191cb4107ddcc9252bd156c2594d941ad065ef2ace5efac7e521f3953933
eShop version 6.2.8 for WordPress suffers from a cross site scripting vulnerability.
703af6dc7198a454e22868ca4a7b17b13d1cb18381b409a9e414b2b25db5fad8
HESK version 2.2 suffers from a cross site scripting vulnerability.
b407c62c329e834a9a10ae96e3c300a0c059cfc6e17fbd66601882e193114937
ThreeDify Designer version 5.0.2 suffers from Active-X insecure method and buffer overflow vulnerabilities.
a9ef54977565ac62eb5fc5f2fbc83d8daf0981d58baae77d3116595349ead071
The WordPress e-Commerce plugin version 3.8.5 suffers from a cross site scripting vulnerability.
f6db083a8fefeb5aef1c60ab5ef8a34c887bb04e1a50a4a1d5d65763f9666a74
PHPJunkyard 1.3 suffers from an open redirection vulnerability.
d235ad3a7ba3f0c743348f449d622badf370df041465698bce0d3d51132d2012
GBook PHP Guestbook version 1.7 suffers from multiple cross site scripting vulnerabilities.
59588e417db809bf333435c7a8cabc9f2c8964839b18cfe2446d56abeb28c186
Tiki Wiki CMS version 7.0 suffers from a cross site scripting vulnerability.
ec2d6bdcaf4a432a3e5516e038616a3e5f122796fa5e7f94f350407a10a545ee
Paltalk Messenger version 10.0 suffers from an Active-X insecure method vulnerability.
3b4401939b9bca69589a54c90655ff168e700c9fd2e7f74591bc6d8108accfef
aTube Catcher version 2.3.570 suffers from an insecure method vulnerability.
44a65c7fda84418a50d45584ee5618db08b4401eb2fe2ad6667112c3fff99959
iDrive Online Backup version 3.4.0 suffers from an insecure method vulnerability.
0f2708d94c32bd9303abeeb64b2876314479075db4dd0484443c170f5e29afad
Whitepaper called Defeating Data Execution Prevention and ASLR in Windows XP SP3. Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.
f469442a5a92bed1a1086a83f8aebc86f786d426e10337f16a54d94b71969b8e
Whitepaper called Structured Exception Handler Exploitation. The SEH exploitation technique was publicly documented by David Litchfield September, 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.
6e3042b60dc7dac5ac44837519701c34752fa6f26c6addfd50be7b699eb1b3b2
Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
0305582fef0a334d0098bff6db770a8a71c665735a44588fdd53e7b219351d8c
Whitepaper called Become Fully Aware of the Potential Dangers of Active-X Attacks. Exploiting Active-X components vulnerabilities in Windows has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies. This talk will explain this kind of attack and show how this flaw could be discovered while going through exploitation.
9eeb90330cfbccc1cd8f8478aef2e4c16a609d57f5f1172310f841fe03112f37
Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
2c1afb10f1f364d84902aa704ae75b54b7d538279adb0348248fba3c6e22acf9
FlatPress version 0.1010.1 suffers from multiple cross site scripting vulnerabilities.
156e35a641b41edf78ba633dd306e6c81d81b83382ecc5115b126f90b9f07374
Open-Realty version 3.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
e0bc18dbde6cc2bf1528cf84d03fe9e43b02f03c04a394af0f07f2ad8bb0950c
Ashampoo 3D CAD Professional version 3.0.1 suffers from an insecure method vulnerability.
8a1349f1a272f4679fe1272c1710a1de10a3496369c90b59b41bfd07080086c3
The Easewe FTP OCX ActiveX control suffers from an insecure method vulnerability.
4a9c90d45d0c708c1708e291908cb56414bc74ffcd886c5df2f50def8f299887
Kofax version 2.5.0.933 suffers from an arbitrary file overwrite vulnerability.
3281c8b5dece97ac0a85e385b7de5c6f12504838d5c29db6be1e5e33f9c43352
FanUpdate version 3.0 suffers from a cross site scripting vulnerability.
8aa6260c4a3817754f9c4fb660d63880ee97da901ced7c5af5b923f779758630
N-13 News version 4.0.1 suffers from a cross site scripting vulnerability.
c17aa361bfc2f6a23221bee79bc39454c793bad9b8908c13976f67d8307cf15b
Miniblog version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
8b565f2831b1710eebd03f8ffad05323b9419a9dbb712cca3ad4c811d6d17212