accept no compromises
Showing 1 - 25 of 73 RSS Feed

Files from Shahin

Email addressshahin at abysssec.com
First Active2010-09-01
Last Active2013-01-15
DOMSDAY: Analyzing A DOM-Based XSS In Yahoo!
Posted Jan 15, 2013
Authored by Abysssec, Shahin | Site abysssec.com

This is a whitepaper that discusses a reflective cross site scripting issue in *.adspecs.yahoo.com due to sessvars.js not filtering before performing an eval.

tags | paper, xss
MD5 | 6d8f64ccc1b56f5cf131440f943b5d8c
MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
Posted Nov 23, 2011
Authored by Nicolas Joly, Shahin, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ (recType 0x5D) record an attacker can get the control of the execution flow. This results arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
advisories | CVE-2010-0822, OSVDB-65236
MD5 | 6f5954aac28ff3859ec7c0d6b3cb1112
MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow
Posted Aug 13, 2011
Authored by Javier G. Sanchez, Shahin, juan vazquez, Yamata Li | Site metasploit.com

This Metasploit module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. Please note on IE 8 targets, your malicious URL must be a trusted site in order to load the .Net control.

tags | exploit, overflow, shellcode
advisories | CVE-2010-0480, OSVDB-63749
MD5 | a4fc75931c79408d2af8663e709a2fc9
The Arashi AKA Storm
Posted Jul 3, 2011
Authored by Shahriyar Jalayeri, Shahin

This is a whitepaper called The Arashi (A.K.A Storm). It discusses ASLR/DEP bypass techniques.

tags | paper
MD5 | 654d0f3070875616c04873f913c7a798
Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability
Posted Jun 27, 2011
Authored by Core Security Technologies, Shahin, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack based overflow vulnerability in the handling of the DXF files by Microsoft Visio 2002. Revisions prior to the release of the MS bulletin MS10-028 are vulnerable. The overflow occurs when the application is used to import a specially crafted DXF file, while parsing the HEADER section of the DXF file. To trigger the vulnerability an attacker must convince someone to insert a specially crafted DXF file to a new document, go to Insert -> CAD Drawing.

tags | exploit, overflow
advisories | CVE-2010-1681, OSVDB-64446
MD5 | 92be6ebfb8678a09411078e55cbd48eb
Adobe Flash Player Action Script Type Confusion
Posted Apr 19, 2011
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Flash Player versions prior to 10.1.53.64 Action script type confusion exploit.

tags | exploit
systems | linux
advisories | CVE-2010-3654
MD5 | 8c9117c92f56abaea8f8297256c1fa1e
HP NNM CGI webappmon.exe execvp Buffer Overflow
Posted Mar 23, 2011
Authored by sinn3r, Shahin | Site metasploit.com

This Metasploit module exploits a buffer overflow in HP NNM's webappmon.exe. The vulnerability occurs when function "execvp_nc" fails to do any bounds-checking before strcat is used to append user-supplied input to a buffer.

tags | exploit, overflow
advisories | CVE-2010-2703, OSVDB-66514
MD5 | a58d12aeaf3dd2abf31bee75fa9d8bcb
Adobe Shockwave Player Memory Corruption
Posted Oct 22, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.

tags | exploit
MD5 | 4d8cb1cad42b76e5b40a9248e227fa53
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2010-2738
MD5 | 9483d4cd1c3443828f7a3a772fc8c077
Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor
Posted Oct 1, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2010-2738
MD5 | 4cac8b387c9e8c86b4bbbf12f4c8fb7d
Month Of Abysssec Undisclosed Bugs - Microsft Excel
Posted Sep 29, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a SxView record parsing heap memory corruption vulnerability.

tags | exploit
advisories | CVE-2010-1245
MD5 | c3f32248b631cd7cc20497552726364e
Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak
Posted Sep 28, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak suffers from a CVDecompress heap overflow vulnerability in its codec.

tags | advisory, overflow
advisories | CVE-2010-2553
MD5 | f48ed0ee784e23474b5f7e9017b259b1
Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak
Posted Sep 28, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Cinepak suffers from a CVDecompress heap overflow vulnerability in its codec.

tags | exploit, overflow
advisories | CVE-2010-2553
MD5 | 28e05c2666830ab8e90efd6591889b96
Month Of Abysssec Undisclosed Bugs - Mozilla Firefox CSS Font-Face
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Mozilla Firefox suffers from a CSS font-face remove code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2010-2752
MD5 | 32c4bb3fd8de36b6b1e9e98df0477f89
Month Of Abysssec Undisclosed Bugs - Mozilla Firefox CSS Font-Face
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Mozilla Firefox suffers from a CSS font-face remove code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2010-2752
MD5 | 8795c9135458cfaadb45948359ae43fa
Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft MPEG Layer-3 audio decoder suffers from a division by zero vulnerability.

tags | advisory
MD5 | fcc85c90f58c57431f0ec5fdc0088e87
Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - The Microsoft MPEG Layer-3 audio decoder suffers from a division by zero vulnerability.

tags | exploit
MD5 | daf7dc11c2e4fe52f2e5e35c1304374d
Month Of Abysssec Undisclosed Bugs - Microsoft Excel OBJ
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2010-0822
MD5 | 7aecb197a63707f059d200f83fbaf47f
Month Of Abysssec Undisclosed Bugs - Microsoft Excel OBJ
Posted Sep 25, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers an OBJ record stack overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2010-0822
MD5 | 5b13bdb12456a56de6f462798fbd4e05
Month Of Abysssec Undisclosed Bugs - Microsoft Excel HFPicture Record Parsing
Posted Sep 24, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a HFPicture record parsing memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
MD5 | 67fd424e7f07751c4342483ca17f638e
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader
Posted Sep 24, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash suffer from a "newfunction" remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2010-2168
MD5 | a0eea6fb5eebed469414187079ce7655
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader
Posted Sep 24, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash suffer from a "newfunction" remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2010-2168
MD5 | f543ee1875baac64ad72144d985bd8d0
Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director
Posted Sep 23, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director suffers from a tSAC Chunk memory corruption vulnerability.

tags | advisory
MD5 | c59199c8142867464ac44c843dc287f3
Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director
Posted Sep 23, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Adobe Shockwave Director suffers from a tSAC Chunk memory corruption vulnerability.

tags | exploit
MD5 | 72bcee2157606d810e4bfb257f766554
Month Of Abysssec Undisclosed Bugs - Microsoft Excel WOPT
Posted Sep 21, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Month Of Abysssec Undisclosed Bugs - Microsoft Excel suffers from a WOPT record parsing heap memory corruption vulnerability. Proof of concept included.

tags | exploit, proof of concept
advisories | CVE-2010-0824
MD5 | 312e375131ffd5c847ea5ffed7b32309
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close