Proof of concept crash exploit for Safari on iOS that leverage a denial of service vulnerability.
b7aed7d45d2d8c141f4d038fb1e6bb148bd5d8c687b4740e140f2b04997e86d9A boundary error in the Xfpx.dll module when processing FlashPix images can be exploited to cause a heap-based buffer overflow via a specially crafted FPX file. Proof of concept included.
d3d27e656535c43a189940b4169f03b8e070dc18bbb730bd07e54480765d5f37A boundary error in the NCSEcw.dll module when decompressing Enhanced Compressed Wavelet images can be exploited to cause a heap-based buffer overflow via a specially crafted ECW file. Proof of concept included.
2b805ba8e0fb396319306ee83628841d7255eb906f045dd4b7bcf89a37a9e721An integer truncation error when processing Sun Raster images can be exploited to cause a heap-based buffer overflow via a specially crafted "Depth" value in a RAS file. Proof of concept included.
deec59b7511a6a5f9b798bbeb76b449e5acbef7e088fb4533468afed85672740Adobe Illustrator CS5.5 memory corruption proof of concept exploit that spawns a calculator.
35acd4b2f3b86dad800d4dd1e04e53c4376cae35b9ee1d7a968284f59cf357eeMozilla Firefox version 13.0 remote denial of service proof of concept exploit.
ae7f511ae4c9e3d17f34eb4e61e113606abd673ebae4661615339b1341be665cApple iTunes version 10.6.1.7 M3U playlist file walking heap buffer overflow proof of concept exploit. This also affects 10.6.0.40.
6ca043856d67f4a832ccf2fb3c9bc2d684d525d689f7920b7106be12c3031bb0This is a proof of concept remote root authentication bypass exploit for F5 BIG-IP. Written in Python.
56ead1dc2b7a0b89044841502ec4977b0bed8067f3b3118da72703e3b50cbed2The Format plugin in IrfanView version 4.33 suffers from a TTF file parsing stack based overflow vulnerability. Proof of concept TTF file included.
ef722236a74014bdcead5b4e91a1c08b978a058a903f4d9df3043c15edb2afa7IrfanView version 4.33 suffers from a format plugin ECW decompression heap overflow vulnerability. Proof of concept included.
c43538eed93169fc8652f2b6ea9ae40400dd1b5be469cc38d6a0f59a42a293b4Microsoft Wordpad version 5.1 suffers from a null pointer dereference vulnerability when handling .doc files. Proof of concept included.
f658d02c9b3a700c896b3777bb7470b170aca95ccaf5c375cb8266ecd8b4a3deMiniWeb Content-Length denial of service proof of concept exploit. Original vulnerability discovered by Luigi Auriemma.
f68adef9522b7ceb14448112ea32e0abd2f8d6621850e2a8a61eb0f2110c61a2There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) in all 2.6 versions (Windows and Linux versions) affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code. Proof of concept code included.
3314be7d12f71ac43757fa38c7b5d582d33d0a31d034dd7a8a87b9037b9edecbIt is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate third-party documents to resources served with Content-Disposition: attachment, in which case, you get the original contents of the address bar, plus a rogue download prompt attached to an unsuspecting page that never wanted you to download that file. Proof of concept code included.
c8e117983282dd44d231f39a10dc8b0b2bf8c46c42490f1cf78aeb4b75db6be8iOS versions 5.1.1 and below Safari Browser JS match(), search() crash proof of concept exploit.
88bf13ee6936fd4a41664c0ccb5fe91fdf90eb621dae78246483afea0a274ca3ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.
b262a9976e97dcbc6e64df36a7f4ee9302668979e3d09d6cc91825b139dcfedeSymantec End Point Protection version 11.x and Symantec Network Access Control version 11.x local code execution proof of concept exploit.
d2c6c09960003fa18cb090bcea7cbd0573d048ef3bac16353e5db8e15ab33911This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.
54effee805a222747d3e4ec5807005657d3668ba3d5cbbdb7f184fa0ed2f64c3Liferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.
f0c48ee96cb75fd2a8d5d59f4b09ac01709712a9b3fbfe5a377400b30d006239Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.
d11b15fccafdf18190f23d0b7a7f20f25dfc6fada15ef8cba05227b1c2721da0Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.
ffa34db28244865608548350015903d37722b844554e14ccaf7d8347188e784aLiferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.
6619bfbbf1dbfa7eb563e65bcabfac916b63c4ac1431da326cb548fddb4f5fddFlexNet License Server Manager versions 11.9.1 and below suffer from a stack overflow vulnerability in lmgrd. Proof of concept included.
e1685cec49a2c9fdbef7f2df8194086852d758d0cee891a610d91b40c7e329acPro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
6eba0c58436511df2a7c1ddd9624d256ee11fcd20a797290f0587ece9614fe70QNX phrelay/phindows/phditto suffer from bpe_decompress stack overflow and Photon Session buffer overflow vulnerabilities. Proof of concept test code included.
a8febe1f7594f7227637fd1ab3e211df28595f24d5860319add7faa94e431a79Adobe Photoshop version CS5.1 U3D.8BI suffers from a library collada asset elements stack based buffer overflow vulnerability. Proof of concept included.
3b56287d07b0ddbf3d319fb8f5847cc3fb85dc7f6c1df369e6873d52c0c28335
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed