what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files

WPS Office .ppt Heap Memory Corruption
Posted Feb 2, 2016
Authored by Francis Provencher

WPS Office versions prior to 2016 suffer from a .ppt handling heap memory corruption vulnerability.

tags | exploit
systems | linux
SHA-256 | c923f6074303a0b1c0816b423632b29ed089c5110ee83b92336cde422deca0ad

Related Files

Adobe Flash 24.0.0.186 Code Execution
Posted Jan 12, 2017
Authored by Francis Provencher

This documented vulnerability allows a remote attacker to execute malicious code or access to a part of the dynamically allocated memory using a user interaction visiting a Web page or open a specially crafted SWF file, an attacker is able to create an "out of bound" memory corruption. A file with an "ActionRecord" structure that contains an invalid value in "ActionGetURL2" could lead to remote code execution in the context of the current user. Proof of concept code included.

tags | exploit, remote, web, code execution, proof of concept
advisories | CVE-2017-2930
SHA-256 | a82caebb5c5fc9804ff5b2892d98866fc05cb593b2b4a76497466e64a24e0c5a
Cisco Webex Player T29.10 Use-After-Free Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .wrf use-after-free memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1464
SHA-256 | e0ff7bc989af814b4c67fc1a215c0c9c5b753220fb884757fa81ba1faab1c1c4
Cisco Webex Player T29.10 Out-Of-Bounds Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Cisco Webex Player version T29.10 suffers from a .arf out-of-bounds memory corruption vulnerability.

tags | exploit
systems | cisco
advisories | CVE-2016-1415
SHA-256 | a011619db8c6fd4ad93cbef076bea08ee8225e2099c8f79385d859e2926070b0
Adobe Flash Player 23.0.0.162 ConstantPool Memory Corruption
Posted Oct 13, 2016
Authored by Francis Provencher

Adobe Flash Player version 23.0.0.162 suffers from a .swf ConstantPool critical memory corruption vulnerability.

tags | exploit
advisories | CVE-2016-4273
SHA-256 | b21e6f4153b4cfbee102aa28f303f491feffd16661307457dbafe88dcf09dcca
Microsoft Office Word 2013 / 2016 Denial Of Service
Posted Aug 16, 2016
Authored by Francis Provencher

Microsoft Office Word 2013 and 2016 suffer from a sprmSdyaTop denial of service vulnerability as described in MS16-099.

tags | exploit, denial of service
advisories | CVE-2016-3316
SHA-256 | 1d08affda8ea6047713326103a60d74176d11268a3f9b5d83d8075f46d7fae20
Microsoft Office Word 2007 / 2010 / 2013 / 2016 Remote Code Execution
Posted Aug 12, 2016
Authored by Sebastien Morin

Microsoft Office Word versions 2007, 2010, 2013, and 2016 suffer from an out-of-bounds read that allows for remote code execution. This vulnerability is noted in MS16-099.

tags | exploit, remote, code execution
advisories | CVE-2016-3313
SHA-256 | 5dc639df15fe3dfecdaa122d36769f8e5e3dee79723e21896bf758f96aa8f694
Apple Quicktime FPX / PSD File Parsing Memory Corruption
Posted Mar 30, 2016
Authored by Francis Provencher

Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.

tags | exploit, vulnerability, proof of concept
systems | linux, apple
advisories | CVE-2016-1767, CVE-2016-1768, CVE-2016-1769
SHA-256 | 75dc3f56f008a8dff11a4e6782315336b04b08630b92550374fb4ef2d5ccb3a4
Adobe Photoshop CC 16.1.1 / Bridge CC 6.1.1 Memory Corruption
Posted Feb 12, 2016
Authored by Francis Provencher

Adobe Photoshop CC versions 16.1.1 (2015.1.1) and below and Bridge CC versions 6.1.1 and below suffer from multiple memory corruption vulnerabilities. Proof of concept files included.

tags | exploit, vulnerability, proof of concept
systems | linux
advisories | CVE-2016-0951, CVE-2016-0952, CVE-2016-0953
SHA-256 | c47fea6ad11b93329fb19de9eea9fb407d4dffd7dd33d618f48d7e6208f37393
WPS Office .xls Heap Memory Corruption
Posted Feb 2, 2016
Authored by Francis Provencher

WPS Office versions prior to 2016 suffer from a .xls heap memory corruption vulnerability.

tags | exploit
systems | linux
SHA-256 | 476cf15eec088f70e8100ad310c3ea2867b0456828496bd8916bb8ae5071d3ea
WPS Office .ppt drawingContainer Memory Corruption
Posted Feb 2, 2016
Authored by Francis Provencher

WPS Office versions prior to 2016 suffer from a .ppt drawingContainer length header handling issue that leads to memory corruption.

tags | exploit
systems | linux
SHA-256 | a411e27867ca1ba40e37aa3138020d8f7128ac0da4a8986309e91e0f7b740381
WPS Office .doc OneTableDocumentStream Memory Corruption
Posted Feb 2, 2016
Authored by Francis Provencher

WPS Office versions prior to 2016 suffer from a .doc handling heap memory corruption issue when dealing with an invalid value in the OneTableDocumentStream data section.

tags | exploit
systems | linux
SHA-256 | 76a44964834b2694d4565f55fc042db4605bc079d54cd337da01eb554b69d3ea
VLC Media Player 2.2.1 Heap Memory Corruption
Posted Jan 28, 2016
Authored by Francis Provencher

VLC Media Player version 2.2.1 suffers from a heap memory corruption vulnerability when handling malformed mp4 files.

tags | exploit
systems | linux
SHA-256 | 43dc83338e58a0b5197ace97ec0c305748e3b03d919076f55f3174e828eb1787
cosign-vuln-2007-002.txt
Posted Apr 12, 2007
Authored by Jon Oberheide

A remotely exploitable vulnerability has been discovered that allows attackers who are already authenticated via cosign to assume the identity of an arbitrary user on a cosign-protected service. Organizations that run their own central cosign weblogin server should upgrade their weblogin server to cosign 2.0.2a, cosign 1.9.4b, or back-port the patch available at http://weblogin.org/download.html to the version of cosign they are running.

tags | advisory, web, arbitrary
SHA-256 | 9d3384ebd5ec682d699cff4c928f3b744c5e0e5409c6ed578391f6575dfe6c90
cosign-vuln-2007-001.txt
Posted Apr 12, 2007
Authored by Jon Oberheide

A remotely exploitable vulnerability has been discovered that allows attackers to bypass cosign weblogin server authentication and assume the identity of an arbitrary user on a cosign-protected service. Organizations that run their own central cosign weblogin server should upgrade their weblogin server to cosign 2.0.2a, cosign 1.9.4b, or back-port the patch available at http://weblogin.org/download.html to the version of cosign they are running.

tags | advisory, web, arbitrary
SHA-256 | 2a8d0ff9981290825587f63a0115fe1f88cd7ec7295e11fe261a0bc411f517c9
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close