exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 48 RSS Feed

Files

alpha-fmtstr.txt
Posted Sep 28, 2001
Authored by Truefinder | Site igrus.inha.ac.kr

How to Exploit Format String Vulnerabilities under Alpha Linux. Includes techniques and example code.

tags | paper, vulnerability
systems | linux, unix
SHA-256 | fb0fd3f5ea1da71d3480f0ab3b12774cb66642a7b3267859fa03b1b693e6053e

Related Files

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
Posted Sep 14, 2021
Authored by Ricardo Jose Ruiz Fernandez

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload.

tags | exploit, remote, web, shell
advisories | CVE-2021-40845
SHA-256 | db3e0721685ee34c318d514cffb76f972c85d297a6080f1d2a9693cb1d01d628
Breaking The Business Logics
Posted Mar 17, 2021
Authored by Manas Harsh

Whitepaper called Breaking the Business Logics It is intends to provide the idea of business logic vulnerabilities and how to exploit them. There are theoretical scenarios as well where common flaws are discussed.

tags | paper, vulnerability
SHA-256 | bdfa585849987cf27ac17432358edb5741e616a3b4025257978012426a6b0fa0
Alphaware E-Commerce System 1.0 Shell Upload / SQL Injection
Posted Mar 16, 2021
Authored by Christian Vierschilling

Alphaware E-Commerce System version 1.0 suffers from unauthenticated remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | fbecea6b0c82b953bb75a6982c2fca7d4e938869ab5be9cbc4582b315ab49413
Understanding And Exploiting Zerologon
Posted Jan 6, 2021
Authored by Siddharth Balyan, Nandini Rana

Zerologon is a vulnerability in Microsoft's Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.

tags | paper, remote, protocol
advisories | CVE-2020-1472
SHA-256 | 1e8879b0c6ba12ad9930150a8a890fbd74b58b7738cb0d85c748a3c4e587a875
How To Exploit PHP Remotely To Bypass Filters And WAF Rules
Posted Dec 25, 2018
Authored by themiddleblue

Whitepaper called How to Exploit PHP Remotely to Bypass Filters and WAF Rules.

tags | paper, php
SHA-256 | 5fbd63af6d3a918065baeb5f2be47782991fbefaa832030c2fb021180b3f1825
How To Exploit EternalBlue And DoublePulsar Spanish Version
Posted Apr 20, 2017
Authored by Sheila A. Berta

Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. Spanish version of this paper.

tags | paper
systems | windows
SHA-256 | 50bf49894518deda534f1032b98b7e30137585abe5130ca8b0a557aa5ddf01e5
How To Exploit EternalBlue And DoublePulsar English Version
Posted Apr 20, 2017
Authored by Sheila A. Berta

Whitepaper explaining how to exploit EternalBlue and DoublePulsar to get an empire/meterpreter session on Windows 7 and 2008. English version of this paper.

tags | paper
systems | windows
SHA-256 | 9826659afad14c5aaeede84482ba6c38303eb65a202931871de20350a1ab3548
Heap Two-Write-Where-And-Not Format String (FMS) Technique
Posted Sep 7, 2016
Authored by bashis

This write up provides code of the 'two-write-where-and-what' format string (FMS) exploitation technique and how to exploit it when located on the heap.

tags | paper
SHA-256 | 16841cd5b6ed14ba9eb7eb5ef0c058099fb5874500ad3084fa66dcad12dcd4d8
How To Exploit Magic Values In 32-Bit Processes On 64-Bit OSes
Posted Jun 22, 2016
Authored by SkyLined

This is a brief write-up on how magic values in 32-bit processes on 64-bit OSes work and how to exploit them.

tags | paper
advisories | CVE-2014-1592
SHA-256 | 0e22f4f695fe5a82d5a78008e35426ae71abb83926c813e23d3e43569e903c82
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
Posted Sep 24, 2014
Authored by Aniway, juan vazquez, Mohsan Farid, Brent Morris, Preston Thornburg | Site metasploit.com

This Metasploit module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This Metasploit module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-0928
SHA-256 | 3e993a7e854efa86fb910cf5ae6005aed96bf8fef7a6b5ff28fe00ff12003031
Mandriva Linux Security Advisory 2013-153
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-153 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range. This can lead to a DoS. There are no known instances of this problem being used as a DoS in the wild. The updated packages have been upgraded to the 1.7.9 version which is not affected by these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884
SHA-256 | ac52fca2c6e52678143574a204e2908949235f35cf7c438923678f0725019825
Mandriva Linux Security Advisory 2013-152
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-152 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. The updated packages have been upgraded to the 1.6.21 version which is not affected by these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849
SHA-256 | 930a2bdd3266063666866847cb602e153af6288c4df4eadd20f0f8eba4ad4b09
Efficient Padding Oracle Attacks On Cryptographic Hardware
Posted Jun 27, 2012
Authored by Riccardo Focardi, Graham Steel, Joe-Kai Tsay, Lorenzo Simionato, Yusuke Kawamoto, Romain Bardou

This paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.

tags | paper
SHA-256 | 2f956e99861dabc4d9e263529db1992adcbe71b48930cc4158b998b604dc42b0
Alphanumeric Shellcode
Posted Jun 12, 2012
Authored by hatter of BHA | Site blackhatacademy.org

Alphanumeric shellcode is similar to ascii shellcode in that it is used to bypass character filters and evade intrusion-detection during buffer overflow exploitation. This article documents alphanumeric code on multiple architectures, but primarily the 64 bit x86 architecture. Alphanumeric shellcode requires a basic understanding of bitwise math, assembly and shellcode.

tags | paper, overflow, x86, shellcode
SHA-256 | 58bd7026c178df13e32741aeefd385da0fd61df0dd758c8fe3d294c3c7f8be08
Finding RFI And LFI, Exploiting And Patching
Posted May 8, 2012
Authored by Mr.Gh0st | Site 104day.in

This is a brief whitepaper that discusses finding remote and local file inclusion vulnerabilities and how to exploit and patch them.

tags | paper, remote, local, vulnerability, file inclusion
SHA-256 | d28ed75d8eb9604c29fc6876297418475ffea313bb8b01a2430294ecdbd4a18b
Exploit WebDAV... The Garage Way
Posted Dec 26, 2011
Authored by Dhiraj Datar

This is a brief whitepaper discussing how to exploit a webDAV enabled server.

tags | paper
SHA-256 | a83e8be5f3033d52a2124e642c22eef3daba9c97b7e1e1ccfcd667ad9b5499e4
Omnicom Alpha 4.0e LPD Server Denial Of Service
Posted Aug 3, 2011
Authored by Craig Freyman

Proof of concept denial of service exploit for the Omnicom Alpha 4.0e LPD server.

tags | exploit, denial of service, proof of concept
SHA-256 | dfd3fb9fa47baf1676b3b04b31dd595cde00348d26967d6b63543109cf5e6f78
Alphabit Online SQL Injection
Posted Jul 7, 2011
Authored by Kalashinkov3

Alphabit Online suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2735b6518e0af39be6d92e6e972a95e286d73d0db78d4058a9e677c6b44ea056
Alpha 2 Player Denial Of Service
Posted Oct 19, 2010
Authored by anT!-Tr0J4n

Alpha 2 Player suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 7194fc4056da407f18ef6473af5c70ae287e026950fbd6437db36c1d650d72d9
Alpha CMS 3.2 Local File Inclusion
Posted Apr 2, 2010
Authored by eidelweiss

Alpha CMS version 3.2 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | d4284991aea70e65fc90695d0fabd30361ecefa024d9ad54eb602c6c47f4f8db
Alpha B Forum Cross Site Scripting
Posted Jan 14, 2010
Authored by ViRuSMaN

Alpha B Forum suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b488668fd320aa1dd8756109f85e50fbd9595dd7231919805cba1ebdfda79354
ALPHA3 Shellcode Encoder
Posted Jan 11, 2010
Authored by SkyLined | Site code.google.com

ALPHA3 is an alphanumeric shellcode encoder.

tags | shellcode
SHA-256 | ce340cf911a3c7c4b4d3e13db65c19e98a5ba76465416bba9e7ded0b446353e5
EMC AlphaStor Agent Buffer Overflow
Posted Nov 26, 2009
Authored by MC | Site metasploit.com

This Metasploit module exploits a stack overflow in EMC AlphaStor 3.1. By sending a specially crafted message, an attacker may be able to execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-2158
SHA-256 | 8d5b6a48b3d7f5a8de8e276bf81f237545164da6f22f4d76a285254c369b1853
Chrome/Opera ATOM/RSS Reader Script Execution
Posted Sep 16, 2009
Authored by Inferno from Secure Thoughts

Small write-up discussing how to exploit Chrome's and Opera's ATOM/RSS reader with script execution.

tags | exploit, xss
SHA-256 | 58fb1a2da7f7aba9c186c915f217ccb4dfb361dd002570b46eb7cdeda16e77a0
metasploitSMB.pdf
Posted Oct 9, 2008
Authored by Beenu Arora | Site beenuarora.com

Whitepaper discussing how to exploit vulnerable SMB instances on Microsoft Windows XP using Metasploit.

tags | paper
systems | windows
SHA-256 | 64397f2e5ecfb98d2b1a54a7d22c67d6478602956fcf5eb190cc9639338428d9
Page 1 of 2
Back12Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close