exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 34 RSS Feed

Files

BTP00000P006KA.zip
Posted Jun 15, 2007
Site matousec.com

Demonstration code that shows how Kaspersky Internet Security 6 hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode.

tags | exploit
SHA-256 | 6d0d1ca3bc484c7a00854c53eec72c38dd889b5ea5dde97f8401308d0f41498b

Related Files

MagnusBilling Remote Command Execution
Posted Nov 14, 2023
Authored by h00die-gr3y, Eldstal | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically www-data or asterisk. At a minimum, this allows an attacker to compromise the billing system and its database.

tags | exploit, remote, web, arbitrary, php
advisories | CVE-2023-30258
SHA-256 | 62af9cc329c88e7f145a1675e178871c1a75c9da5de26c8c623bef2bde4a73c2
Microsoft Internet Explorer Universal XSS Proof Of Concept
Posted Feb 9, 2015
Authored by bhdresh

Proof of concept demonstration code for the universal cross site scripting vulnerability that affects Microsoft Internet Explorer as defined in CVE-2015-0072.

tags | exploit, xss, proof of concept
advisories | CVE-2015-0072
SHA-256 | cc6d729a89aab17ca74da5c91781bd1f0e030abeaebe0fbfaf6ddbc183b64c10
Question2Answer Cross Site Request Forgery
Posted Mar 8, 2013
Authored by MustLive

This is a demonstration cross site request forgery exploit for Question2Answer that also takes advantage of an insufficient anti-automation issue.

tags | exploit, csrf
SHA-256 | e8a626660486f464fd58c9ab8052bbb89a6150a1f60768dade0cfcad6e8669e4
Apache Struts2 Remote Code Execution
Posted Aug 22, 2012
Authored by kxlzx

This is some demonstration code that explains methods of remote code execution in Apache Struts2.

tags | exploit, remote, code execution
SHA-256 | 95aa97a6a49a06c15fe3bd11a797cecad1606abd0dc4f24592788de224974e50
Win32k Keyboard Layout Vulnerability
Posted Jan 13, 2011
Authored by Ruben Santamarta

Demonstration code for the Win32k Keyboard Layout vulnerability as described in MS10-073.

tags | exploit
advisories | CVE-2010-2743
SHA-256 | 7005d59ca11deb8904289606e53b191d81477434efe81a88cc522d487108ef02
MS10-073 Windows Class Handling
Posted Jan 2, 2011
Authored by Tarjei Mandt

Demonstration code that exploits the Windows class handling vulnerability as detailed in MS10-073.

tags | exploit
systems | windows
advisories | CVE-2010-2744
SHA-256 | cfce7782f79c66201970f5c2e33ebf9cb9e5f98c40ed70d86c6ee80113df64a7
Microsoft Windows Tracing Registry Key ACL Privilege Escalation
Posted Aug 12, 2010
Authored by Cesar Cerrudo

Microsoft Windows tracing register key ACL privilege escalation demonstration code.

tags | exploit
systems | windows
advisories | CVE-2010-2554
SHA-256 | fda37dcda8d4a51a61a3269e617929ac5ffe8cfc2d68baee5d4ca6d5c52c2849
MySQL 5.0.45 Format String Vulnerability
Posted Jul 8, 2009
Authored by Kingcope

MySQL version 5.0.45 suffers from a format string vulnerability. Proof of concept demonstration code is provided.

tags | exploit, proof of concept
SHA-256 | 2d52aab1c12be86bae2773c2634920d09db2b48caae9a13142cc7e61c1976c38
From Win32 User-Land Through Native API To Kernel
Posted Mar 30, 2009
Authored by cross | Site x1machine.com

Whitepaper called From Win32 User-Land through Native API to Kernel. Includes demonstration code.

tags | paper, kernel
systems | windows
SHA-256 | 18fd0091452628f5c03cd9eae9a9c0258c233d7e9a68d3cbbca2ca70514b9c73
kaspersky-is6.txt
Posted Jun 15, 2007
Site matousec.com

Kaspersky Internet Security 6 hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode.

tags | advisory
SHA-256 | 88baa51895098a119b253129abb370e0e3855658a1194e120b3e2226fededcb1
BTP00002P004AO.zip
Posted Jun 6, 2007
Site matousec.com

Demonstration code that exploits Outpost 4.0 which fails to sufficiently protect its own mutex outpost_ipc_hdr.

tags | exploit
SHA-256 | fe47f17ca33453c8b9eb5e5edfe42dd9fdfeac116500ee496bd3faccfc2e1474
BTP00002P005CF.zip
Posted May 17, 2007
Site matousec.com

Proof of concept code that demonstrates a flaw with how Comodo Firewall uses process identifiers in Microsoft Windows allowing for complete bypass.

tags | exploit, proof of concept
systems | windows
SHA-256 | 554567a136180ed2caf57600fcc2ac53de65c4b4dc1b264bec728e134b623c95
BTP00000P000ZA.zip
Posted May 17, 2007
Site matousec.com

Proof of concept code that demonstrates a flaw with how ZoneAlarm uses process identifiers in Microsoft Windows allowing for complete bypass.

tags | exploit, proof of concept
systems | windows
SHA-256 | 85d488235cded3eec20abacf33b255071cbc8ab0b26d3ebfcb4f29456b781007
BTP00001P000ZA.zip
Posted Apr 17, 2007
Site matousec.com

Proof of concept exploit that demonstrates a denial of service condition in ZoneAlarm 6.

tags | exploit, denial of service, proof of concept
SHA-256 | 62a8f322749e196b5ea633d8a4ba127bf4834b6daecd3c8cfb6cadc91c05dca8
BTP00000P002NF.zip
Posted Apr 2, 2007
Site matousec.com

Symantec Norton Personal Firewall hooks many functions in SSDT and in at least two cases it fails to validate arguments that come from the user mode. This exploit demonstrates this vulnerability.

tags | exploit
SHA-256 | 5729c25d96bb98b38aa36575d769cc3b159e9000966a289c90f4ed2bd71ce1ca
BTP00000P002NF.txt
Posted Apr 2, 2007
Site matousec.com

Symantec Norton Personal Firewall hooks many functions in SSDT and in at least two cases it fails to validate arguments that come from the user mode.

tags | advisory
SHA-256 | 54215445c8ca8e400b58d6ad87aa9d7aafed88ed83040d4026b68724bfe25d62
BTP00012P002NF.zip
Posted Mar 20, 2007
Site matousec.com

Proof of concept exploit that demonstrates how Norton insufficiently protects its driver \Device\SymEvent against manipulation.

tags | exploit, proof of concept
SHA-256 | 39a7fb3977a824ef90ae541996f3b0664e3addce4a7baf4ece0d935eb5207be7
BTP00001P005CF.zip
Posted Mar 6, 2007
Site matousec.com

Proof of concept exploit for Comodo Firewall Pro. Comodo Firewall Pro (former Comodo Personal Firewall) stores some of its internal settings in the registry key HKLM\SYSTEM\Software\Comodo\Personal Firewall. This key is protected by Comodo drivers such that other applications are not able to change the settings. This protection can be bypassed if very special conditions are met.

tags | exploit, registry, proof of concept
SHA-256 | bd64cdd0d270c32c8c2294beda81dc4642b677b3fede798d7e3b30312838e897
BTP00000P005CF.zip
Posted Feb 6, 2007
Site matousec.com

Denial of service exploit that demonstrates a lack of argument validation in Comodo Firewall Pro. Affected versions include Comodo Firewall Pro 2.4.16.174 and Comodo Personal Firewall 2.3.6.81.

tags | exploit, denial of service
SHA-256 | 13c68b8539dddd068e1f16bec0b64cffb60f21947bb4920eac788e41781dc7f6
BTP00000P005CF.txt
Posted Feb 6, 2007
Site matousec.com

Comodo Firewall Pro (former Comodo Personal Firewall) hooks many functions in SSDT and in at least seven cases it fails to validate arguments that come from the user mode. Affected versions include Comodo Firewall Pro 2.4.16.174 and Comodo Personal Firewall 2.3.6.81.

tags | advisory
SHA-256 | 8f012987e27f090edc856f4d61df34b67cf8c9d6d67d18afd05a0d3eaffaee1a
BTP00003P004AO.zip
Posted Jan 16, 2007
Site matousec.com

Demonstration exploit code for a self-protection bypass flaw that exists in OutPost Firewall PRO 4.0.

tags | exploit
SHA-256 | f8d92e16dd5182d877773729fadd8b36131a15097314c886a3aecef90393eb14
BTP00002P001SK.zip
Posted Jan 2, 2007
Site matousec.com

Proof of concept exploit code for a flaw in the Sunbelt Kerio Personal Firewall versions 4.3.268 and below which suffer from a DLL injection vulnerability.

tags | exploit, proof of concept
SHA-256 | 8fad0e6cae0f17d66dd4f5e5e1fb89dded31e538ba833b9b2317c3bda6f37fc7
BTP00012P004AO.zip
Posted Dec 6, 2006
Authored by Matousec - Transparent Security Research | Site matousec.com

Demonstration exploit that shows how Outpost Firewall Pro version 4.0 fails to protect against advanced DLL injection.

tags | exploit
SHA-256 | d098e88f484e24499c8384ec307c65852dc1541fe2460675f4823a8e79ba1d12
BTP00001P004AO.zip
Posted Nov 3, 2006
Authored by Matousec - Transparent Security Research | Site matousec.com

Testing program that exploits Output Firewall PRO version 4.0 which fails to sufficiently protect the \Device\SandBox driver.

tags | exploit
SHA-256 | bdcf73561116d8bf77ee8404cd2913c8d86fe9b944e74e816cb7c846cb06a98f
BTP00011P002NF.zip
Posted Sep 16, 2006
Authored by David Matousek | Site matousec.com

Testing program that checks for an insufficient validation flaw in the "SymEvent" driver input buffer in Norton Personal Firewall 2006 version 9.1.0.33.

tags | exploit
SHA-256 | 6142c7d7e49020be09f24de4def0eb42eef262aec8d49a1d936f6dc8bbe73f7f
Page 1 of 2
Back12Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close