Demonstration code that shows how Kaspersky Internet Security 6 hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode.
6d0d1ca3bc484c7a00854c53eec72c38dd889b5ea5dde97f8401308d0f41498b
This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically www-data or asterisk. At a minimum, this allows an attacker to compromise the billing system and its database.
62af9cc329c88e7f145a1675e178871c1a75c9da5de26c8c623bef2bde4a73c2
Proof of concept demonstration code for the universal cross site scripting vulnerability that affects Microsoft Internet Explorer as defined in CVE-2015-0072.
cc6d729a89aab17ca74da5c91781bd1f0e030abeaebe0fbfaf6ddbc183b64c10
This is a demonstration cross site request forgery exploit for Question2Answer that also takes advantage of an insufficient anti-automation issue.
e8a626660486f464fd58c9ab8052bbb89a6150a1f60768dade0cfcad6e8669e4
This is some demonstration code that explains methods of remote code execution in Apache Struts2.
95aa97a6a49a06c15fe3bd11a797cecad1606abd0dc4f24592788de224974e50
Demonstration code for the Win32k Keyboard Layout vulnerability as described in MS10-073.
7005d59ca11deb8904289606e53b191d81477434efe81a88cc522d487108ef02
Demonstration code that exploits the Windows class handling vulnerability as detailed in MS10-073.
cfce7782f79c66201970f5c2e33ebf9cb9e5f98c40ed70d86c6ee80113df64a7
Microsoft Windows tracing register key ACL privilege escalation demonstration code.
fda37dcda8d4a51a61a3269e617929ac5ffe8cfc2d68baee5d4ca6d5c52c2849
MySQL version 5.0.45 suffers from a format string vulnerability. Proof of concept demonstration code is provided.
2d52aab1c12be86bae2773c2634920d09db2b48caae9a13142cc7e61c1976c38
Whitepaper called From Win32 User-Land through Native API to Kernel. Includes demonstration code.
18fd0091452628f5c03cd9eae9a9c0258c233d7e9a68d3cbbca2ca70514b9c73
Kaspersky Internet Security 6 hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode.
88baa51895098a119b253129abb370e0e3855658a1194e120b3e2226fededcb1
Demonstration code that exploits Outpost 4.0 which fails to sufficiently protect its own mutex outpost_ipc_hdr.
fe47f17ca33453c8b9eb5e5edfe42dd9fdfeac116500ee496bd3faccfc2e1474
Proof of concept code that demonstrates a flaw with how Comodo Firewall uses process identifiers in Microsoft Windows allowing for complete bypass.
554567a136180ed2caf57600fcc2ac53de65c4b4dc1b264bec728e134b623c95
Proof of concept code that demonstrates a flaw with how ZoneAlarm uses process identifiers in Microsoft Windows allowing for complete bypass.
85d488235cded3eec20abacf33b255071cbc8ab0b26d3ebfcb4f29456b781007
Proof of concept exploit that demonstrates a denial of service condition in ZoneAlarm 6.
62a8f322749e196b5ea633d8a4ba127bf4834b6daecd3c8cfb6cadc91c05dca8
Symantec Norton Personal Firewall hooks many functions in SSDT and in at least two cases it fails to validate arguments that come from the user mode. This exploit demonstrates this vulnerability.
5729c25d96bb98b38aa36575d769cc3b159e9000966a289c90f4ed2bd71ce1ca
Symantec Norton Personal Firewall hooks many functions in SSDT and in at least two cases it fails to validate arguments that come from the user mode.
54215445c8ca8e400b58d6ad87aa9d7aafed88ed83040d4026b68724bfe25d62
Proof of concept exploit that demonstrates how Norton insufficiently protects its driver \Device\SymEvent against manipulation.
39a7fb3977a824ef90ae541996f3b0664e3addce4a7baf4ece0d935eb5207be7
Proof of concept exploit for Comodo Firewall Pro. Comodo Firewall Pro (former Comodo Personal Firewall) stores some of its internal settings in the registry key HKLM\SYSTEM\Software\Comodo\Personal Firewall. This key is protected by Comodo drivers such that other applications are not able to change the settings. This protection can be bypassed if very special conditions are met.
bd64cdd0d270c32c8c2294beda81dc4642b677b3fede798d7e3b30312838e897
Denial of service exploit that demonstrates a lack of argument validation in Comodo Firewall Pro. Affected versions include Comodo Firewall Pro 2.4.16.174 and Comodo Personal Firewall 2.3.6.81.
13c68b8539dddd068e1f16bec0b64cffb60f21947bb4920eac788e41781dc7f6
Comodo Firewall Pro (former Comodo Personal Firewall) hooks many functions in SSDT and in at least seven cases it fails to validate arguments that come from the user mode. Affected versions include Comodo Firewall Pro 2.4.16.174 and Comodo Personal Firewall 2.3.6.81.
8f012987e27f090edc856f4d61df34b67cf8c9d6d67d18afd05a0d3eaffaee1a
Demonstration exploit code for a self-protection bypass flaw that exists in OutPost Firewall PRO 4.0.
f8d92e16dd5182d877773729fadd8b36131a15097314c886a3aecef90393eb14
Proof of concept exploit code for a flaw in the Sunbelt Kerio Personal Firewall versions 4.3.268 and below which suffer from a DLL injection vulnerability.
8fad0e6cae0f17d66dd4f5e5e1fb89dded31e538ba833b9b2317c3bda6f37fc7
Demonstration exploit that shows how Outpost Firewall Pro version 4.0 fails to protect against advanced DLL injection.
d098e88f484e24499c8384ec307c65852dc1541fe2460675f4823a8e79ba1d12
Testing program that exploits Output Firewall PRO version 4.0 which fails to sufficiently protect the \Device\SandBox driver.
bdcf73561116d8bf77ee8404cd2913c8d86fe9b944e74e816cb7c846cb06a98f
Testing program that checks for an insufficient validation flaw in the "SymEvent" driver input buffer in Norton Personal Firewall 2006 version 9.1.0.33.
6142c7d7e49020be09f24de4def0eb42eef262aec8d49a1d936f6dc8bbe73f7f