Apple Safari remote denial of service exploit for the iPhone / OSX / Windows.
f64f318f0d76219661e097309073221bPOC for a possible integer overflow bug in konqueror 3.5-latest.
d416235d5866272fc1f83da95f771775Various flaws exist with qmail on 64 bit platforms. Exploits provided.
f220a452a5e206a0c67c2be0ea73411fAn integer overflow flaw exists in sys_epoll_wait in the Linux kernel 2.6 series in versions equal to or below 2.6.11. Sample exploitation provided.
46cd73464c9edcec833e5046efbddce9Linux v2.6.10 and below kernel exploit which allows non-privileged users to read kernel memory.
f39502f31cc80538acad38883a2eb0ceGeorgi Guninski security advisory #71 - By opening html in IE it is possible to read at least well formed xml from arbitrary servers. The info then may be transmitted.
07a3e977e24d41f26534d346ec4cb3f7Secunia Security Advisory - Details have been released about several vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system. These vulnerabilities reportedly affect versions prior to the following: Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8.
b4ee8abb87dae2aeeabe4dd13264557aThere is denial of service in Apache httpd 2.0.49. It is possible to consume arbitrary amount of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow whose exploitation is unclear at the moment.
b801e23971a881cdb1d8b49c6f20eaf1The version of mod_proxy shipped with Apache 1.3.31 and possibly earlier versions are susceptible to a buffer overflow via the Content-Length: header. This can lead to a denial of service and possible compromise of a vulnerable system.
e7d78d7a935f0a2ce17af90ae82bf0baGeorgi Guninski has discovered a vulnerability in mod_ssl versions below 2.8.17, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Successful exploitation requires that the FakeBasicAuth option is enabled and that the malicious client certificate is issued from a trusted CA (Certificate Authority).
09b467d0d9a367dc251aaae6316a88c5Two stack based buffer overflows exist in Exim 3.35. Both bugs need features enabled and are not in the default configuration. Proof of concept exploitation given.
a8e4942b9a3c3e0b2511c7b3e7f6a8d6Georgi Guninski security advisory #65, 2004 - Qmail version 1.03 is susceptible to a couple attacks. A crash in qmail-smtpd occurs with a long SMTP session. The crash is not global, it affects only the current SMTP session. It is also possible to trigger a segmentation violation (SEGV) from the network.
a3dd135400b8e81de6cc816382100e93OpenBSD v3.3 and below local root and v3.4 local denial of service exploit which uses a kernel based stack overflow vulnerability in ICBS. Patch available for v3.3 here. Also works against OpenBSD v2.x.
d2c5ec9e1b0e56417a1369edc4c038f3Georgi Guninski Security Advisory #56, 2002 - It is possible to inject user supplied input to file descriptors 0 through 2, which in some cases (for example if the user is permitted to do su) leads to local root compromise. Includes C code which checks if your system is vulnerable.
32036636a37e85f45cd4f6884a7968c9AIX shellcode that does an execve() of /bin/sh.
49b14510e8fc3b9f04c86058ffc3a0eaGeorgi Guninski security advisory #53, 2002 - Two serious security vulnerabilities have been found in Microsoft Office XP. It is possible to embed active content (object + script) in HTML mail which is triggered if the user replies to or forwards mail. In addition, a bug in the Host() function of the spreadsheet allows creating files with arbitrary names and their content may be specified to some extent at which is sufficient to place an executable file (.hta) in user's startup directory which may lead to taking full control over user's computer.
2fbb5a730b6516363c61c5ba49238bcbGeorgi Guninski security advisory #48, 2001 - There is local root compromise in FreeBSD 4.3 due to design flaw which allows injecting signal handlers in other processes. Includes vvfreebsd.c, a local root exploit.
2d223327e13a25c1742fe30e2fda51baGeorgi Guninski security advisory #47, 2001 - OpenBSD 2.8 and 2.9 have a race condition in the kernel which leads to local root compromise. By forking a few process it is possible to attach to +s pid with ptrace. Includes vvopenbsd.c, a local root exploit.
9178cad0470bd7e348f0e538216d00c1Georgi Guninski security advisory #46, 2001 - There is a buffer overflow in SunOS 5.8 x86 with $HOME and /usr/bin/mail leading to egid=mail. Includes exploit.
c001290c85b9715cba2645cb81f2c3f6Georgi Guninski security advisory #43, 2001 - It is possible to execute Active Scripting with the help of XML and XSL even if Active Scripting is disabled in all security zones. This is especially dangerous in email messages. Though this is not typical exploit itself, it may be used in other exploits especially in email. To use the demonstration, disable Active Scripting and click here. If you see any message box you are vulnerable.
4526c231ea4ece969f1f44a5d9a5e543Georgi Guninski security advisory #42, 2001 - By double clicking from Window Explorer or Internet Explorer on filenames with innocent extensions the user may be tricked to execute arbitrary programs. If the file extension has a certain CLSID, then Windows explorer and IE do not show the CLSID and only the harmless looking extension. Demonstration available here.
b09db7120def52b6ad9852216e070876Georgi Guninski security advisory #40 - Security bugs in interactions between IE 5.x, IIS 5.0 and Exchange 2000. If a malicious web page is browsed with IE it is possible to list the directories of arbitrary IIS 5.0 servers to which the browsing user has access. Under certain circumstances it is also possible to read the user's email or folders if it is stored on an Exchange 2000 server with web storage (it uses IIS 5.0). It is also possible to create (or probably modify) files on the Exchange 2000 server with web storage. Example exploit included.
85beec7e8445644e67cb4fa185ca6a0cIIS 5.0 / Windows 2000 WebDAV remote denial of service exploit - Sends a specially crafted request, as described in MS01-016.
a2cab69356c0b04e87dc3307f26a0c1cGeorgi Guninski security advisory #31 - There is a security vulnerability in Windows Media Player 7 exploitable thru IE which allows reading local files and executing arbitrary programs. The problem is the WMP ActiveX Control which allows launching javascript URLs in arbitrary already open frames. This allows taking over the frame's DOM. Includes exploit code. Demonstration available here.
bd37b33afb22c4facab4302296179eecGeorgi Guninski security advisory #27 - There is a security vulnerability in IE 5.x, Outlook, and Outlook Express which allows searching for files with specific name (wildcards are allowed) or content. Combined with other local file reading vulnerabilities this allows attackers to search for and retrieve any file on a users drive. The problem is the "ixsso.query" ActiveXObject which is used to query the Indexing service and surprisingly it is marked safe for scripting. Exploit code included, demonstration available here.
9fc02ada52111b298e4d2c9c19542ba9
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed