Microsoft Windows Server Service code execution exploit that takes advantage of the vulnerability listed in MS08-067.
38ad68544d42009d2d60dec19915df7aAdobe Reader Javascript printf buffer overflow exploit that binds a shell to port 4444.
9ccd8cf03255dc1fba32b9c38ae011bfMultiple CRLF injection aka HTTP response splitting vulnerabilities have been identified in Google AdWords which may be exploited to inject arbitrary HTTP headers.
489827dac405b8f825bc0e35c68a8d75Shop-Script suffers from multiple HTTP response splitting vulnerabilities. POC included.
f565a066d8e81f16f2237b9b1f1f1f40Malicious Flash files with explicit java scripts can be embedded within Excel spreadsheets using a "Shockwave Flash Object" which can be made to run once the file is opened by the user.
21cd8db536d702939f5c714b8569730bFirefox version 1.5.0.3 with IE Tab version 1.0.9 on Windows XP/2k suffers from a null pointer dereference bug.
6a1ec33bcff61a4236d16d3dbce68615Google reader is supposed to display only those contents which the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using google reader service) to view unwanted web contents carrying malicious payloads.
b00754e81d529b49b6a488d82a1630a6w3wp remote DoS exploit due to improper reference of STA COM components in ASP.NET.
237a0e4e08ad63aef0158acf40a477aeIt is possible to DOS the IIS Worker Process (w3wp) due to improper reference of STA COM components in ASP.NET. POC Exploit included.
dd860826bc02148450205e7f9da1643cGoogle reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
b24de84c45fd97304d6aa1b792ccb041PHPMyChat version 0.14.5 is susceptible to an authentication bypass flaw.
a24e0729ecd737b6fa2eb248475612feZone Alarm products with Advance Program Control or OS Firewall Technology enabled, detects and blocks almost all APIs which are commonly used by malicious programs to send data via http by piggybacking over other trusted programs. However, it is still possible for a malicious programs to make outbound connections to the evil site by piggybacking over trusted Internet browser using "HTML Modal Dialog" in conjunction with simple JavaScript. POC code provided.
fd1ebbab40430943178e3241e7a03352This proof of concept explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running a pirated copy of Windows XP.
b4e9f1c17f10829ac5c238db056b55e3Write up discussing a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.
0a0fc32310b4f8008dbd71a646345c0fWhen IE is configured to access internet using proxy, the user's authentication details are cached locally without IE prompting the user. Even though the 'save my password' option is not checked, the user's proxy authentication details are cached locally without the user's knowledge.
5ddedaff2b7e51abc9ab0678dd8c3d05Methods exist to allow for Microsoft ISA authentication bypass when the server is configured as a proxy.
da0d366ebc0b3b7b38a77a637ae9c66c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed