«
Expand/Collapse
921 items tagged "proof of concept"
Related tags:
service vulnerability [+],
opera [+],
netdecision [+],
microsoft windows [+],
hash collision [+],
file [+],
exploit [+],
crash proof [+],
buffer overflow [+],
stack overflow [+],
hash [+],
excel [+],
corruption [+],
xnview [+],
stack [+],
server version [+],
quest [+],
payload [+],
novell groupwise [+],
novell [+],
netmechanica [+],
microsoft excel [+],
messenger [+],
intrust [+],
integer overflow [+],
information disclosure vulnerability [+],
http [+],
hashcollision [+],
groupwise [+],
forgery [+],
flashpix [+],
firefox [+],
directory traversal vulnerability [+],
command execution [+],
collision [+],
buffer overflow vulnerability [+],
access [+],
denial of service [+],
traversal [+],
directory [+],
condition [+],
command [+],
windows [+],
heap [+],
android [+],
denial [+],
zope versions [+],
zope [+],
x file [+],
x control [+],
x buffer [+],
webkit [+],
web server [+],
web gateway [+],
web [+],
validation [+],
use [+],
unrealircd [+],
u ftp [+],
typed [+],
tv ip [+],
trendnet [+],
traffic load [+],
traffic [+],
tiny [+],
tftp server [+],
tftp [+],
text javascript [+],
text [+],
symantec [+],
switcharoo [+],
sumatrapdf [+],
splash [+],
sp3 [+],
soffice [+],
socket port [+],
service guitar [+],
serv u ftp [+],
series [+],
securview [+],
samsung [+],
s.s.t javascript [+],
s.s.t [+],
root shell [+],
role [+],
reverse engineering [+],
resedit [+],
remote controllers [+],
remote buffer overflow [+],
remote [+],
remarkable extent [+],
reflection [+],
reader [+],
read [+],
race [+],
privilege [+],
point [+],
poc [+],
plugin [+],
plone [+],
player [+],
peerftp [+],
overflow vulnerability [+],
oracle [+],
officesip [+],
null pointer [+],
null byte [+],
null [+],
normalize [+],
network access control [+],
mysql [+],
mozilla firefox [+],
mozilla [+],
mobipocket [+],
minimal effort [+],
memory issues [+],
memory function [+],
mcafee [+],
knftpd [+],
keylogger [+],
keyboard layout [+],
json [+],
javascript [+],
irfanview [+],
ipswitch [+],
ip blocks [+],
integer [+],
information leaks [+],
image processing [+],
image [+],
human cognitive abilities [+],
http server [+],
htmlspecialchars [+],
host headers [+],
history objects [+],
history [+],
hillstone [+],
hd player [+],
hash values [+],
hacks [+],
guitar [+],
google [+],
gateway [+],
freesshd [+],
free proof [+],
free microsoft excel [+],
external entity [+],
exploits [+],
end [+],
edraw [+],
drupal [+],
diagram [+],
desktop [+],
default [+],
dcs [+],
dashboard [+],
d link [+],
crash [+],
component [+],
code [+],
clickit [+],
chrome [+],
chm [+],
bzexe [+],
buffer overflow vulnerabilities [+],
beyondchm [+],
autovuex [+],
autovue [+],
attacker [+],
assembly [+],
api [+],
administrator role [+],
administrative password [+],
activity [+],
account [+],
Software [+],
service [+],
proof [+],
webdav [+],
typsoft [+],
takeover [+],
sehop [+],
ruxcon [+],
request [+],
pypam [+],
promotic [+],
pro face [+],
presentation slides [+],
presentation [+],
oneview [+],
name [+],
lighttpd [+],
libreoffice [+],
java execution [+],
java code execution [+],
hollywood studios [+],
hollywood [+],
hacking [+],
guestek [+],
ftp [+],
fckeditor [+],
engineering [+],
email [+],
double [+],
disclosure [+],
directory traversal [+],
cve [+],
chain [+],
boundary [+],
america [+],
alegrocart [+],
acpid [+],
Wireless [+],
vulnerability [+],
thomas polasek [+],
svg [+],
site [+],
protocol [+],
polasek [+],
pcanywhere [+],
opencv [+],
nook [+],
nbsp [+],
mike tsao [+],
marco [+],
log [+],
linux distro [+],
linux [+],
laser project [+],
laser [+],
keyboard [+],
java [+],
injection [+],
honorable mention [+],
hidden slides [+],
hash table [+],
firmware update [+],
face [+],
execution [+],
error documents [+],
damn [+],
cross [+],
cookie [+],
color [+],
calculator version [+],
calculator [+],
buzz [+],
bad request [+],
arduino [+],
apache [+],
afd [+],
Programming [+],
Pentesting [+],
php [+],
overflow [+],
concept [+],
buffer [+],
microsoft [+],
server [+],
memory corruption [+],
liferay [+],
version 6 [+],
code execution [+],
active x control [+],
memory [+],
zsl,
zip proof,
zip file,
zip,
yplay,
xion,
xilisoft,
xerox workcenter,
xerox,
x netconnectionenum,
x kernel,
x cart,
wrt54g,
world writable,
wordpress,
wmv file,
wmitracemessageva,
wireshark,
wireless keyboard,
windows movie maker,
windows media player,
winamp versions,
winamp,
win32k,
win,
wildfire,
wifi,
whitepaper,
webraider,
webcam,
wavemax,
waveiox,
wave player,
wave,
wasn,
vsftpd,
viewer,
videosuite,
videospirit,
video converter,
video,
version,
vbulletin,
usn,
user,
usbsploit,
uri,
update,
university of liege,
unicode,
uipc,
udev,
ubuntu,
txt,
turnkey solution,
travis goodspeed,
tool,
tivoli,
tisch,
tgz,
tempest security,
teamviewer,
tar gz,
tar,
tabnapping,
system monitor,
syntactic analysis,
synergy,
surething,
super ad blocker,
sun,
studio,
stud,
statxact,
stack buffer,
ssl protocol,
ssl,
sql injection,
sql,
spoof,
speed version,
source,
sound,
sonique,
solar,
softek,
socket,
snooping,
sniffing,
smtp server,
smtp,
smb2,
smb client,
smb,
smart security,
slyk,
slp,
slimpdf,
slideshow,
sipdroid,
sinowal,
simulator,
simple,
shmedia,
shift registers,
shell out,
sftp,
session,
servicedesk,
service windows,
service location protocol,
service expert,
select,
segment lcds,
security suite,
security intelligence,
security advisory,
security,
securimage,
search ui,
search,
screen,
scanning tunneling microscope,
scanning,
scada,
salvaged,
safari,
s.o.m.pl,
rslogix,
rpm,
rpc,
routers,
root,
rockwell,
robots,
robot arm,
ringtone maker,
ringtone,
reverberation,
refractor,
realtek hd audio control panel,
realtek,
realplayer,
reader acrobat,
rdesktop,
rar,
radio,
radasm,
quickzip,
quick n,
quality tool,
qua,
proxy module,
proxy,
provj,
protector,
project,
proftpd,
pro versions,
prl,
privilege escalation vulnerability,
preauth,
powerhmi,
post it,
pointer,
plus,
playlist,
plantvisor,
planting,
pidgin,
picomp,
pico mp,
phpcaptcha,
php code,
personal ftp server,
personal,
pdf,
pcbsd,
pbs,
payroll,
pay,
path environment,
path,
pasv,
param,
panic,
panda security,
panda,
padding,
overwrite,
overrun,
overflows,
oracle rdbms,
opera version,
opera mobile,
open music,
omnicom,
ollydbg,
ogg file,
ogg,
office excel,
office,
ocx,
number,
nsopoc,
nsoadv,
nppftp,
novell netware rpc,
notepadpoc,
notepad,
nokia,
nod32 antivirus,
nki,
ninga,
news,
networkresources,
netware,
netbsd,
net,
nego,
nautilus,
music,
multitouch,
multiple buffer overflow,
mtab,
msn,
msdef,
ms10,
ms sql server,
ms html,
mpeg,
mp3 file,
movieeditor,
movie,
movicon,
movavi videosuite,
movavi,
mouse movements,
motion,
month,
moinmoin,
modified version,
mode,
mod,
mocha lpd,
mocha,
mobile,
moaub,
mixcraft,
misconfiguration,
mirandamitm,
miranda im,
miranda,
mifare,
midi devices,
midi,
microsoft windows defender,
microsoft sql server,
microsoft reader,
microsoft data access components,
microsoft data access,
microscope,
microphone calibration,
microphone,
microcontroller,
metasploit framework,
metasploit,
mediamonkey,
media player classic,
media,
mebroot,
mdb file,
matrix,
master password,
manageengine,
man,
malware,
malicious attacker,
maker,
magnetosoft,
magic music,
magic,
macro,
mac os x,
mac os,
m3u playlist,
m3u file,
m3u,
lzh,
lpd,
login forms,
login attempts,
logic,
location,
local privilege escalation,
local buffer overflow,
local,
lnk files,
liveupdate,
livebox,
live,
liteserve,
listener,
linux support,
linksys,
lingxia,
limny,
libmodplug,
legitimate users,
legend,
led display matrix,
led,
leadtools,
lcds,
lcd,
labeler,
kwik,
kontakt,
kol,
knftp,
kmplayer,
kingview,
kingsoft,
kinect,
keystrokes,
kernel space,
kernel panic,
kernel mode,
kernel driver,
kernel,
karaoke version,
karaoke,
jukebox,
joystick,
jinais,
jdownloader,
jboss,
java app,
isp,
isc,
irc server,
irc,
ipod,
iphone,
ipcomp,
internet explorer browser,
internet explorer,
internet,
integraxor,
integer overflow vulnerability,
incredimail,
impressive proof,
imagemagick,
iis,
icq,
ibm,
i.c.e cms,
httpdx,
html,
htc,
hope,
hmi,
hijacking,
hide folder,
hfpicture,
hexapod,
hanso,
hangup,
hack in the box,
hack,
grestretchbltinternal,
gre,
google cache,
goodspeed,
gom player,
gom,
gnu general public license,
gmailthief,
gmail,
glassfish,
gkrellm,
gif,
geomau,
genstat,
genocide,
full disclosure,
ftpsvc,
ftpd,
ftp server,
ftp commands,
freeunhidefolder,
freefloat,
freebsd,
free audio converter,
free,
framework,
frame size,
foxplayer,
format,
form based,
fon,
florian,
flash player,
flash,
firmware,
filesystem,
features of internet explorer,
fcrackzip,
fbsd,
fake,
f secure internet security,
f secure,
express,
exponent,
explorer 6 0,
explorer,
expert,
exp,
exec,
exe,
evalbot,
esignal,
eset,
escalation,
enumeration,
enttec,
enterprise server,
engine versions,
engine,
encapsulation,
elliot,
elecard mpeg player,
elecard,
elcom,
editor,
edisplay,
echo servers,
ecava,
easy dvd creator,
easy,
ease,
e. street,
dvd,
download,
dos,
dns,
dmx,
dj legend,
distance,
digitalbox,
digital audio editor,
digital,
dhcpd,
device,
development platform,
design,
dereference,
denial of service attack,
deflate,
decrypt,
decodeuricomponent,
decodeuri,
debutant,
deauthentication,
day,
datahub,
data protector,
data frame,
data,
daqfactory,
cytel,
cybsec,
cut,
cs5,
crystalreport,
crystal report viewer,
crystal report,
crush,
crossover,
crimson editor,
crimson,
creator,
cpp,
cpanel,
couple dozen,
corelan,
cooking,
converter,
controller,
control panel 1,
control activex,
control,
configuration,
config,
concept demo,
compression,
communitymanager,
com,
cogent,
cnc,
cms,
clr,
client,
click,
classic,
ciscokits,
chunk,
chrome version,
chotext,
chilkat,
chemistry,
cellphones,
cellphone,
cd labeler,
carel,
captcha,
canon powershot,
cameras,
camera,
cache,
c. above,
build,
bugs microsoft,
bug,
bruter,
browser,
brazip,
bootkit,
bof,
blue screen of death,
blazedvd,
bind request,
binary,
beta,
behringer,
based buffer overflow,
barcode reader,
bar,
backup exec,
avs,
avira,
avipbb,
avi file,
avi,
authentication,
audio player,
audio,
attack,
at tftp,
asxmp,
asx,
aspx,
array,
archiva,
arbitrary files,
arbitrary code execution,
apple iphone,
apache servers,
apache http server,
aoaaudioextractor,
anyzip,
antivirus,
analog joystick,
amsterdam,
amaya,
alpha,
aka,
aicap,
aic,
agentx,
agent,
adv,
adobe acrobat reader,
adobe acrobat,
adobe,
administrator account,
administrator,
administrative users,
addurl,
activex,
active x,
acrobat,
acoustica cd dvd label maker,
acoustica,
achievo,
ace,
accmeware,
access points,
accelerator,
acc web,
abysssec,
abac,
Newbie,
Hardware,
Espace,
Area,
3d printer,
1kb
-
-
6:33
»
Packet Storm Security Exploits
Symantec End Point Protection version 11.x and Symantec Network Access Control version 11.x local code execution proof of concept exploit.
-
-
19:45
»
Packet Storm Security Exploits
This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.
-
19:45
»
Packet Storm Security Recent Files
This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.
-
19:45
»
Packet Storm Security Misc. Files
This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.
-
15:16
»
Packet Storm Security Exploits
Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.
-
15:16
»
Packet Storm Security Misc. Files
Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.
-
-
12:22
»
Packet Storm Security Exploits
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
12:22
»
Packet Storm Security Recent Files
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
12:22
»
Packet Storm Security Misc. Files
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
-
10:22
»
Packet Storm Security Exploits
BeyondCHM version 1.1 suffers from a buffer overflow vulnerability when handling a specially crafted chm file. Proof of concept included.
-
-
17:17
»
Packet Storm Security Exploits
By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.
-
17:17
»
Packet Storm Security Recent Files
By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.
-
17:17
»
Packet Storm Security Misc. Files
By creating a specially crafted webdav request that contains an external entity it is possible to read files from Liferay Portal version 6.0.5 ce. Proof of concept code included.
-
17:14
»
Packet Storm Security Exploits
By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.
-
17:14
»
Packet Storm Security Recent Files
By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.
-
17:14
»
Packet Storm Security Misc. Files
By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.
-
12:59
»
Packet Storm Security Exploits
Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.
-
12:59
»
Packet Storm Security Recent Files
Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.
-
12:59
»
Packet Storm Security Misc. Files
Liferay Portal suffers from a takeover vulnerability due to a single HTTP request allowing an attacker to reconfigure which memcached to use. Proof of concept code included. Version 6.1 ce is confirmed vulnerable.
-
-
23:36
»
Packet Storm Security Exploits
Samsung devices with support for remote controllers suffer from endless restart and possible buffer overflow vulnerabilities. Proof of concept code included.
-
23:36
»
Packet Storm Security Recent Files
Samsung devices with support for remote controllers suffer from endless restart and possible buffer overflow vulnerabilities. Proof of concept code included.
-
23:36
»
Packet Storm Security Misc. Files
Samsung devices with support for remote controllers suffer from endless restart and possible buffer overflow vulnerabilities. Proof of concept code included.
-
-
16:05
»
Packet Storm Security Exploits
LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
-
16:05
»
Packet Storm Security Recent Files
LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
-
16:05
»
Packet Storm Security Misc. Files
LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
-
12:31
»
Packet Storm Security Exploits
This is a proof of concept exploit for the vulnerability documented in MS11-046 for the Microsoft Windows Ancillary Function Driver (AFD).
-
-
10:01
»
Hack a Day
We should have included a footnote in the title. You can say that [Thomas Polasek] installed a full version of Arch Linux on his Nook Color, but there’s one caveat. It’s running on top of the Android kernel and his proof-of-concept uses a second computer to get it up and running. But there’s potential for [...]
-
-
14:55
»
Packet Storm Security Exploits
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
-
14:55
»
Packet Storm Security Recent Files
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
-
14:55
»
Packet Storm Security Misc. Files
McAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included.
-
-
22:03
»
Packet Storm Security Exploits
Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
-
22:03
»
Packet Storm Security Recent Files
Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
-
22:03
»
Packet Storm Security Misc. Files
Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
-
21:57
»
Packet Storm Security Exploits
This file documents a proof of concept to demonstrate the cross site scripting vulnerability in the Drupal Activity module version 6.x.
-
21:00
»
Packet Storm Security Exploits
Quest InTrust version 10.4.x with Annotation Objects active-x control ANNOTATEX.DLL suffers from a remote code execution vulnerability. Proof of concept code included.
-
21:00
»
Packet Storm Security Recent Files
Quest InTrust version 10.4.x with Annotation Objects active-x control ANNOTATEX.DLL suffers from a remote code execution vulnerability. Proof of concept code included.
-
21:00
»
Packet Storm Security Misc. Files
Quest InTrust version 10.4.x with Annotation Objects active-x control ANNOTATEX.DLL suffers from a remote code execution vulnerability. Proof of concept code included.
-
20:57
»
Packet Storm Security Exploits
The TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included.
-
20:57
»
Packet Storm Security Recent Files
The TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included.
-
20:57
»
Packet Storm Security Misc. Files
The TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included.
-
9:02
»
Hack a Day
[Marco] has had some fun with OpenCV in the area of face tracking. Using an older laser project, he has cobbled together a system that will track a face and put a laser on it. While he is just using this as a proof of concept, it goes without saying that you probably shouldn’t mount [...]
-
-
18:48
»
Packet Storm Security Exploits
This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.
-
18:48
»
Packet Storm Security Recent Files
This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.
-
18:48
»
Packet Storm Security Misc. Files
This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.
-
-
7:44
»
Packet Storm Security Exploits
By supplying a NULL-byte to the PyPAM module, a double-free condition is triggered. This condition may allow for remote code execution. Proof of concept included.
-
7:44
»
Packet Storm Security Recent Files
By supplying a NULL-byte to the PyPAM module, a double-free condition is triggered. This condition may allow for remote code execution. Proof of concept included.
-
7:44
»
Packet Storm Security Misc. Files
By supplying a NULL-byte to the PyPAM module, a double-free condition is triggered. This condition may allow for remote code execution. Proof of concept included.
-
10:22
»
Packet Storm Security Exploits
Netmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
-
10:22
»
Packet Storm Security Recent Files
Netmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
-
10:22
»
Packet Storm Security Misc. Files
Netmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
-
8:15
»
Packet Storm Security Exploits
Netmechanica NetDecision 4.5.1 Dashboard Server version 1.0 is prone to an information disclosure vulnerability. Proof of concept exploit included.
-
8:15
»
Packet Storm Security Recent Files
Netmechanica NetDecision 4.5.1 Dashboard Server version 1.0 is prone to an information disclosure vulnerability. Proof of concept exploit included.
-
8:15
»
Packet Storm Security Misc. Files
Netmechanica NetDecision 4.5.1 Dashboard Server version 1.0 is prone to an information disclosure vulnerability. Proof of concept exploit included.
-
19:39
»
Packet Storm Security Exploits
Novell GroupWise Messenger versions 2.1.0 and below suffer from a memory corruption vulnerability. Proof of concept code included.
-
-
3:11
»
Packet Storm Security Exploits
Proof of concept code for a vulnerability in protocol.c from Apache versions 2.2.x through 2.2.21. The issue is that it does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies.
-
-
15:37
»
Packet Storm Security Exploits
This proof of concept demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker.
-
15:37
»
Packet Storm Security Recent Files
This proof of concept demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker.
-
15:37
»
Packet Storm Security Misc. Files
This proof of concept demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker.
-
-
17:11
»
Packet Storm Security Exploits
HashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
5:22
»
Packet Storm Security Exploits
Proof of concept malicious .docm file that exploits the Microsoft Windows Assembly Execution vulnerability as described in MS12-005.
-
-
18:30
»
Packet Storm Security Exploits
HashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
-
6:53
»
Packet Storm Security Exploits
PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
6:53
»
Packet Storm Security Recent Files
PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
6:53
»
Packet Storm Security Misc. Files
PHP 5.3.x hash collision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
-
-
11:11
»
Hack a Day
This proof-of-concept is just waiting for you to put it to good use. [Mike Tsao] wrote an Arduino sketch that lets him decode incoming audio data which could be used to program the device. He’s calling the project TribeDuino because it decodes an audio file which is actually the firmware update for a Korg Monotribe. [...]
-
-
13:43
»
Packet Storm Security Exploits
A vulnerability in the IrfanView FlashPix plugin exists due to the "Free_All_Memory()" function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. Proof of concept exploit included.
-
13:43
»
Packet Storm Security Recent Files
A vulnerability in the IrfanView FlashPix plugin exists due to the "Free_All_Memory()" function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. Proof of concept exploit included.
-
13:43
»
Packet Storm Security Misc. Files
A vulnerability in the IrfanView FlashPix plugin exists due to the "Free_All_Memory()" function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. Proof of concept exploit included.
-
13:37
»
Packet Storm Security Exploits
Proof of concept code that demonstrates a remote command execution in Plone versions 4.0 through 4.0.9, 4.1, 4.2 (a1 and a2) and Zope versions 2.12.x and 2.13.x.
-
13:37
»
Packet Storm Security Recent Files
Proof of concept code that demonstrates a remote command execution in Plone versions 4.0 through 4.0.9, 4.1, 4.2 (a1 and a2) and Zope versions 2.12.x and 2.13.x.
-
13:37
»
Packet Storm Security Misc. Files
Proof of concept code that demonstrates a remote command execution in Plone versions 4.0 through 4.0.9, 4.1, 4.2 (a1 and a2) and Zope versions 2.12.x and 2.13.x.
-
-
7:54
»
Packet Storm Security Exploits
This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.
-
7:54
»
Packet Storm Security Recent Files
This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.
-
7:54
»
Packet Storm Security Misc. Files
This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.
-
-
17:48
»
Packet Storm Security Exploits
JavaScript allows you to exploit human cognitive abilities to a remarkable extent; tools such as window positioning, history.forward() and history.back(), open some scary possibilities that we are completely unprepared to deal with. This proof-of-concept aims to demonstrate this; while it is intentionally crude and makes no real effort to conceal its operation, the transitions can be made seamless and very difficult to perceive. Very accurate click prediction can be achieved by carefully measuring mouse velocity and distance to destination, too.
-
17:48
»
Packet Storm Security Recent Files
JavaScript allows you to exploit human cognitive abilities to a remarkable extent; tools such as window positioning, history.forward() and history.back(), open some scary possibilities that we are completely unprepared to deal with. This proof-of-concept aims to demonstrate this; while it is intentionally crude and makes no real effort to conceal its operation, the transitions can be made seamless and very difficult to perceive. Very accurate click prediction can be achieved by carefully measuring mouse velocity and distance to destination, too.
-
17:48
»
Packet Storm Security Misc. Files
JavaScript allows you to exploit human cognitive abilities to a remarkable extent; tools such as window positioning, history.forward() and history.back(), open some scary possibilities that we are completely unprepared to deal with. This proof-of-concept aims to demonstrate this; while it is intentionally crude and makes no real effort to conceal its operation, the transitions can be made seamless and very difficult to perceive. Very accurate click prediction can be achieved by carefully measuring mouse velocity and distance to destination, too.
-
-
11:23
»
Packet Storm Security Exploits
Local proof of concept exploit that demonstrates a privilege boundary crossing vulnerability in acpid. Written to work on Ubuntu 11.10 and 11.04.
-
11:23
»
Packet Storm Security Recent Files
Local proof of concept exploit that demonstrates a privilege boundary crossing vulnerability in acpid. Written to work on Ubuntu 11.10 and 11.04.
-
11:23
»
Packet Storm Security Misc. Files
Local proof of concept exploit that demonstrates a privilege boundary crossing vulnerability in acpid. Written to work on Ubuntu 11.10 and 11.04.
-
-
8:52
»
Packet Storm Security Exploits
It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
-
8:52
»
Packet Storm Security Recent Files
It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
-
8:52
»
Packet Storm Security Misc. Files
It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
-
-
11:22
»
Packet Storm Security Exploits
Serv-U FTP versions 11.1.0.3 and below suffer from management console access and socket/port consumption vulnerabilities. Proof of concept exploits included.
-
11:22
»
Packet Storm Security Recent Files
Serv-U FTP versions 11.1.0.3 and below suffer from management console access and socket/port consumption vulnerabilities. Proof of concept exploits included.
-
11:22
»
Packet Storm Security Misc. Files
Serv-U FTP versions 11.1.0.3 and below suffer from management console access and socket/port consumption vulnerabilities. Proof of concept exploits included.
-
7:51
»
Packet Storm Security Exploits
Hillstone Software HS TFTP Server suffers from a denial of service vulnerability. Proof of concept exploit included. The vulnerability is caused due to improper validation of a WRITE/READ request parameter containing a long file name, which allows remote attackers to crash the service.
-
7:51
»
Packet Storm Security Recent Files
Hillstone Software HS TFTP Server suffers from a denial of service vulnerability. Proof of concept exploit included. The vulnerability is caused due to improper validation of a WRITE/READ request parameter containing a long file name, which allows remote attackers to crash the service.
-
7:51
»
Packet Storm Security Misc. Files
Hillstone Software HS TFTP Server suffers from a denial of service vulnerability. Proof of concept exploit included. The vulnerability is caused due to improper validation of a WRITE/READ request parameter containing a long file name, which allows remote attackers to crash the service.
-
-
17:46
»
Packet Storm Security Recent Files
These are the slides from the Hacking Hollywood presentation given at Ruxcon 2011. It documents vulnerabilities that the researcher discovered in various pieces of software in use by large Hollywood studios. Be sure to check out the related files for this presentation as there are multiple proof of concept exploits and advisories.
-
17:46
»
Packet Storm Security Misc. Files
These are the slides from the Hacking Hollywood presentation given at Ruxcon 2011. It documents vulnerabilities that the researcher discovered in various pieces of software in use by large Hollywood studios. Be sure to check out the related files for this presentation as there are multiple proof of concept exploits and advisories.
-
8:25
»
Packet Storm Security Exploits
Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a memory corruption vulnerability. Proof of concept included.
-
-
15:53
»
Packet Storm Security Exploits
A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.
-
15:53
»
Packet Storm Security Recent Files
A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.
-
15:53
»
Packet Storm Security Misc. Files
A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.
-
-
15:16
»
Packet Storm Security Exploits
Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control SaveViewStateToFile remote file creation / overwrite vulnerability. Proof of concept code included.
-
15:16
»
Packet Storm Security Recent Files
Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control SaveViewStateToFile remote file creation / overwrite vulnerability. Proof of concept code included.
-
15:16
»
Packet Storm Security Misc. Files
Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control SaveViewStateToFile remote file creation / overwrite vulnerability. Proof of concept code included.
-
-
7:40
»
Packet Storm Security Exploits
PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
-
7:40
»
Packet Storm Security Exploits
PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution
