==
xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )
==
Author: geinblues ( geinblues [at] gmail [dot] com )
DATE: 9.7.2008
Site: http://enterblue.net/~x90c/
Risk: Midium
==
[0] Vulnerability Tracing ( Tracing [BREAK 0] ~ [BREAK 6] )
~/xoops-1.3.10/html
Title : Azboard = 1.0 Multiple Sql Injections
Published : 2006.5.14
Author : x90c(#51221;#44221;#51452;)@chollian.net/~jyj9782/
Link : http://user.chol.com/~jyj9782/sec/azboard_advisory.txt
0x01 Summary
Azboard is a web board written in asp (active server pages).
It has a sql injection
Title : YapBB = 1.2 Beta2 'find.php' SQL Injection Vulnerability
--
Author : x90c(Kyong Joo, Jung)
Published : 2006.5.16
E-mail : geinblues [at] gmail.com
Site : http://www.chollian.net/~jyj9782
--
0x01
Lately, MS Windows SEH overflow attack technique only uses the methods.
[mostly used method]
win xp sp2(SEH): 'pop pop ret' - David Litchfield 2003.
win xp sp3(SafeSEH): unloaded module's 'pop pop ret' - Litchfield 2003.
win server 2008/Vista sp1(SEHOP): SYSDREAM(c)'s 'xor pop pop ret'.
Hello,
I wrote this to introduce a small paper for my exploitation method of
SafeSEH+SEHOP bypass in Oct, 2010.
(http://www.x90c.org/SEH all-at-once attack.pdf,
http://www.exploit-db.com/exploits/15184)
Sadly it's not portable. But leave some thoughts about the method.
- SafeSEH+SEHOP
MS Excel 2002/2003 CRN record 0day PoC
Hi Forks!
It's ms excel poc I discovered.
I analyzed it to check the exploitability.
It's not exploitable!
If you may can, do exploit it!
and plz share the 0day exploit.
Vulnerable:
- Office XP ( Excel 2002 ) sp0 to sp3
- Office
Hi Forks!
I share my WOFF 1day exploit.
* attachment:
http://www.x90c.org/exploits/x90c_WOFF_exploit.tgz
(dep bypass)
* vulnerability:
CVE-2010-1028 WOFF Heap Corruption due to Integer Overflow
* affacted Products:
- Mozilla Firefox 3.6 ( Gecko 1.9.2 )
- Mozilla Firefox 3.6
Hi Forks!
It's my samba private exploit and article
of it. the security bug occurs while nttrans
reply in samba daemon source code tree.
the remote dos exploit that i copied from
another nttrans exploit in 2003. and can't
test it yet, check it out!
CVE-2013-4124 samba dos private exploit:
-
Hi forks!
I added automated offset and second
argv to server name for nbt session
to my samba dos exploit I released
before
and I attached the exploit on the
article for it
samba dos exploit should be works!
- samba dos exploit:
http://www.x90c.org/exploits/samba_nttrans_exploit.c
- the
++
| XADV-2013001 libtiff = 3.9.5 integer overflow bug |
++
vulnerable versions:
- libtiff 3.9.5 =
- libtiff 3.6.0
not vulnerable versions:
- libtiff 4.0.3
- libtiff 4.0.2
- libtiff 4.0.1
-
Hi forks!
I release an article for linux kernel security.
- http://www.x90c.org/articles/linux_kernel_patches.txt
x90c
Linux Kernel Patches For Linux Kernel Security
______
/ _ \ / _ \
__ __| (_) || | | | ___
\ \/ / \__. || | | | / __|
Impact: crash
Vendor: https://www.gnu.org/software/libc
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
[Unspecified reloc types bug]
'defaults:' label codes on If not defined RTLD_BOOTSTRAP, glibc 2.5
defined RTLD_BOOTSTRAP default. The elf_machine_rel
I Release The Article!
x90c
--
The Audit DSOs of the rtld
______
/ _ \ / _ \
__ __| (_) || | | | ___
\ \/ / \__. || | | | / __|
|
++
Vulnerable versions:
- linux kernel 2.6.18
Testbed: linux kernel 2.6.18
Type: Local
Impact: kernel panic or potential local privelge escalation.
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The write_tag_3_packet
Impact: Critical
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The bt8xx video driver is a video capture driver. It supports Bt848
Bt849, Bt878, and Bt879.
The bt8xx video driver in the linux kernel has a vulnerability
XADV-2013005
FreeBSD 10 = nand Driver IOCTL Kernel Memory Leak Bug
1. Overview
The nand driver in freebsd = 10 has a vulnerability to leak
arbitrary kernel memory to the userspace. It's occured at
nand_ioctl() kernel function and because no proper initialize
the allocated kernel memory. It's
XADV-2013006
FreeBSD = 10 kernel qlxge/qlxgbe Driver IOCTL Multiple Kernel Memory Leak Bugs
1. Overview
The qlxge Driver is Qlogic 10Gb Ethernet Driver for Qlogic 8100
Series CNA Adapter [1]. The qlxgbe for the QLogic 8300 series
of the same ethernet driver.
The qlxge/qlxgbe Driver in
2.6.18
Type: Local
Impact: Kernel Panic
Vendor: http://www.x90c.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The fbdev driver is frame buffer driver for arc monochrome lcd
board in the linux kernel.
The linux kernel driver has a overflow
=
Testbed: ubuntu
Type: Local
Impact: Medium
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The Linux Socket Filtering is derived from the Berkeley Packet Filter.
There are some distinct differences between the BSD and Linux Kernel
: Medium
Vendor: http://www.kernel.org
Author: x90c geinblues *nospam* gmail dot com
Site: x90c.org
=
ABSTRACT:
=
The bt8xx video driver is a video capture driver. It supports Bt848
Bt849, Bt878, and Bt879.
The bt8xx video driver in the linux kernel has a vulnerability to
occur Integer
21 matches
Mail list logo