Archive for August, 2010

Adobe Acrobat Reader and Flash Player “newclass” invalid pointer

muts
Abysssec Research 1) Advisory information Title Adobe Acrobat Reader and Flash Player “newclass” invalid pointer vulnerability Version <= adobe reader 9.3.2 Analysis http://www.abysssec.com Vendor http://www.adobe.com Impact Ciritical Contact shahin [at] abysssec.com , info [at] abysssec.com Twitter @abysssec CVE CVE-2010-1297 Exploit...
Read More

Cpanel PHP Restriction Bypass Vulnerability 0day

muts
Abysssec Research 1) Advisory information Title Cpanel PHP Restriction Bypass Vulnerability Version
Read More

Exploit Database – Community Edition

muts

The Exploit Database is happy to announce some exciting EDB community features which have been implemented recently.  From the 1st of Sept, 2010, we will be inviting well established exploit writers and EDB “regulars” to have greater involvement with the…

Read More

DLL Hijacking Vulnerable Applications

dookie2000ca

Due to the overwhelming number of submissions we are receiving for applications that are vulnerable to DLL Hijacking, we will continue to update this post with submissions we receive rather than continuing to create a separate entry for each one.

Read More

MOAUB – 30 days of 0days, Binary Analysis and PoCs

muts

The Abysssec Security Team is about to unleash its Month Of Abysssec Undisclosed Bugs on us. Starting on the 1st of September, Abysssec will release a collection of 0days,  web application vulnerabilities, and detailed binary analysis (and pocs) for recently…

Read More

Exploiting Internet Explorer 7 – Case Study

muts

In this post we are going to take a vulnerability in Internet Explorer 6/7 that was exploited in a relatively stable manner and attempt to add the DEP bypassing ability. The main exploit for this vulnerability has been implemented as…

Read More

Exploiting Internet Explorer 7 With Dot Net

muts

In this post we will demonstrate the method discussed by mark dowd and alex sotirov for bypassing DEP and ASLR on IE 6/7 running on a windows vista machine. This method is simple and useful. We will create a .NET…

Read More

vBulletin – Not So Secure Anymore

muts

Some time ago, an LFI vulnerability within vBSEO was discovered, which allowed an attacker to include locally hosted files. The challenge, when confronted with an LFI vulnerability, is to leverage it into executing arbitrary code of our choosing.

Read More

Outlook Web Access 2007 CSRF Vulnerability

ronin

After receiving a recent submission affecting OWA 2007, we have been eyeing a proper environment to test it out. With Exchange 2007 installed on Windows Server 2008 and OWA in place, we started our trusted bt4 webserver and put the…

Read More