Clik here to view.
Microsoft Security Essentials reporting false positives in the Bitcoin...
Earlier today, a virus signature from the virus "DOS/STONED" was uploaded into the Bitcoin blockchain, which allows small snippets of text to accompany user transactions with bitcoin. Since this is...
View ArticleClik here to view.
Mozilla Firefox 29.0 - Null Pointer Dereference Vulnerability
<html><title>Mozilla Firefox Null Pointer Dereference Vulnerability</title><pre>Fun side of life!<br>Details: Title: Mozilla Firefox Null Pointer Dereference...
View ArticleClik here to view.
Wireshark 1.10.7 - DoS PoC
#!/usr/bin/python# Exploit Title: Wireshark Read Access Violation near NULL starting at libcairo_2!cairo_image_surface_get_data()# Date: May 15th 2014# Author: Osanda Malith Jayathissa# E-Mail:...
View ArticleClik here to view.
Realplayer 16.0.3.51 Memory Corruption
# Exploit Title: [Realplayer memory corruption in latest Version 16.0.3.51 ]# Date: [2014/05/13]# Exploit Author: [Aryan Bayaninejad]# Linkedin : [https://www.linkedin.com/profile/view?id=276969082]#...
View ArticleClik here to view.
BarracudaDrive 6.7.2 XSS
################################################################################ Exploit Title : BarracudaDrive Content Management System Multiple XSS Vulnerabilities# Author : Manish Kishan...
View ArticleClik here to view.
Intel Ideo Video 4.5 Memory Corruption (CVE-2014-3735)
# Exploit Title: [Intel Ideo video 4.5 ir41_32.ax version 4.51.16.3 MemoryCorruption ]# Date: [2014/05/12]# Exploit Author: [Aryan Bayaninejad]# Linkedin :...
View ArticleClik here to view.
Allplayer 5.9 Memory Corruption (CVE-2014-3736)
# Exploit Title: [Allplayer memory corruption in latest Version 5.9 ]# Date: [2014/05/14]# Exploit Author: [Aryan Bayaninejad]# Linkedin : [https://www.linkedin.com/profile/view?id=276969082]# Vendor...
View ArticleClik here to view.
WinAMP 5.666 Memory Corruption (CVE-2014-3442)
Exploit Title: [Winamp memory corruption in latest Version v5.666 build3516 x86 ]# Date: [2014/05/13]# Exploit Author: [Aryan Bayaninejad]# Linkedin :...
View ArticleClik here to view.
cracking the infernal hades
About a month ago, Vulnhub released a boot2root image built by Lok_Sigma called Hades. The box promised to be full of annoyances and it delivered them in droves. Requiring a combination of exploit...
View ArticleClik here to view.
libmacaroons- Macaroons are Better Than Cookies!
This library provides an implementation of macaroons[1], which are flexibleauthorization tokens that work great in distributed systems. Like cookies,macaroons are bearer tokens that enable...
View ArticleClik here to view.
Windows Gadget Malware
This morning I ran across an interesting piece of malware. It was a Trojan downloader packaged as a .gadget file. Gadgets are the little things used in the Windows sidebar, like a clock, rss feeds, cpu...
View ArticleClik here to view.
Apparent PoC for CVE-2014-1322 ASLR protection mechanism bypass via pastebin
NVD decription http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1322The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space,...
View ArticleClik here to view.
Xen Security Advisory 95...
Xen Security Advisory CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717 / XSA-95 version 3 input handling vulnerabilities loading guest kernel on ARMUPDATES IN...
View ArticleClik here to view.
HP Release Control Authenticated Privilege Escalation and XXE
Linked is a gist detailing a few vulnerabilities I found in HP ReleaseControl 9.20.0000, Build 395.You can download it on the On-premise software tab...
View ArticleClik here to view.
Slides: Using BGP for realtime import and export of spam whitelist/blacklist...
The results of using BGP for realtime import and export of spam whitelist/blacklist entriesIn early 2013, I introduced a new method to distribute spam whitelist/blacklist entries. Now, I am able to...
View ArticleClik here to view.
PacketFence
A network access control (NAC) system featuring a captive-portal for registration and remediation, wired and wireless management, 802.1X support, isolation of devices, integration with IDS; it can be...
View ArticleClik here to view.
Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit
/** quick'n'dirty poc for CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8* bug found by Spender* poc by SynQ** hard-coded for 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686...
View ArticleClik here to view.
Pulse gallery SQLi Vulnerability
#################################################################################################### Author: kj-fido# Date: 5/14/2014# Vendor Homepage: http://pulse.bg/# Vulnerability Type: SQL...
View ArticleClik here to view.
Harvard & MIT Students Have Created an Email So Secure Even the NSA Can't...
Nearly a year ago, former CIA technical assistant Edward Snowden stepped forward to say he was responsible for one of the most explosive leaks in history. The National Security Agency was exposed, and...
View ArticleClik here to view.
One RCE Vulnerability to Hack Yahoo, Microsoft, Orange
Today I will be talking about a “Unauthorized Admin Access” that led to “Remote Code Injection” on many domains of “Yahoo“, “Microsoft MSN“, And “Orange“.more...
View Article