L'uomo dalle ciglia cucite alla fronte ______________
Jan 13, 2005
Author: rgod

scritto bolognese, mai corretto. Riscritto trenta volte, difficile lavoro di sottrazione. Comprendeva chorps trans, diviso in due sezioni.
leggi tutto...

various advisories & exploits ______________
Nov 7,, 2011
Author: rgod

Oracle Hyperion Strategic Finance Client 12.x Tidestone Formula One
WorkBook OLE Control TTF16 (6.3.5 Build 1) SetDevNames() Remote Heap Overflow poc

various advisories & exploits ______________
Nov 1, 2011
Author: rgod

Oracle Hyperion Financial Management TList6 ActiveX
Control Remote Code Execution Vulnerability advisory

Oracle Hyperion Financial Management 11.1.2.1.0
TList6.ocx ActiveX Control Remote Code Execution Vulnerability PoC

various advisories & exploits ______________
Oct 30, 2011
Author: rgod

Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer
Overflow PoC (*.oce)

various advisories & exploits ______________
Oct 20, 2011
Author: rgod

Oracle AutoVue 20.0.1 AutoVueX ActiveX Control ExportEdaBom Remote Code Execution Vulnerabilty

Oracle AutoVue 20.0.1 AutoVueX ActiveX Control Export3DBom Remote Code Execution Vulnerability

Oracle AutoVue 20.0.1 AutoVueX ActiveX Control SaveViewStateToFile Remote File Creation / Overwrite Vulnerability

various advisories & exploits ______________
Oct 18, 2011
Author: rgod

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers
HOST Attribute Stack Based Buffer Overflow Vulnerability

various advisories & exploits ______________
Sep 15, 2011
Author: rgod

Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration
getSubKeys() Remote SQL Injection Exploit

various advisories & exploits ______________
Jul 25, 2011
Author: rgod

CA ARCserve D2D r15 GWT RPC Request Auth Bypass /
Credentials Disclosure and Commands Execution PoC

various advisories & exploits ______________
Jul 13, 2011
Author: rgod

Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control
readRegVal() Remote Registry Dump Vulnerability

various advisories & exploits ______________
Jun 2, 2011
Author: rgod

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote
Commands Injection Vulnerability (advisory)

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote
Commands Injection Vulnerability (poc)

various advisories & exploits ______________
Apr 1, 2011
Author: rgod

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control
(InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution
and Code Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control
(InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution
Vulnerabilities

various advisories & exploits ______________
Dec 31, 2010
Author: rgod

HP Photo Creattive v. 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc

various advisories & exploits ______________
Dec 30, 2010
Author: rgod

CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet
Code Execution Vulnerability Poc

various advisories & exploits ______________
Dec 29, 2010
Author: rgod

Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc

various advisories & exploits ______________
Dec 2 , 2009
Author: Nine:Situations:Group ::pyrokinesis

Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit

various advisories & exploits ______________
Oct 1 , 2009
Author: Nine:Situations:Group ::pyrokinesis

Google Apps googleapps.url.mailto: // uri handler cross-browser remote command execution exploit

AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit

IBM Informix Client SDK 3.0 SetNet32 File (.nfx) Hostsize integer overflow exploit

EMC RepliStor Server (rep_serv.exe) 6.3.1.3 remote denial of service poc

Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges

AOL IWinAmpActiveX Class (AmpX.dll 2.4.0.6) ConvertFile() remote overflow exploit

South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges

RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit

RunCms v.2M1 store() - 'pid' remote SQL Injection Exploit

various advisories & exploits ______________
Sep 29 , 2009
Author: Nine:Situations:Group ::pyrokinesis

IBM Installation Manager <= 1.3.0 iim:// uri handler remote code execution exploit

EMC multiple products KeyWorks KeyHelp Module (keyhelp.o cx 1.2.312) remote buffer overflow exploit

Oracle Document Capture BlackIce DEVMODE ActiveX Control remote stack based buffer overflow

Oracle Document Capture BlackIce DEVMODE ActiveX Control remote command execution

Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges

HP LoadRunner 9.5 Persits.XU pload.2 control (XUpload.o cx) MakeHttpRe quest() remote file creation poc

various advisories & exploits ______________
May 30, 2009
Author: Nine:Situations:Group ::pyrokinesis

ICQ 6.5 URL Search Hook/ICQToolBar.dll .URL file processing Windows Explorer
remote buffer overflow poc

COWON America jetCast 2.0.4.1109 (.mp3) Local Overflow Exploit

Pinnacle Studio 12 (.hfz) Directory Traversal Vulnerability

Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit

Symantec Fax Viewer Control 10 (DCCFAXVW.DLL) Remote BOF Exploit

Zoom Player Pro v.3.30 .m3u File Buffer Overflow Exploit (seh)

Icewarp Merak Mail Server 9.4.1 Base64FileEncode() BOF PoC

Geeklog <= 1.5.2 savepreferences()/*blocks[] SQL Injection Exploit

ftpdmin 0.96 RNFR Remote Buffer Overflow Exploit

Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit

glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit

various advisories & exploits ______________
Mar 31 , 2009
Author: Nine:Situations:Group ::bruiser

glFusion <= 1.1.2 COM_applyFilter()/order SQL Injection Exploit

PHPizabi v0.848b C1 HFP1 Remote Privilege Escalation Vulnerability

BS.Player <= 2.34 Build 980 (.bsl) Local Buffer Overflow Exploit (SEH)

CDex 1.70b2 (.ogg) Local Buffer Overflow Exploit (xp/ sp3)

PPLive <= 1.9.21 (/LoadModule) URI Handlers Argument Injection Vuln

GeoVision LiveAudio ActiveX Remote Freed-Memory Access Exploit

various advisories & exploits ______________
Mar 05, 2009
Author: Nine:Situations:Group ::bruiser

SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit

various advisories & exploits ______________
Mar 03, 2009
Author: Nine:Situations:Group ::surfista

Activex test suite (this command line tool, written in C#, shows if a control is killbitted and safe for scripting / safe for initialization according to IObjectSafety interface (if implemented) or according to the windows registry (if IObjectSafety interface does not ovveride it), click to download it

Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc

various advisories & exploits ______________
Jan 08 , 2009
Author: Nine:Situations:Group ::bruiser

Megacubo 5.0.7 (mega://) remote eval() injection exploit

various advisories & exploits ______________
Dec 25 , 2008
Author: Nine:Situations:Group ::Pyrokinesis

Google Chrome (ChromeHTML://) Remote Parameter Injection (exploitable through IE)

KVIrc 3.4.2 Shiny (uri handler) Remote Command Execution Exploit

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Vulnerability

ooVoo 1.7.1.35 (URL Protocol) Remote Unicode Buffer Overflow PoC

hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities

various advisories & exploits ______________
Oct 8 , 2008
Author: Nine:Situations:Group ::Pyrokinesis

Microsoft PicturePusher ActiveX (PipPPush.DLL 7.00.0709) remote Cross Site File Upload attack poc

Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit

various advisories & exploits ______________
Sep 19, 2008
Author: Nine:Situations:Group :: bruiser

NuMedia Soft NMS DVD Burning SDK Activex (NMSDVDX.dll) remote exploit

Pluck 4.5.3 update.php remote file corruption exploit

CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit

Pivot 1.40.5 Dreamwind load_template() Credentials Disclosure Exploit

various advisories & exploits ______________
Jun 10 , 2008
Author: Nine:Situations:Group :: bookoo

muvee Technologies Text-Effect DXT Filter for autoProducer (TextOut.dll v6.0.18.1) Fontsetting property remote buffer overflow exploit

muvee Technologies MPEffects Module (MPEffects.dll 6.0.18.1) divide by zero crash

C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit

CA Internet Security Suite 2008 (UmxEventCli.dll/SaveToFile()) remote file corruption poc

various advisories & exploits ______________
Apr 12 , 2008
Author: rgod

D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5) / 4xem VatCtrl Class (VATDecoder.dll 1.0.0.51) / RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39) all-in-one exploit

various advisories & exploits ______________
Feb 9, 2008
Author: rgod

Microsoft DirectSpeechSynthesis Module (XVoice.dll 4.0.4.3303)
remote buffer overflow exploit/ (IE7/XP SP2 heap spray version)

Toshiba Surveillance (MeIpCamX.DLL 1.0.0.4) Remote BOF Exploit

RTS Sentry Digital Surveillance (CamPanel.dll 2.1.0.2) BOF Exploit

NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) remote heap
overflow exploit (IE7/XP SP2)

level One Digital Data Communications (RtspVaPgCtrl) "MP4Prefix" Remote BOF Exploit

ImageShack Toolbar 4.5.7 FileUploader Class Insecure Method PoC

various advisories & exploits ______________
Dec 17, 2007
Author: rgod

iMesh < = 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote heap exploit

RaidenHTTPD 2.0.19 ulang cmd exec poc exploit

SurgeMail v.38k4 webmail Host header denial of service exploit

various advisories & exploits ______________
Nov 5, 2007
Author: rgod

GOM Player 2.1.6.3499 (GomWeb3.dll 1.0.0.12) Remote Overflow Exploit

CyberLink PowerDVD CreateNewFile Arbitrary Remote Rewrite DoS

EasyMail MessagePrinter Object (emprint.DLL 6.0.1.0) BOF Exploit

various advisories & exploits ______________
Sep 7, 2007
Author: rgod

Microsoft SQL Server Distributed Management Objects OLE DLL for
SQL Enterprise Manager (sqldmo.dll) remote buffer overflow poc

various advisories & exploits ______________
Sep 3, 2007
Author: rgod

Telecom Italy Alice Messenger Hp.Revolution.RegistryManager.dll (v.1) remote arbitrary registry key manipulation

Hexamail Server 3.0.0.001 (pop3) pre-auth remote overflow poc

various advisories & exploits ______________
Aug 30, 2007
Author: rgod

Postcast Server Pro 3.0.61 / Quiksoft EasyMail (emsmtp.dll 6.0.1) BoF

eCentrex VOIP Client module (uacomx.ocx 2.0.1) Remote BOF Exploit

various advisories & exploits ______________
Jul 12, 2007
Author: rgod

AMX Corp. VNC ActiveX Control (AmxVnc.dll 1.0.13.0) BoF Exploit

PHP 5.2.3 Tidy extension Local Buffer Overflow Exploit

various advisories & exploits ______________
Jun 12, 2007
Author: rgod

Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll)
/ DirectSpeechRecognition Module (Xlisten.dll)
remote buffer overflow exploit / 2k sp4 seh version

Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll 4.0.4.2512)
/ DirectSpeechRecognition Module (Xlisten.dll 4.0.4.2512)
remote buffer overflow exploit/ xp sp2 version

advisories ______________
Nov 13, 2011
Author: rgod

[ZDI] HP Data Protector Notebook Extension Policy Server LogBackupLocationStatus Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server LogClientInstallation Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension GetPolicies Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server RequestCopy Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server LogClientHealth Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server LogCopyOperation Remote SQL Injection Vulnerabilty

[ZDI] HP Data Protector Notebook Extension Policy Server FinishedCopy Remote SQL Injection Vulnerabilty

[ZDI] Novell ZENWorks Software Packaging ISGrid.Grid2.1 DoFindReplace bstrReplaceText Parameter Remote Code Execution Vulnerability

[ZDI] Novell Zenworks Software Packaging LaunchHelp.dll ActiveX Control LaunchProcess Remote Code Execution Vulnerability

[ZDI] Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability

[ZDI] Symantec IM Manager ProcessAction Remote Code Execution Vulnerability

[ZDI] HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability

[ZDI] CA Total Defense Suite Gateway Security Malformed HTTP Packet Remote Code Execution Vulnerability

[ZDI] Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability

[ZDI] CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability

[ZDI] CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability

[ZDI] CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability

[ZDI] RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability

[ZDI] McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability

[ZDI] CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability

[ZDI] IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

[ZDI] Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability

[ZDI] Oracle GoldenGate Veridata Server XML SOAP Request Parsing Remote Code Execution Vulnerability

[ZDI] Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability

[ZDI] Symantec Endpoint Protection Manager Reporting Server fw_charts.php Remote Code Execution Vulnerability

[ZDI] Symantec IM Manager rdServer.dll sGetDefinition SQL Injection Vulnerability

[ZDI] Symantec IM Manager Administrative Interface DetailReportGroup.lgx Definition File SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface SummaryReportGroup.lgx Definition File SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface LoggedInUsers.lgx Definition File SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface rdpageimlogic.aspx SQL Injection Vulnerabilities

[ZDI] Symantec IM Manager Administrative Interface IMAdminReportTrendFormRun.asp SQL Injection Vulnerability

[ZDI] Symantec IM Manager Administrative Interface IMAdminScheduleReport.asp SQL Injection Vulnerability

[ZDI] SAP BusinessObjects Crystal Reports Server CMS.exe Remote Code Execution Vulnerability

[ZDI] Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability

[ZDI] Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities

[ZDI[ Oracle Secure Backup Administration Authentication Bypass Vulnerability

[ZDI] Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability

[ZDI] Oracle Secure Backup Administration selector Command Injection Remote Code Execution Vulnerability

[ZDI] Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability

[ZDI] CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability/

[ZDI[ CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities

[ZDI] Skype URI Processing Arbitrary XML File Deletion Vulnerability

{ZDI] Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability