Microsoft Windows tracing register key ACL privilege escalation demonstration code.
fda37dcda8d4a51a61a3269e617929ac5ffe8cfc2d68baee5d4ca6d5c52c2849
Whitepaper called Opening Intranets to attacks by using Internet Explorer. This document covers the topic of hacking Intranet websites through various unconventional means. Technical details shed light on the impact of default security configuration settings within Internet Explorer that can be leveraged to attack internal Intranet websites remotely (from the Internet as well as remote users on the same LAN segment).
66045593d07f37903e7829c8dda101ab6b67ff339f8df92f4176b09b3a79d14e
Elevation of privileges proof of concept exploit for Token Kidnapping on Windows 2003.
7d1d0e2a463f6fec3a3278c0dadb8c9b85f4e47ebada5e0e3b9e5e8d084d5680
Whitepaper discussing token kidnapping on Microsoft Windows.
3aa72e11552701698d4dc68d94e3923dd75717343681d1d9ed97c4867016095a
Token Kidnapping - This presentation is about a new technique for elevating privileges on Windows mostly from services, this technique exploits design weaknesses in Microsoft Windows XP, 2003, Vista and even Windows 2008. While in Windows Vista and 2008 many new security protections have been added, because of other weaknesses some of the new protection mechanisms are almost useless.
40e7a53ef53b12614b71cc8defc384e185161986510e109617ac0fd30faa1aaf
Team SHATTER Security Advisory - IBM DB2 UDB suffers from an arbitrary file overwrite vulnerability in the SYSPROC.NNSTAT procedure.
5341890b3227b414075c1b956314d51adf6ce18ad13d13edb5b06ae739893562
Whitepaper entitled "Hacking Databases For Owning Your Data". This paper goes into specifics on how to compromise MS-SQL and Oracle databases. It includes tools and exploits as well.
4f0613de36a3479fd1e5e7c57266df8715f1eb1c690eea5f55baf65e0ef90793
Whitepaper that demonstrates an extremely simple technique to quickly audit a software product in order to infer how trustable and secure it is. Oracle is used as a test case. Proof of concept exploit is included.
904c6850febb646527b3645a17ff83d6aba25216e7fbcf87791119aa245eb915
Whitepaper entitled "WLSI - Windows Local Shellcode Injection" that describes a new technique to create 100% reliable local exploits for Microsoft Windows operating systems. The technique uses some Windows design weaknesses that allow low privileged processes to insert data into almost any Windows process regardless of their current privilege level. After a brief introduction and a description of the technique, a couple of samples (Exploits for MS05-012 and MS05-040) are included so the reader will be enabled to write their own exploits.
0edd124aeb55cb3125140eb5cdb86f78449fba1ac22466a4b4325fdf39c92857
Exploit for the COM structured storage vulnerability as described in MS05-012. Work on Win2k SP4, WinXP SP2, and Win2k3 SP0.
b0254015a10b6594140ffe50bc4155344c5a36122f3f931e66aab2e4ea94425e
Oracle 9R2 has an unpatched, known vulnerability in the CWM2_OLAP_AW_AWUTIL package. A flaw that was reported months ago and was claimed to be fixed in this last release.
4baacbeb7d755cb771ca19159c31c5adc4d70a971c8a33ae6de73c73c76e6667
Argeniss Security Advisory - Oracle database servers versions 8i and 9i are susceptible to directory traversal attacks.
fbdd2328be239c99f2f1f4d9662604a2451eee01ce19ea3fcb94fd2005ce1cc0
AppSecInc Advisory - The Microsoft Windows LPC (Local Procedure Call) mechanism is susceptible to a heap overflow that allows for privilege escalation.
8aff40b0ee0ad0cc1af142ebe5ba1bdbdb9b46ace767d159bfba4e3fac06d6fe
AppSecInc Advisory - Improper token validation in Microsoft Windows allows for local privilege elevation in Windows 2000, Windows XP, and Windows 2003 (all service packs).
59bdf12ab86d79cfc7916c6e95e0723e09b96782d162187d4d75392b97ca2ca9
AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.
36977a3722720f6c3f2f1e3bbe50f6af68d1a8103afc604a75caff18382bb344
A local elevation of privileges exists in the Windows Utility Manager which allows any user to take complete control over the operating system. This vulnerability affects the Windows 2000 operating system family.
06783ccb4127e8dc09bf4a647613438415e9c60af8c3a29e7ebdd29c4ff3750f
The Microsoft Active Server Pages (ASP) engine does not properly handle special cookie values when they are retrieved. Because of this, an unhandled error is returned to the client. This behavior can be used maliciously to gather sensitive information from web applications. All Microsoft Internet Information Server (IIS) web applications using Active Server Pages (ASP) are affected.
219594d6344f26a93e4767585c0c158ebb409b44abf565c8eeabc7209a00c60c
Security Advisory detailing original research from the Microsoft Local Troubleshooter ActiveX control buffer overflow that affects all versions of Microsoft Windows 2000.
3123057a0e33003e32d0c1dcbd81e7c68fe2683392807470c9f4cf6b670e203b
Yahoo! Webcam ActiveX controls are remotely susceptible to both a heap and stack based overflow vulnerability.
77415dcf52c38a6a335911442a1fbde9f49c7a2c7184a6d87d15d4affb71051a