Email address | private |
---|---|
First Active | 2002-05-20 |
Last Active | 2007-07-26 |
The Mozilla application platform currently has an unpatched input validation flaw which allows you to specify arbitrary command line arguments to any registered URL protocol handler process. Thunderbird version 2.0.0.5 fixes this. Full exploits included.
b87dd83511bb3193b27560787656bb08cbc129eb12d1eb43241e8ff546fbf7fb
There is a URL protocol handler command injection vulnerability in Internet Explorer for Windows that allows you to execute shell commands with arbitrary arguments. This vulnerability can be triggered without user interaction simply by visiting a webpage.
97817c440ccad36fa887930439c3bdaf4a4453e3d8bf7987f58f1e95ea0330a9
Safari 3 for Windows beta remote command execution proof of concept exploit.
9a4308881a1a075b2196e199766d0f712a4c0161fa63fc94e0ea6dd4af3e7b95
PHPMailer as included with applications such as WordPress, Mantis, etc, suffers from a remote command execution vulnerability.
f2c609d930657cbbc333da78bb6360b7c18eb1bb0cdb23b91c07449ca9511476
The directory traversal fix in Firefox version 2.0.0.4 only partially fixed the flaw and accidentally circumvents an existing input validation check.
4ad3e4fcce8b9bfb38e0e28040599ebf2b9642a4772941a3340a59feac189edf
The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
28d4e09c66a69895f688844fb1bccd3d2a1a91ee3d29b78564222eda4b3156f0
The Microsoft Internet Security and Acceleration, or ISA, server contains a default error page that can be used to conduct cross site scripting attacks against a legitimate user.
051076503bc72c2b87f59aeb4ad73074c982cd00eb77cfd9f35afb69941adc65
Thor Larholm security advisory TL#004 - Microsoft Windows 98 through XP contains an overflow in the Windows Help facility which allows arbitrary code execution. Denial of service exploit information included. Demonstration available here.
bea9be97470c7487053026c3e2c1f3610d8ef2897d9cfc633dcf350e2450936c
IE 6sp1 for Windows 2000 and 98 has bugs in the showModalDialog and showModelessDialog methods of displaying dialog boxes which can be used to execute arbitrary commands. Most unpatched IE and Outook installations are vulnerable. Online demonstration exploit MS02-023, but IE 5.5 and 5.0 are still vulnerable.
adc13976e792486d71a781d3724cb4456937c63b31fb36bdbe418a967f248f48