what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 9 of 9

Files from Martin Barbella

MSIE MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free

Posted Apr 4, 2016

Authored by Martin Barbella, Google Security Research

Microsoft Internet Explorer suffers from a MSHTML!CSVGHelpers::SetAttributeStringAndPointer use-after-free vulnerability.

tags | exploit

systems | linux

advisories | CVE-2016-0111

SHA-256 | cdfd2516b0415fb4189bf3b250e34e4c24ca6d87e3f8efdff8a5bd6c5a4c5be0

Download | Favorite | View

Drupal Protected Node 6.x Access Bypass

Posted Jun 14, 2012

Authored by Martin Barbella | Site drupal.org

Drupal Protected Node third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass

SHA-256 | b4aaddf3a18e328ac108e52f95a4dcea1a732a0ccdd4f218edd6da70910802f5

Download | Favorite | View

PHP 5.3.3 GD Stack Buffer Overflow

Posted Dec 10, 2010

Authored by Martin Barbella

PHP 5.3.3 suffers from a GD extension imagepstext stack buffer overflow vulnerability.

tags | exploit, overflow, php

SHA-256 | dd471798a94019e55c17a159a67a7b668dc2b65a5268afe78a02db0606ae93bc

Download | Favorite | View

Linksys Router Cross Site Request Forgery

Posted Dec 3, 2010

Authored by Martin Barbella

Proof of concept exploits for cross site request forgery vulnerabilities found in the Linksys WRT54G2 and WRT54G routers.

tags | exploit, vulnerability, proof of concept, csrf

SHA-256 | b828c25f846a2d0368ccab279f0ecc63d70d06cad75e64a301b44245aa6d868b

Download | Favorite | View

Drupal Realname User Reference Information Disclosure

Posted Feb 16, 2010

Authored by Martin Barbella

The Realname User Reference widget in Drupal version 6.x-1.0 allows any user with access content permission to mine user name and real names from accounts.

tags | exploit, info disclosure

SHA-256 | a8e28216cd1d0f5195a5c2f0f4d8df8509c3c8d69917da8dab026b3e35d0fd12

Download | Favorite | View

Drupal MP3 Player Cross Site Scripting

Posted Feb 2, 2010

Authored by Martin Barbella

Drupal's MP3 Player module version 6.x-1.0-beta1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | bea709af4e24c40c41d70a3135a1196e412d132182f2fa56f7e35583b5bfc365

Download | Favorite | View

Drupal's Node Blocks Cross Site Scripting

Posted Jan 14, 2010

Authored by Martin Barbella

Drupal's Node Blocks contributed module versions 6.x-1.3 and 5.x-1.1 suffer from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | f68289c50815198eb6810c53c0b4256c3c719ad48903426b5a1dcdac4b55f1b8

Download | Favorite | View

Active Calendar 1.2.0 Cross Site Scripting

Posted Jan 11, 2010

Authored by Martin Barbella

Active Calendar version 1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 22b45e544fd05c068437c2e96a47768aa9fe4bb3cbef216acb4e06ce2b7e0327

Download | Favorite | View

JpGraph 3.0.6 Cross Site Scripting

Posted Dec 22, 2009

Authored by Martin Barbella

JpGraph version 3.0.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 0453010652eb79a6e0be9d48a2f4c48c61ac2edd0ceab142870919b01afd159d

Download | Favorite | View