by Julien Ahrens | Saturday, February 23, 2013 | Advisory
This is a sweet vulnerability, because all ProShow installations on all Microsoft Windows operating systems up to Windows 8 are exploitable! Let’s have a look at the details and how to exploit it to get a remote shell 🙂 When launching the application, it loads...
by Julien Ahrens | Monday, February 18, 2013 | Advisory
And here’s the next one. A SEH-based Buffer Overflow – exploitable on all 32bit windows systems out there :-). The application does not validate (again, but in a different module) the length of the title value while loading the contents of a ProShow...
by Julien Ahrens | Thursday, February 14, 2013 | Advisory
Hello readers, as predicted 🙂 … here’s the next vulnerability in the ProShow Producer application by Photodex. This time, it’s a dangerous memory corruption which could lead to “remote” code execution using a crafted .pxs file. An...
by Julien Ahrens | Wednesday, January 9, 2013 | Advisory
Another day, some new XSS flaws. At first the big fashion label Marc O’Polo fixed a major Cross-Site Scripting issue in their online shop system. Good news, because a malicious attacker was able to use this security hole to hijack (and steal) every account...
by Julien Ahrens | Tuesday, November 27, 2012 | Advisory
In early November, I found several Cross-Site Scripting vulnerabilites on the official website of the bavarian social democrats (also called “SPD” – which is the oldest political party in Germany) and immediately notified the official press office...
by Julien Ahrens | Friday, November 9, 2012 | Advisory
Inshell Security Advisory Inshell Security Advisory Home 1\. ADVISORY INFORMATION ———————– Product: Zoner Photo Studio Vendor URL: www.zoner.com Type: Stack-based Buffer Overflow [CWE-121] Date found: 2012-10-17 Date...
