exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Moritz Bechler

First Active2016-07-26
Last Active2022-09-13
TIBCO JasperReports Server 8.0.2 Community Edition Code Execution
Posted Sep 13, 2022
Authored by Moritz Bechler | Site syss.de

Due to JMX/RMI services in TIBCO JasperReports Server version 8.0.2 Community Edition performing unsafe deserialization, it is possible to execute arbitrary code and system commands on the server system.

tags | exploit, arbitrary
SHA-256 | cf89a5a1afe1398d346a6c138d693ce3eb1e1c2bf02ce2079b699b2424581b9c
Oracle Database Weak NNE Integrity Key Derivation
Posted Dec 13, 2021
Authored by Moritz Bechler | Site syss.de

NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes (MACs). Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.

tags | exploit
advisories | CVE-2021-2351
SHA-256 | 819ba67d5e27ccd91c65c8f0781b76862e43a929fdc227c9dab9c9d20d7aa8d2
Oracle Database Protection Mechanism Bypass
Posted Dec 13, 2021
Authored by Moritz Bechler | Site syss.de

Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.

tags | exploit
advisories | CVE-2021-2351
SHA-256 | d0de07f4f0e48542261c0ae9b420a3424f2d3aa4191dbb91e07c6c991ab3de7b
Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization
Posted May 19, 2020
Authored by Moritz Bechler | Site syss.de

Protection Licensing Toolkit ReadyAPI version 3.2.5 suffers from an unsafe deserialization vulnerability that allows for remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2020-12835
SHA-256 | 0a738ab46dd18ea4fe3151340310163ee7d1af2f6352f68d94c163c9e82580b4
SquirrelMail 1.4.22 Cross Site Scripting
Posted Jul 1, 2019
Authored by Moritz Bechler | Site syss.de

SquirrelMail version 1.4.22 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-12970
SHA-256 | e0fade0e7c5216f5956fdcd3b89294dead81e66b576a08326b496cc18d4bc0f4
Coldfusion / JNBridge Remote Code Execution
Posted Jun 26, 2019
Authored by Moritz Bechler | Site syss.de

Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2019-7839
SHA-256 | f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58d
LDAP Swiss Army Knife
Posted Jun 12, 2019
Authored by Moritz Bechler | Site github.com

This paper presents the "LDAP Swiss Army Knife", an easy to use LDAP server implementation built for penetration oder software testing. Apart from general usage as a server or proxy it also shows some specific attacks against Java/JNDI based LDAP clients.

tags | paper, java
SHA-256 | 341da515f73e2922c4e4729bef9645201fe4a74fdb8cb1bf8b386787d5631e80
Dojo Toolkit 1.13 Cross Site Scripting
Posted Aug 27, 2018
Authored by Moritz Bechler | Site syss.de

Dojo Toolkit version 1.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-15494
SHA-256 | f84edcee9a5e3daa0ab8b77ca5133492843ef287eff253e7a7157bf5d674faa8
ILIAS 5.3.2 / 5.2.14 / 5.1.25 Cross Site Scripting
Posted May 22, 2018
Authored by Moritz Bechler | Site syss.de

ILIAS versions 5.3.2, 5.2.14, and 5.1.25 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10428
SHA-256 | 2aac0222aebf2e7413630a3b07065dedd067ddc45d6a86a9fc12a1676428cf5d
Bamboo Deserialization Issue
Posted Jul 26, 2016
Authored by David Black, Moritz Bechler

This advisory discloses a critical severity security vulnerability which was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the fixed version for 5.12.x) are affected by this vulnerability.

tags | advisory
advisories | CVE-2016-5229
SHA-256 | dbfb17c0ede40ea6f49b801493783efdda5b7f9fcc1178a440c9e193c5f682f4
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close