exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files from Eric Sesterhenn

First Active2013-06-14
Last Active2018-09-20
mgetty 1.2.0 Buffer Overflow / Privilege Escalation
Posted Sep 20, 2018
Authored by Eric Sesterhenn

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
advisories | CVE-2018-16741, CVE-2018-16742, CVE-2018-16743, CVE-2018-16744, CVE-2018-16745
MD5 | efa03dfc830f599a7cbecef8831e2779
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
MD5 | b13871247b7cf82557cf72c3c2ec0aa3
Linux PAM 0.6.9 Authentication Replay
Posted Aug 14, 2018
Authored by Eric Sesterhenn

It is possible to replay an authentication by using a specially prepared smartcard or token in case pam-pkcs11 is compiled with NSS support. Furthermore two minor implementation issues have been identified. Linux PAM version 0.6.9 is affected.

tags | advisory
systems | linux
MD5 | 42cff7513a00f9e744ee4a2533ad69ec
Yubico 0.1.9 libykneomgr Out Of Bounds Read / Write
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Yubico version 0.1.9 libykneomgr suffers from out of bounds read and write vulnerabilities.

tags | advisory, vulnerability
MD5 | 18095da83af4eeb2ebecbbde25a9bb78
Apple Smart Card Services Memory Corruption
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as any user.

tags | advisory, local, vulnerability, code execution
advisories | CVE-2018-4300, CVE-2018-4301
MD5 | ecc75d2e3e4e765c8de7001179ad0ec1
OpenSC 0.18.0 Buffer Overflow / Out Of Bounds Read
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Additionally to those fixes reported here, a lot of minor issues (eg. OOB reads and similar) have been reported and fixed. Version 0.18.0 is affected.

tags | advisory, overflow
MD5 | a2dd502bfe24ba28f95e8149df61a905
Yubico PIV Tool 1.5.0 Buffer Overflow
Posted Aug 14, 2018
Authored by Eric Sesterhenn

A buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token.

tags | advisory, overflow
advisories | CVE-2018-14779, CVE-2018-14780
MD5 | 2c4440042ac214d8089605f593a3a025
PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection
Posted Nov 10, 2017
Authored by Markus Vervier, Eric Sesterhenn

PSFTPd Windows FTP Server version 10.0.4 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2017-15269, CVE-2017-15270, CVE-2017-15271, CVE-2017-15272
MD5 | a6b220a3915564ca47ef1ce14c453651
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
Posted Jun 5, 2017
Authored by Eric Sesterhenn, Claus Overbeck

Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2017-8835, CVE-2017-8836, CVE-2017-8837, CVE-2017-8838, CVE-2017-8839, CVE-2017-8840, CVE-2017-8841
MD5 | 36d56c06b635fb1596ea43530b5b607e
X.org Privilege Escalation / Use-After-Free / Weak Entropy
Posted Mar 1, 2017
Authored by Eric Sesterhenn

X.org suffers from privilege escalation, weak entropy, and use-after-free vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-2624, CVE-2017-2625, CVE-2017-2626
MD5 | b424af7f9a59ae81b73696537f55fecb
tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows
Posted Feb 24, 2017
Authored by Eric Sesterhenn

tnef versions 1.4.12 and below suffer from multiple integer overflows, type confusions, and out of bounds read and write vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 3dc81e25f7ccfd87edf1802b2361b029
ytnef 1.9 Heap Overflow / Out-Of-Bounds Read / Write
Posted Feb 15, 2017
Authored by Eric Sesterhenn

Multiple heap overflows, out of bound writes and reads, NULL pointer dereferences, and infinite loops have been discovered in ytnef versions 1.9 and below. These could be exploited by tricking a user into opening a malicious winmail.dat file.

tags | advisory, overflow
MD5 | 7a7e8dafe9e87edfdd1761c438b8aa25
HumHub 0.11.2 / 0.20.0-beta.2 SQL Injection
Posted Nov 30, 2015
Authored by Eric Sesterhenn | Site lsexperts.de

HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 400bde2bac4c7b555de4b6f5013ef7d4
Grand MA 300 Fingerprint Reader Weak PIN Verification
Posted Aug 26, 2014
Authored by Eric Sesterhenn | Site lsexperts.de

Grand MA 300/ID with firmware 6.60 has a weakness that allows the retrieval of the access pin from sniffed data, as well as a weakness that allows a fast brute-force attack on the pin.

tags | exploit
advisories | CVE-2014-5380, CVE-2014-5381
MD5 | 5eb76cc847bc8f032caa96b99771031d
F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting
Posted Jun 3, 2014
Authored by Eric Sesterhenn | Site lsexperts.de

F*EX version 20140313-1 suffers from HTTP response splitting and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2014-3875, CVE-2014-3876, CVE-2014-3877
MD5 | c0784a5327d748c2156b16fe82993527
Avira AntiVir Engine Denial Of Service / Filter Evasion
Posted Jun 14, 2013
Authored by Markus Vervier, Eric Sesterhenn | Site lsexperts.de

Avira AntiVir Engine versions prior to 8.2.12.58 suffers from filter evasion and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4602
MD5 | 33a7c5d7e4adca9f7ea860cf86663cb5
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close