what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Alexander Peslyak

Qualys Security Advisory - Qmail Remote Code Execution

Posted May 21, 2020

Authored by Alexander Peslyak, Qualys Security Advisory, Stephane Bellenger, Jean-Paul Michel, Julien Barthelemy, Andrew Richards

In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.

tags | exploit, vulnerability

advisories | CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811, CVE-2020-3812

SHA-256 | b40bd18472de68aa880c0372a9f3305689c40f370d5468a34516ef9530fd6906

Download | Favorite | View

Qualys Security Advisory - glibc gethostbyname Buffer Overflow

Posted Jan 27, 2015

Authored by Alexander Peslyak, Qualys Security Advisory

Qualys Security Advisory - During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".

tags | exploit, overflow

advisories | CVE-2015-0235

SHA-256 | ffa8d4a79d99689d850b8267b77bc648e3bd73f6426baa39b73870777ee69adb

Download | Favorite | View