Exploit the possiblities
Showing 1 - 12 of 12 RSS Feed

Files from Imre Rad

Email addressimre.rad at search-lab.hu
First Active2015-02-06
Last Active2018-01-10
Spring Jackson-Databind Default Typing Issue
Posted Jan 10, 2018
Authored by Imre Rad

Proof of concept that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions.

tags | exploit, proof of concept
advisories | CVE-2017-17485, CVE-2017-7525
MD5 | bd94dd448499d73f15b54018b06b7f7f
pmount 0.9.23 Arbitrary Device Mount
Posted Jul 13, 2016
Authored by Imre Rad

pmount is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Due to a missing input validation check local users could mount devices to arbitrary destinations and thus taking over the targeted system completely. Versions 0.9.23 is affected.

tags | exploit, arbitrary, local
MD5 | e3c08454f70126f83ffa6f790129db26
Monsta Box WebFTP Arbitrary File Read
Posted Apr 8, 2016
Authored by Imre Rad

Monsta Box WebFTP suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | c3cf0c2478f30bc077b7bddc73a27652
PHP File Manager 0.9.8 Authentication Bypass / Code Execution
Posted Jan 26, 2016
Authored by Imre Rad

PHP File Manager version 0.9.8 suffers from authentication bypass and code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution
MD5 | 34ec1229128a3f5e38806e1464eaf74e
PHP FastCGI Process Manager (FPM) SAPI Memory Leak / Buffer Overflow
Posted Jan 25, 2016
Authored by Imre Rad

PHP-FPM suffered from memory leak and buffer overflow vulnerabilities in the access logging feature. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.

tags | advisory, overflow, php, vulnerability, memory leak
MD5 | 944d9a43e37f1ce26917b2cf0a973874
PHP LiteSpeed suEXEC_Daemon Secret Disclosure
Posted Jan 25, 2016
Authored by Imre Rad

In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master process during startup. It is running as root and accepts LSAPI requests, which in turn specify what user under the script should run. The LSAPI request is authenticated with a MAC, which is based on pre-shared random key between the the PHP and the web server. The researchers found that the Litespeed PHP SAPI module did not clear this secret in its child processes so it was available in the PHP process memory space of the child processes. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.

tags | advisory, web, root, php, info disclosure
MD5 | d25313bc2ac96b7c25905a3525cc4e8e
ADB Backup APK Injection
Posted Jul 10, 2015
Authored by Imre Rad

The Android ABD utility backup manager, which invokes the custom BackupAgent, does not filter the data stream returned by the applications. While a BackupAgent is being executed during the backup process, it is able to inject additional applications (APKs) into the backup archive without the user's consent. The BackupAgent needs no Android permissions. Upon restoration of the backup archive, the system installs the injected, additional application (since it is part of the backup archive and the system believes it is authentic) with escalated privileges. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2014-7952
MD5 | dca4e34e854215aabe54d26273992d37
Microsec e-Szigno / Netlock Mokka XML Signature Wrapping
Posted Jun 29, 2015
Authored by Imre Rad

Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than and Netlock Mokka versions older than are affected.

tags | advisory
advisories | CVE-2015-3931, CVE-2015-3932
MD5 | 47183f89b14f6e7c9b5b026c7106b06d
ADB Backup Traversal / File Overwrite
Posted Apr 19, 2015
Authored by Imre Rad

ADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.

tags | exploit, file inclusion
advisories | CVE-2014-7951
MD5 | e4e9268b88452697ab4830733dc3ff44
Android 4.4 MTP Path Traversal
Posted Apr 19, 2015
Authored by Imre Rad

The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2014-7954
MD5 | 31e2c89ebd60eaddd94891616bc2289f
Android Backup Agent Arbitrary Code Execution
Posted Apr 19, 2015
Authored by Imre Rad

The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.

tags | exploit, arbitrary, shell
advisories | CVE-2014-7951
MD5 | 92dd96fde3a8b8327d8c6cc2f73c7c09
LG On Screen Phone Authentication Bypass
Posted Feb 6, 2015
Authored by Imre Rad

SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the network communication, and thus establish a connection to the On Screen Phone application without the owner's knowledge or consent. suffers from a bypass vulnerability.

tags | advisory, protocol, bypass
advisories | CVE-2014-8757
MD5 | 7ec3e91f9eb71f4f7be0d4c994c1d4f2
Page 1 of 1

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

March 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    14 Files
  • 2
    Mar 2nd
    12 Files
  • 3
    Mar 3rd
    1 Files
  • 4
    Mar 4th
    3 Files
  • 5
    Mar 5th
    15 Files
  • 6
    Mar 6th
    23 Files
  • 7
    Mar 7th
    15 Files
  • 8
    Mar 8th
    15 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    2 Files
  • 11
    Mar 11th
    1 Files
  • 12
    Mar 12th
    16 Files
  • 13
    Mar 13th
    20 Files
  • 14
    Mar 14th
    12 Files
  • 15
    Mar 15th
    10 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By