Twenty Year Anniversary
Showing 1 - 13 of 13 RSS Feed

Files from Imre Rad

Email addressimre.rad at search-lab.hu
First Active2015-02-06
Last Active2018-05-14
ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI
Posted May 14, 2018
Authored by Imre Rad

ProjectPier versions 0.8.8 and below suffer from remote file inclusion, authentication bypass, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, bypass, file inclusion
advisories | CVE-2018-10759, CVE-2018-10760
MD5 | 981d011a590304ccd6de6e3510500b73
Spring Jackson-Databind Default Typing Issue
Posted Jan 10, 2018
Authored by Imre Rad

Proof of concept that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions.

tags | exploit, proof of concept
advisories | CVE-2017-17485, CVE-2017-7525
MD5 | bd94dd448499d73f15b54018b06b7f7f
pmount 0.9.23 Arbitrary Device Mount
Posted Jul 13, 2016
Authored by Imre Rad

pmount is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Due to a missing input validation check local users could mount devices to arbitrary destinations and thus taking over the targeted system completely. Versions 0.9.23 is affected.

tags | exploit, arbitrary, local
MD5 | e3c08454f70126f83ffa6f790129db26
Monsta Box WebFTP Arbitrary File Read
Posted Apr 8, 2016
Authored by Imre Rad

Monsta Box WebFTP suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary, info disclosure
MD5 | c3cf0c2478f30bc077b7bddc73a27652
PHP File Manager 0.9.8 Authentication Bypass / Code Execution
Posted Jan 26, 2016
Authored by Imre Rad

PHP File Manager version 0.9.8 suffers from authentication bypass and code execution vulnerabilities.

tags | exploit, php, vulnerability, code execution
MD5 | 34ec1229128a3f5e38806e1464eaf74e
PHP FastCGI Process Manager (FPM) SAPI Memory Leak / Buffer Overflow
Posted Jan 25, 2016
Authored by Imre Rad

PHP-FPM suffered from memory leak and buffer overflow vulnerabilities in the access logging feature. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.

tags | advisory, overflow, php, vulnerability, memory leak
MD5 | 944d9a43e37f1ce26917b2cf0a973874
PHP LiteSpeed suEXEC_Daemon Secret Disclosure
Posted Jan 25, 2016
Authored by Imre Rad

In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master process during startup. It is running as root and accepts LSAPI requests, which in turn specify what user under the script should run. The LSAPI request is authenticated with a MAC, which is based on pre-shared random key between the the PHP and the web server. The researchers found that the Litespeed PHP SAPI module did not clear this secret in its child processes so it was available in the PHP process memory space of the child processes. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.

tags | advisory, web, root, php, info disclosure
MD5 | d25313bc2ac96b7c25905a3525cc4e8e
ADB Backup APK Injection
Posted Jul 10, 2015
Authored by Imre Rad

The Android ABD utility backup manager, which invokes the custom BackupAgent, does not filter the data stream returned by the applications. While a BackupAgent is being executed during the backup process, it is able to inject additional applications (APKs) into the backup archive without the user's consent. The BackupAgent needs no Android permissions. Upon restoration of the backup archive, the system installs the injected, additional application (since it is part of the backup archive and the system believes it is authentic) with escalated privileges. Proof of concept code included.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2014-7952
MD5 | dca4e34e854215aabe54d26273992d37
Microsec e-Szigno / Netlock Mokka XML Signature Wrapping
Posted Jun 29, 2015
Authored by Imre Rad

Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 and Netlock Mokka versions older than 2.7.8.1204 are affected.

tags | advisory
advisories | CVE-2015-3931, CVE-2015-3932
MD5 | 47183f89b14f6e7c9b5b026c7106b06d
ADB Backup Traversal / File Overwrite
Posted Apr 19, 2015
Authored by Imre Rad

ADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.

tags | exploit, file inclusion
advisories | CVE-2014-7951
MD5 | e4e9268b88452697ab4830733dc3ff44
Android 4.4 MTP Path Traversal
Posted Apr 19, 2015
Authored by Imre Rad

The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.

tags | advisory, file inclusion
advisories | CVE-2014-7954
MD5 | 31e2c89ebd60eaddd94891616bc2289f
Android Backup Agent Arbitrary Code Execution
Posted Apr 19, 2015
Authored by Imre Rad

The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.

tags | exploit, arbitrary, shell
advisories | CVE-2014-7951
MD5 | 92dd96fde3a8b8327d8c6cc2f73c7c09
LG On Screen Phone Authentication Bypass
Posted Feb 6, 2015
Authored by Imre Rad

SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the network communication, and thus establish a connection to the On Screen Phone application without the owner's knowledge or consent. suffers from a bypass vulnerability.

tags | advisory, protocol, bypass
advisories | CVE-2014-8757
MD5 | 7ec3e91f9eb71f4f7be0d4c994c1d4f2
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    5 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close