Showing 1 - 9 of 9

Files from Moritz Bechler

First Active	2016-07-26
Last Active	2021-12-13

Oracle Database Weak NNE Integrity Key Derivation: Posted Dec 13, 2021; Authored by Moritz Bechler | Site syss.de; NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes (MACs). Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.; tags | exploit; advisories | CVE-2021-2351; SHA-256 | 819ba67d5e27ccd91c65c8f0781b76862e43a929fdc227c9dab9c9d20d7aa8d2; Download | Favorite | View

Oracle Database Protection Mechanism Bypass: Posted Dec 13, 2021; Authored by Moritz Bechler | Site syss.de; Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.; tags | exploit; advisories | CVE-2021-2351; SHA-256 | d0de07f4f0e48542261c0ae9b420a3424f2d3aa4191dbb91e07c6c991ab3de7b; Download | Favorite | View

Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization: Posted May 19, 2020; Authored by Moritz Bechler | Site syss.de; Protection Licensing Toolkit ReadyAPI version 3.2.5 suffers from an unsafe deserialization vulnerability that allows for remote code execution.; tags | exploit, remote, code execution; advisories | CVE-2020-12835; SHA-256 | 0a738ab46dd18ea4fe3151340310163ee7d1af2f6352f68d94c163c9e82580b4; Download | Favorite | View

SquirrelMail 1.4.22 Cross Site Scripting: Posted Jul 1, 2019; Authored by Moritz Bechler | Site syss.de; SquirrelMail version 1.4.22 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2019-12970; SHA-256 | e0fade0e7c5216f5956fdcd3b89294dead81e66b576a08326b496cc18d4bc0f4; Download | Favorite | View

Coldfusion / JNBridge Remote Code Execution: Posted Jun 26, 2019; Authored by Moritz Bechler | Site syss.de; Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.; tags | advisory, remote, code execution; advisories | CVE-2019-7839; SHA-256 | f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58d; Download | Favorite | View

LDAP Swiss Army Knife: Posted Jun 12, 2019; Authored by Moritz Bechler | Site github.com; This paper presents the "LDAP Swiss Army Knife", an easy to use LDAP server implementation built for penetration oder software testing. Apart from general usage as a server or proxy it also shows some specific attacks against Java/JNDI based LDAP clients.; tags | paper, java; SHA-256 | 341da515f73e2922c4e4729bef9645201fe4a74fdb8cb1bf8b386787d5631e80; Download | Favorite | View

Dojo Toolkit 1.13 Cross Site Scripting: Posted Aug 27, 2018; Authored by Moritz Bechler | Site syss.de; Dojo Toolkit version 1.13 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-15494; SHA-256 | f84edcee9a5e3daa0ab8b77ca5133492843ef287eff253e7a7157bf5d674faa8; Download | Favorite | View

ILIAS 5.3.2 / 5.2.14 / 5.1.25 Cross Site Scripting: Posted May 22, 2018; Authored by Moritz Bechler | Site syss.de; ILIAS versions 5.3.2, 5.2.14, and 5.1.25 suffer from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-10428; SHA-256 | 2aac0222aebf2e7413630a3b07065dedd067ddc45d6a86a9fc12a1676428cf5d; Download | Favorite | View

Bamboo Deserialization Issue: Posted Jul 26, 2016; Authored by David Black, Moritz Bechler; This advisory discloses a critical severity security vulnerability which was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the fixed version for 5.12.x) are affected by this vulnerability.; tags | advisory; advisories | CVE-2016-5229; SHA-256 | dbfb17c0ede40ea6f49b801493783efdda5b7f9fcc1178a440c9e193c5f682f4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days