what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files from David Tomaschik

Email addressdavidtomaschik at google.com
First Active2016-08-22
Last Active2019-08-26
Apache Tapestry 5.3.6 HMAC Timing Attack
Posted Aug 26, 2019
Authored by David Tomaschik

Apache Tapestry version 5.3.6 suffers from a timing attack vulnerability during HMAC verification.

tags | advisory
advisories | CVE-2019-10071
SHA-256 | 2b8427db67e3d329acc8cb4dfc1895672828a371a3235ea047dedb0c4abe8079
iStar Ultra / IP-ACM Boards Fixed AES Key
Posted Dec 20, 2017
Authored by David Tomaschik

Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.

tags | advisory, vulnerability, bypass
advisories | CVE-2017-17704
SHA-256 | 204786b1402fdbec34ba89ae4fe9ceed678dd3d6096ef0880cd0a2f1ff6cb00d
Belden GarrettCom 6K / 10KT Bypass / Disclosure / Buffer Overflow
Posted May 19, 2017
Authored by David Tomaschik

Belden GarrettCom 6K and 10KT series suffer from suffers from buffer overflow, authentication bypass, information disclosure, and other vulnerabilities.

tags | exploit, overflow, vulnerability, info disclosure
SHA-256 | 49d1717295169be58fe33b4c7d8306f29f0d9e8f045dbaf9cda485d36d3f2e48
Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection
Posted Apr 27, 2017
Authored by David Tomaschik

Alerton Webtalk versions 2.5 and 3.3 suffer from cross site request forgery, password hash disclosure, command injection, and login flow vulnerabilities.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf
SHA-256 | be96769dc81301b02252f6d8006cd1b6c3c22bae6c57e3450ff6953e9cded4f6
ObiHai ObiPhone 1032/1062 XSS / CSRF / DoS / Command Injection
Posted Aug 22, 2016
Authored by David Tomaschik

ObiHai ObiPhone 1032/1062 with firmware less than 5-0-0-3497 suffers from buffer overflow, cross site scripting, cross site request forgery, command injection, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability, xss, info disclosure, csrf
SHA-256 | c01c956473f4e72a247182e6bcb22fe0af02e5eb1aefac7e5b88a3868d051233
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close