the original cloud security
Showing 1 - 21 of 21 RSS Feed

Files from Moritz Jodeit

Email addressmoritz at jodeit.org
First Active2000-06-15
Last Active2016-02-16
FireEye FX / AX / NX / EX Analysis Bypass
Posted Feb 16, 2016
Authored by Moritz Jodeit | Site bluefrostsecurity.de

FireEye FX, AX, NX, and EX products suffer from an analysis bypass vulnerability.

tags | advisory, bypass
MD5 | c8f42f92802aad3cd3ba2b32746b94ad
Microsoft IE 11 MSHTML!CObjectElement Use-After-Free
Posted Dec 11, 2015
Authored by Moritz Jodeit | Site bluefrostsecurity.de

Microsoft Internet Explorer 11 suffers from a MSHTML!CObjectElement use-after-free vulnerability.

tags | exploit
advisories | CVE-2015-6152
MD5 | 9d0af67321cd6ea17a7210f69639687c
OpenSSH 6.9p1 Authentication Bypass / Use-After-Free
Posted Aug 13, 2015
Authored by Moritz Jodeit | Site bluefrostsecurity.de

OpenSSH versions 6.9p1 and below suffer from PAM related authentication bypass and use-after-free vulnerabilities.

tags | advisory, vulnerability
MD5 | 8248389ce15df7f00afb82bc45a727ca
Microsoft Internet Explorer CTreeNode::GetCascadedLang Use-After-Free
Posted Aug 12, 2015
Authored by Moritz Jodeit | Site bluefrostsecurity.de

Microsoft Internet Explorer 11 is prone to a use-after-free vulnerability in the MSHTML!CTreeNode::GetCascadedLang function. The following analysis was performed on Internet Explorer 11 on Windows 8.1 (x64). If an attacker succeeds in bypassing the Memory Protector and Isolated Heap protection mechanisms this vulnerability allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-2444
MD5 | 97915053ff2623f101172e2eed36eb8e
Exploiting CVE-2014-4113 On Windows 8.1
Posted Nov 2, 2014
Authored by Moritz Jodeit

This whitepaper discusses exploitation of CVE-2014-4113 on Windows 8.1.

tags | paper
systems | windows
advisories | CVE-2014-4113
MD5 | 216c619044ba2c9130f42e164b525d81
Polycom H.323 Format String
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit
MD5 | 82cee5e048b366f54e01ea138b832c5f
Polycom H.323 CDR Database SQL Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

A simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, remote, sql injection
MD5 | a9ff175c5d8fd390b0ea42876e77f8fc
Polycom Firmware Update Command Injection
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, web, arbitrary
systems | linux
MD5 | 803d9a0a819db5b9c1ffdcd50fbc5709
Polycom HDX Privilege Escalation
Posted Mar 15, 2013
Authored by Moritz Jodeit | Site nruns.com

The Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.

tags | exploit, shell, root
MD5 | b418d46114e029b32623d7143b40219b
IBM Lotus Notes Client URL Handler Command Injection
Posted Dec 24, 2012
Authored by Moritz Jodeit, Sean de Regge, juan vazquez | Site metasploit.com

This Metasploit modules exploits a command injection vulnerability in the URL handler for for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with an specially crafted notes:// URL to execute arbitrary commands with also arbitrary arguments. This Metasploit module has been tested successfully on Windows XP SP3 with IE8, Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2.

tags | exploit, arbitrary
systems | windows, xp
advisories | CVE-2012-2174, OSVDB-83063
MD5 | 84466a22b0ab5b1fc6061c13765a81a5
XenApp / XenDesktop Heap Corruption
Posted Jul 29, 2011
Authored by Moritz Jodeit, Alexios Fakos | Site nruns.com

A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.

tags | exploit, arbitrary, code execution
MD5 | 323189e6294969992f91333bf86e3f58
XenApp / XenDesktop Buffer Overflow
Posted Jul 29, 2011
Authored by Moritz Jodeit | Site nruns.com

A stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.

tags | exploit, overflow, arbitrary, code execution
MD5 | dba4d051e569439aee38b39fb932a013
HP LaserJet PJL Interface Directory Traversal
Posted Nov 30, 2010
Authored by Moritz Jodeit | Site nruns.com

A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:\..\..\..\ it is possible to get access to the complete file system of the device.

tags | exploit
advisories | CVE-2010-4107
MD5 | 79d26b9b4e5c973e5fc016d41e265db2
Apple OS X Software Update Command Execution
Posted Dec 31, 2009
Authored by Moritz Jodeit | Site metasploit.com

This Metasploit module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means for this exploit to work.

tags | exploit, arbitrary, javascript
systems | apple
advisories | CVE-2007-5863
MD5 | 7b879a04778ae379b817963bf3b384d3
CFNetwork Heap Buffer Overflow
Posted May 15, 2009
Authored by Moritz Jodeit | Site nruns.com

A remotely exploitable vulnerability has been found in the HTTP header parsing code of the CFNetwork framework.

tags | advisory, web
advisories | CVE-2009-0157
MD5 | 4de6a44438fd53b33ceb6be7fa654bc9
clamav-overflow.txt
Posted Nov 9, 2008
Authored by Moritz Jodeit

ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the 'clamd' process by sending an email with a prepared attachment. Versions below 0.94.1 are affected.

tags | advisory, overflow, arbitrary
MD5 | 6c2f467cbc3dfd58ce9d99fa10b588f4
appleupdate-exec.txt
Posted Dec 18, 2007
Authored by Moritz Jodeit

Apple Mac OS X Software Update suffers from a remote command execution vulnerability. Full Metasploit module included.

tags | exploit, remote
systems | apple, osx
advisories | CVE-2007-5863
MD5 | 673d6161670d6122a530c953272d0532
openssl-offbyone.txt
Posted Sep 28, 2007
Authored by Moritz Jodeit

OpenSSL versions before 0.9.7m and 0.9.8e suffer from an off-by-one buffer overflow in SSL_get_shared_ciphers().

tags | advisory, overflow
MD5 | 3d7843c79ac6b8326682eeccba09d0a5
ieee80211-offbyone.txt
Posted Mar 6, 2007
Authored by Moritz Jodeit

tcpdump versions 3.9.5 and below suffer from an off-by-one heap overflow in the ieee802.11 printer.

tags | advisory, overflow
MD5 | 383dc3787ea2a29b074be8053cfaa44f
mplayer-overflow.txt
Posted Mar 6, 2007
Authored by Moritz Jodeit

MPlayer version 1.0rc1 suffers from a buffer overflow that can be exploited with a maliciously crafted video file.

tags | exploit, overflow
MD5 | 35a80921e5becfbcc7d8bc5cfb21d662
smartftp.txt
Posted Jun 15, 2000
Authored by Moritz Jodeit | Site jodeit.cjb.net

Remove vulnerability has been found in the SmartFTP-D Server which allows a remote user with an account to read any file on the system.

tags | exploit, remote
MD5 | ed5be57a11b875541feeea26a25ac90d
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close