seeing is believing
Showing 1 - 25 of 124 RSS Feed

Files from Kevin Finisterre

Email addresskf at digitalmunition.com
First Active2000-08-29
Last Active2011-05-03
Owning A Cop Car
Posted May 3, 2011
Authored by Kevin Finisterre

This paper details how poorly Linux devices in cop cars are set up and how their lack of a secure design puts everyone at risk.

tags | exploit
systems | linux
MD5 | c9e2508e631a4607dd58f70546b38c60
Sun Java JRE getSoundbank file:// URI Buffer Overflow
Posted Dec 31, 2009
Authored by Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.

tags | exploit, java
systems | windows, xp
advisories | CVE-2009-3867
MD5 | a4f20e563a81acc21752e47601b937da
Mail.app Image Attachment Command Execution
Posted Oct 28, 2009
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5.

tags | exploit
systems | apple, osx
advisories | CVE-2006-0395, CVE-2007-6165
MD5 | 65efe27dbff4de35ebd1ec592beb222c
Wyse Rapport Hagent Fake Hserver Command Execution
Posted Oct 28, 2009
Authored by Kevin Finisterre

This Metasploit module exploits the Wyse Rapport Hagent service by pretending to be a legitimate server. This process involves starting both HTTP and FTP services on the attacker side, then contacting the Hagent service of the target and indicating that an update is available. The target will then download the payload wrapped in an executable from the FTP service.

tags | exploit, web
advisories | CVE-2009-0695
MD5 | 81c6b3ec51a59ee4082efe5546123b56
Apple QTJava toQTPointer() Arbitrary Memory Access
Posted Oct 27, 2009
Authored by H D Moore, Kevin Finisterre, Dino A. Dai Zovi | Site metasploit.com

This Metasploit module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.

tags | exploit, java, arbitrary
advisories | CVE-2007-2175
MD5 | 323f73061bb5aac7440629d2dd7e2adf
Safari RSS feed:// Buffer Overflow
Posted May 27, 2009
Authored by Kevin Finisterre | Site digitalmunition.com

Proof of concept exploit for the Safari RSS feed:// buffer overflow via libxml2.

tags | exploit, overflow, proof of concept
advisories | CVE-2008-3529
MD5 | 230693062239171540bd988667094a6c
rtipsniff.rb.txt
Posted Nov 9, 2008
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module is a credential leak sniffer for the GE Proficy Real Time Information Portal.

tags | exploit
MD5 | cf469be9164d6da466b8bcbe15a5505d
citectodbc-fivews.txt
Posted Sep 6, 2008
Authored by Kevin Finisterre | Site digitalmunition.com

This is a paper detailing the Five Ws of the Citect ODBC vulnerability that affects Citect versions 5, 6, and 7.

tags | paper
advisories | CVE-2008-2639
MD5 | 891164271130fb7873ad0b88a90f3fb9
citect_scada_odbc.rb.txt
Posted Sep 6, 2008
Authored by Kevin Finisterre | Site digitalmunition.com

This Metasploit module exploits a stack overflow in CitectSCADA's ODBC daemon. This has only been tested against Citect versions 5, 6, and 7.

tags | exploit, overflow
advisories | CVE-2008-2639
MD5 | ac7981fd900ae85180ef9a569f644f3b
Netragard Security Advisory 2007-03-13
Posted Nov 6, 2007
Authored by Kevin Finisterre, Adriel T. Desautels, Netragard | Site netragard.com

Netragard, L.L.C Advisory - Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. OpenBase versions 10.0.5 and below are affected.

tags | advisory, vulnerability
MD5 | 0c384ec80b5dc1e8f843028ebcd5ff01
mobilemail_libtiff.rb.txt
Posted Oct 23, 2007
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.

tags | exploit, overflow
systems | bsd, apple, iphone
MD5 | 92e658f30a2a455067ca9db033446795
safari_libtiff.rb.txt
Posted Oct 23, 2007
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.

tags | exploit, overflow
systems | bsd, apple, iphone
MD5 | a52fa90d5222ed2fd16f87b679276bad
05302007-vpenis.tar.gz
Posted May 30, 2007
Authored by Kevin Finisterre

A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This file exploits this vulnerability on Mac OS X.

tags | exploit, arbitrary, local, code execution
systems | apple, osx
advisories | CVE-2007-0753
MD5 | d4ec295389ec8876f7c4a5ab80e10776
Netragard Security Advisory 2007-03-16
Posted Mar 20, 2007
Authored by Kevin Finisterre, Adriel T. Desautels, Netragard | Site netragard.com

Netragard, L.L.C Advisory - An exploitable vulnerability exists in FrontBase that can be used to gain NT AUTHORITY\SYSTEM or root privileges on an affected system. FrontBase versions 4.2.7 and below are affected.

tags | advisory, root
MD5 | 0f094283a3727f1618c74cdc736e5348
Netragard Security Advisory 2007-02-20
Posted Mar 6, 2007
Authored by Kevin Finisterre, Netragard | Site netragard.com

Netragard, L.L.C Advisory - McAfee Virex contains an exploitable feature that enables users to define what files should be excluded for scanning. This feature relies on a configuration file with insecure privileges and is located in /Library/Application Support. Any user on the system can modify or delete the configuration file thus affecting what Virex will scan. Versions 7.7 and below are affected.

tags | exploit
MD5 | 7a113c2b8adb0d5f52d1d955c4363497
MOAB-28-01-2007.rb.txt
Posted Jan 29, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.

tags | exploit, arbitrary, root, ruby
systems | apple
advisories | CVE-2007-0467
MD5 | d2a1cdd08b0f39cc9d815a3572650b30
MOAB-27-01-2007.tgz
Posted Jan 29, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.

tags | exploit, arbitrary, code execution
systems | apple
advisories | CVE-2007-0466
MD5 | 251f0955c2ec6f2f9ea3ea7160b05822
MOAB-22-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, root, proof of concept
systems | apple
advisories | CVE-2007-0023
MD5 | 0822f8f385381a6dada4f24b194e032f
MOAB-21-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, arbitrary, shell, root, proof of concept
systems | apple
advisories | CVE-2007-0022
MD5 | c16f4b258d9bb1185318cdd04d6a3967
MOAB-20-01-2007.tgz
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, denial of service, arbitrary, code execution, proof of concept
systems | apple
advisories | CVE-2007-0021
MD5 | 63c02efdb8962b52b3440ecb316ff35b
MOAB-19-01-2007.tgz
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition. This is the proof of concept exploit.

tags | exploit, overflow, proof of concept
systems | apple
advisories | CVE-2007-0020
MD5 | 7370fba31d7c89633f6e4ad90a5ccc4a
MOAB-18-01-2007.rb.txt
Posted Jan 20, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Proof of concept exploit rumpusd. rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues.

tags | exploit, denial of service, overflow, local, proof of concept
systems | apple
advisories | CVE-2007-0019
MD5 | f346f828f0229f5d5c055f66c3cc0e16
MOAB-17-01-2007.rb.txt
Posted Jan 20, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Proof of concept exploit for slpd. slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges.

tags | exploit, remote, denial of service, overflow, arbitrary, local, root, proof of concept
systems | apple
MD5 | 4e5ef169ae8d60a1ea2d97be091df8b0
MOAB-16-01-2007.rb.txt
Posted Jan 20, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Proof of concept exploit for Colloquy. Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution.

tags | exploit, remote, denial of service, arbitrary, code execution, proof of concept
systems | apple
MD5 | cdd6c9e0e59a872c2790c1ee93429dcd
DMA-2007-0109a.txt
Posted Jan 13, 2007
Authored by Kevin Finisterre | Site digitalmunition.com

Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images.

tags | advisory, denial of service, arbitrary, code execution
MD5 | 73b946fcc51f968eb0df26fa4dd07320
Page 1 of 5
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close