exploit the possibilities
Showing 1 - 25 of 124 RSS Feed

Files from Kevin Finisterre

Email addresskf at digitalmunition.com
First Active2000-08-29
Last Active2011-05-03
Owning A Cop Car
Posted May 3, 2011
Authored by Kevin Finisterre

This paper details how poorly Linux devices in cop cars are set up and how their lack of a secure design puts everyone at risk.

tags | exploit
systems | linux
SHA-256 | fc7efa4a04b53671d3343de2d1e7775fdccf6bd40812c3090eabe0d4f58c410b
Sun Java JRE getSoundbank file:// URI Buffer Overflow
Posted Dec 31, 2009
Authored by Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.

tags | exploit, java
systems | windows
advisories | CVE-2009-3867
SHA-256 | 18334e64c1ccbeb5a3f96e1e9a81a3c6475589d69aefabd8ff1d29aa8ad74a99
Mail.app Image Attachment Command Execution
Posted Oct 28, 2009
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5.

tags | exploit
systems | apple, osx
advisories | CVE-2006-0395, CVE-2007-6165
SHA-256 | aa4bc52d99a5375b0d0710ee2d12fe495a795c13691639ec782fff6ffddc4ede
Wyse Rapport Hagent Fake Hserver Command Execution
Posted Oct 28, 2009
Authored by Kevin Finisterre

This Metasploit module exploits the Wyse Rapport Hagent service by pretending to be a legitimate server. This process involves starting both HTTP and FTP services on the attacker side, then contacting the Hagent service of the target and indicating that an update is available. The target will then download the payload wrapped in an executable from the FTP service.

tags | exploit, web
advisories | CVE-2009-0695
SHA-256 | e7be07350ced9d99747f9c25b7062ad223b93cc2cecdcacbc714a84918ea9198
Apple QTJava toQTPointer() Arbitrary Memory Access
Posted Oct 27, 2009
Authored by H D Moore, Kevin Finisterre, Dino A. Dai Zovi | Site metasploit.com

This Metasploit module exploits an arbitrary memory access vulnerability in the Quicktime for Java API provided with Quicktime 7.

tags | exploit, java, arbitrary
advisories | CVE-2007-2175
SHA-256 | 42ae033dbe425fc32ab38f3fc3b946e80a302b5e5f4cecc84aa56930c3a7467d
Safari RSS feed:// Buffer Overflow
Posted May 27, 2009
Authored by Kevin Finisterre | Site digitalmunition.com

Proof of concept exploit for the Safari RSS feed:// buffer overflow via libxml2.

tags | exploit, overflow, proof of concept
advisories | CVE-2008-3529
SHA-256 | dc2da5bd1964ea782b2a6d92867880c82e34a71e8d0a5588f17d7720c3f7d3d8
rtipsniff.rb.txt
Posted Nov 9, 2008
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module is a credential leak sniffer for the GE Proficy Real Time Information Portal.

tags | exploit
SHA-256 | 9788f2d35640353df39ddbc0a6e32a572a688684a9eee64d17eb6deecfd827e3
citectodbc-fivews.txt
Posted Sep 6, 2008
Authored by Kevin Finisterre | Site digitalmunition.com

This is a paper detailing the Five Ws of the Citect ODBC vulnerability that affects Citect versions 5, 6, and 7.

tags | paper
advisories | CVE-2008-2639
SHA-256 | 964dabad19a7f4cc68531d84e4b801807359a6d0cc916ab14e3874c422b8c097
citect_scada_odbc.rb.txt
Posted Sep 6, 2008
Authored by Kevin Finisterre | Site digitalmunition.com

This Metasploit module exploits a stack overflow in CitectSCADA's ODBC daemon. This has only been tested against Citect versions 5, 6, and 7.

tags | exploit, overflow
advisories | CVE-2008-2639
SHA-256 | 4b8827fd3066f46018ff90f1daa741907933623b3c2e871114a59e4b146524c0
Netragard Security Advisory 2007-03-13
Posted Nov 6, 2007
Authored by Kevin Finisterre, Adriel T. Desautels, Netragard | Site netragard.com

Netragard, L.L.C Advisory - Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. OpenBase versions 10.0.5 and below are affected.

tags | advisory, vulnerability
SHA-256 | 461394d46dce182dddd5cd5ac8284bec3acbe0ca019c1b7a15477e4a510c19e6
mobilemail_libtiff.rb.txt
Posted Oct 23, 2007
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.

tags | exploit, overflow
systems | bsd, apple, iphone
SHA-256 | 159b79d396cc6be73eddeb8db6cd9975c0d95b50f6eb41571ed8f34e088a507f
safari_libtiff.rb.txt
Posted Oct 23, 2007
Authored by H D Moore, Kevin Finisterre | Site metasploit.com

This Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.

tags | exploit, overflow
systems | bsd, apple, iphone
SHA-256 | ba86f554ff58ec884739058eb80af65e4d58a0973721425b952d586468e13d92
05302007-vpenis.tar.gz
Posted May 30, 2007
Authored by Kevin Finisterre

A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This file exploits this vulnerability on Mac OS X.

tags | exploit, arbitrary, local, code execution
systems | apple, osx
advisories | CVE-2007-0753
SHA-256 | cac8004c33b7c7a74786245dbc74af8080d860279ab8e8548030b1f6120d6571
Netragard Security Advisory 2007-03-16
Posted Mar 20, 2007
Authored by Kevin Finisterre, Adriel T. Desautels, Netragard | Site netragard.com

Netragard, L.L.C Advisory - An exploitable vulnerability exists in FrontBase that can be used to gain NT AUTHORITY\SYSTEM or root privileges on an affected system. FrontBase versions 4.2.7 and below are affected.

tags | advisory, root
SHA-256 | cd42c535ea4a9cbfa1eb848bf2b4eff416a1e0f36719dba4953b028de6dfb69e
Netragard Security Advisory 2007-02-20
Posted Mar 6, 2007
Authored by Kevin Finisterre, Netragard | Site netragard.com

Netragard, L.L.C Advisory - McAfee Virex contains an exploitable feature that enables users to define what files should be excluded for scanning. This feature relies on a configuration file with insecure privileges and is located in /Library/Application Support. Any user on the system can modify or delete the configuration file thus affecting what Virex will scan. Versions 7.7 and below are affected.

tags | exploit
SHA-256 | a3cb1e800dcc7d0c7dfc001dd8db9bc345f0a9944f95a36846b83a05d5b0d489
MOAB-28-01-2007.rb.txt
Posted Jan 29, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - crashdump follows symlinks within the /Library/Logs/CrashReporter/ directory, allowing admin-group users to execute arbitrary code and overwrite files with elevated privileges. In couple with a specially crafted Mach-O binary, this can be used to write a malicious crontab entry, which will run with root privileges. This ruby code demonstrates this vulnerability.

tags | exploit, arbitrary, root, ruby
systems | apple
advisories | CVE-2007-0467
SHA-256 | a2f484f050a3539545bc04527aebfb7718411d5e564498448fa7024d15700ebe
MOAB-27-01-2007.tgz
Posted Jan 29, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Flip4Mac fails to properly handle WMV files with a crafted ASF_File_Properties_Object size field, leading to an exploitable memory corruption condition, which can be abused remotely for arbitrary code execution. This tgz holds a malicious .wmv file that demonstrates this vulnerability.

tags | exploit, arbitrary, code execution
systems | apple
advisories | CVE-2007-0466
SHA-256 | 5b0f7f222237672bd530a2f1c52368b0a593f5907f49c47913ca01b2f7900a50
MOAB-22-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, root, proof of concept
systems | apple
advisories | CVE-2007-0023
SHA-256 | 649846dcedfd17c9b293d5b586249ab6641f7f2f4b7077ce8728d64523c3794e
MOAB-21-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, arbitrary, shell, root, proof of concept
systems | apple
advisories | CVE-2007-0022
SHA-256 | bc6a6482959f9f36bea4aefc8de705de29960037c93a88c4c71f6382b1e18c26
MOAB-20-01-2007.tgz
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, denial of service, arbitrary, code execution, proof of concept
systems | apple
advisories | CVE-2007-0021
SHA-256 | c72c10a4e48008dc4508828d784627e557382e0c510236900986c74a82eab3f4
MOAB-19-01-2007.tgz
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Transmit does not allocate enough space when dealing with the string passed on via the ftps:// URL handler, leading to an exploitable heap-based buffer overflow condition. This is the proof of concept exploit.

tags | exploit, overflow, proof of concept
systems | apple
advisories | CVE-2007-0020
SHA-256 | 9080e0d951067307f9ad1fe2f1c855dcceaac4dd146e38b6c610d666ed9c242f
MOAB-18-01-2007.rb.txt
Posted Jan 20, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Proof of concept exploit rumpusd. rumpusd is vulnerable to different remotely exploitable heap-based buffer overflows, denial of service conditions and local privilege escalation issues.

tags | exploit, denial of service, overflow, local, proof of concept
systems | apple
advisories | CVE-2007-0019
SHA-256 | 324e1c2a699138a78ea18bf0111256c4c75fe4eedb6f2baead3e5c38d188b60e
MOAB-17-01-2007.rb.txt
Posted Jan 20, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Proof of concept exploit for slpd. slpd is vulnerable to a buffer overflow condition when processing the attr-list field of a registration request, leading to an exploitable denial of service condition and potential arbitrary execution. It would allow unprivileged local (and possibly remote) users to execute arbitrary code under root privileges.

tags | exploit, remote, denial of service, overflow, arbitrary, local, root, proof of concept
systems | apple
SHA-256 | b43cb8369fd15b26f59289ce05b054d9e9b5ee73e4ea4f070c7f378698fc6935
MOAB-16-01-2007.rb.txt
Posted Jan 20, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Proof of concept exploit for Colloquy. Colloquy is vulnerable to a format string vulnerability in the handling of INVITE requests, that can be abused by remote users and requires no interaction at all, leading to a denial of service and potential arbitrary code execution.

tags | exploit, remote, denial of service, arbitrary, code execution, proof of concept
systems | apple
SHA-256 | ecc8ca506c0501b6a06a3dce70b0267fdd8463686c38cd7f7364ee7acf7ad640
DMA-2007-0109a.txt
Posted Jan 13, 2007
Authored by Kevin Finisterre | Site digitalmunition.com

Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images.

tags | advisory, denial of service, arbitrary, code execution
SHA-256 | 238bec1ecee79fefb9639412113e7fdbb037de09b513fba37017e218ba87e114
Page 1 of 5
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close