exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Thomas Dullien

First Active2000-10-28
Last Active2018-10-26
Libtiff Decodes Arbitrarilly-Sozed JBIG Into A Target Buffer
Posted Oct 26, 2018
Authored by Thomas Dullien, Google Security Research

libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size.

tags | exploit
advisories | CVE-2018-18557
SHA-256 | 2add576a08028a74562995e308d683181780cd67773254393cf326582e328c29
Download | Favorite | View
MPEngine UnRAR Inherited Flaw
Posted Apr 4, 2018
Authored by Thomas Dullien, Google Security Research

Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code and has a vulnerability that has since been patched in newer versions of unrar.

tags | exploit
SHA-256 | 874c4c7764116651d9a83650dec6e193aab5fcc1361e21905eaeafff212baed1
Download | Favorite | View
Unrar VMSF_DELTA Arbitrary Memory Write
Posted Jun 21, 2017
Authored by Thomas Dullien, Google Security Research

It appears that the VMSF_DELTA memory corruption that was reported to Sophos AV in 2012 (and fixed there) was actually inherited from upstream unrar. For unknown reasons, whoever fixed the bug did not report this to upstream unrar, and the bug seems to have persisted there to this day.

tags | exploit
SHA-256 | 3b8acd8becd11c0b8cca739d5aa19f140cbee2a41f1ddb62a46f97e63d344ea2
Download | Favorite | View
Bitdefender Malicious RAR Denial Of Service
Posted Jun 21, 2017
Authored by Thomas Dullien, Google Security Research

Bitdefender AV crashes when fed malicious RAR files from 2013.

tags | exploit
SHA-256 | 4caf1f040e3e33d6970a65f2cf9a0e578182d36dbed0cc6388947a286ae01457
Download | Favorite | View
safer.010125.EXP.1.12
Posted Feb 2, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010125.EXP.1.12 - PlanetIntra v2.5 contains remotely exploitable buffer overflows which allow remote users to execute arbitrary code.

tags | remote, overflow, arbitrary
SHA-256 | cf9c81ddaf92dbb20861625b99920ff35b98a886458c109b0340d8f647226a3f
Download | Favorite | View
safer.010125.DOS.1.5
Posted Jan 27, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010125.DOS.1.5 - Remote users can crash Netscape Enterprise Server by sending "REVLOG / HTTP/1.0".

tags | remote, web
SHA-256 | bcbac6b73e719d6616d1e1851da6d457f568a7ce545c3c6e33a6048ce1c0acee
Download | Favorite | View
safer.010123.EXP.1.10
Posted Jan 25, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - A remotely exploitable buffer overflow has been found in the Lotus Domino SMTP Server on all versions up to and including v5.05 which allows a remote attacker to execute code with the privileges that the SMTP server is running as. Perl exploit code included. Fix available here.

tags | remote, overflow, perl
SHA-256 | e31bff4434d6413796577845681d26eb776527907f1c66eaef50e9daf1f86b9c
Download | Favorite | View
safer.010124.EXP.1.11
Posted Jan 25, 2001
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - Netscape Enterprise Server 3.x and 4.x allows remote users to obtain directory listings on remote sites running web publishing by sending the command "INDEX / HTTP/1.0".

tags | remote, web
SHA-256 | 0c07af4b20cd0f80c350f290f2165288d37e8000439245b0aa663dc85df5e127
Download | Favorite | View
safer.001103.EXP.1.9
Posted Nov 3, 2000
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien, Emmanuel Gadaix | Site safermag.com

S.A.F.E.R. Security Bulletin 001103.EXP.1.9 - The Lotus Domino SMTP server v5.04 and below contains a remotely exploitable buffer overflow when it handles the ENVID keyword in the Mail from: line. Fix available here.

tags | overflow
SHA-256 | 3d54135993438ddbcfc3c7171cfebe8be53fdca8ec9f3d3eaee1d27766838c2e
Download | Favorite | View
safer.001026.EXP.1.8
Posted Oct 28, 2000
Authored by Vanja Hrustic, Fyodor Yarochkin, Thomas Dullien | Site safermag.com

S.A.F.E.R. Security Bulletin 001026.EXP.1.8 - iPlanet Web Server 4.x for Solaris, Linux, and Windows NT contains a remotely exploitable buffer overflow if server side parsing is enabled with the "parsed html" option.

tags | web, overflow
systems | linux, windows, solaris
SHA-256 | 22b7bfa6cd36594ff96d31ea269f256e311351303fa334059f3529b110ff1068
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close