what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files from Ulf Harnhammar

First Active2002-07-15
Last Active2011-02-09
WordPress Enable Media Replace SQL Injection / Shell Upload
Posted Feb 9, 2011
Authored by Ulf Harnhammar

Enable Media Replace WordPress plugin version 2.3 suffers from remote shell upload and SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
SHA-256 | c704208044e25049fc23310c983128a5a4dd32de8271a106ecf2d492cf255edb
secunia-enscript.txt
Posted Oct 22, 2008
Authored by Ulf Harnhammar | Site secunia.com

Secunia Research has discovered a vulnerability in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "read_special_escape()" function in src/psgen.c. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file. Successful exploitation allows execution of arbitrary code, but requires that special escapes processing is enabled with the "-e" option. GNU Enscript versions 1.6.1 and 1.6.4 beta are vulnerable.

tags | advisory, overflow, arbitrary
advisories | CVE-2008-3863
SHA-256 | 8a7d447dd69db4f8d793cacd7994b607c6795026d0ed31d75ebc239dfccf920d
secunia-evolution.txt
Posted Mar 22, 2007
Authored by Ulf Harnhammar | Site secunia.com

Secunia Research has discovered a vulnerability in Evolution, which can be exploited by malicious people to potentially compromise a vulnerable system. A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Evolution version 2.8.2.1 is affected. Other versions may also be affected.

tags | advisory, arbitrary
advisories | CVE-2007-1002
SHA-256 | 041da7106d89467969e704e26924c8b857c84a03ce6cb4e5b2b92a09948ef4a5
SSAG-001.txt
Posted Mar 22, 2006
Authored by Ulf Harnhammar

Swedish Security Audit Group - [SSAG#001] :: cURL tftp:// URL Buffer Overflow: There is a buffer overflow in cURL when it fetches a long tftp:// URL with a path that is longer than 512 characters. Successful exploitation of this vulnerability allows attackers to execute code within the context of cURL. It affects cURL 7.15.0, 7.15.1* and 7.15.2*.

tags | advisory, overflow
SHA-256 | 36ca04a1f057d6b3c5096a9dd844560eb67a9d261d88dc180d57bde1a777ddd1
xine-cddb-server.pl.txt
Posted Oct 8, 2005
Authored by Ulf Harnhammar | Site debian.org

Proof of concept exploit for the remote format string vulnerability discovered in the xine/gxine CD player. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0. Patch available here.

tags | exploit, remote, proof of concept
advisories | CVE-2005-2967
SHA-256 | ae1c511af9c5fd4967684e6f3287c7f4fca6594afee4b7ff717ad17350d3071f
xine-lib.formatstring.patch
Posted Oct 8, 2005
Authored by Ulf Harnhammar | Site debian.org

Patch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.

tags | remote, patch
systems | unix
advisories | CVE-2005-2967
SHA-256 | 6e77aa5381a31e060d00c8af9e23be5266d5a7c218794981c37b49ec78e5e54b
xineFormat.txt
Posted Oct 8, 2005
Authored by Ulf Harnhammar | Site debian.org

The xine/gxine CD player is susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0. Patch available here.

tags | advisory, remote
advisories | CVE-2005-2967
SHA-256 | 1aea14a58fd32bca633044be383cec8a50c14ce68e2981888d358c4b5a246842
elm-data.tar.gz
Posted Aug 24, 2005
Authored by Ulf Harnhammar

Elm versions 2.5 PL5 through PL7 suffer from a remotely exploitable buffer overflow when parsing the Expires header of an e-mail message. Patch Included.

tags | advisory, overflow
SHA-256 | a0048706263ba22986c98fc1ac407ea2c9fe958fe2e09c38222c4cd1ea0a4505
kses-0.2.2.tar.gz
Posted Feb 23, 2005
Authored by Ulf Harnhammar, Richard R. Vasquez, Simon Cornelius P. Umacob | Site sourceforge.net

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.

Changes: The 0.2.2 release adds a second object-oriented kses version for PHP 5, the use of isset() avoids PHP notice warnings, the chr(173) handling is changed to help Asian users, and the handling of closing HTML elements is improved, among other changes.
tags | denial of service, overflow, php, xss
systems | unix
SHA-256 | e9bee41940b31705d7a37e1abef91138bcd038e3f0b86ffc9b0e2ca4c0f451a3
ezipupdate.txt
Posted Nov 12, 2004
Authored by Ulf Harnhammar

ez-ipupdate is susceptible to a format string bug. It, at the very least, affect versions 3.0.11b8, 3.0.11b7, 3.0.11b6, 3.0.11b5 and 3.0.10. It does not affect 2.9.6.

tags | advisory
SHA-256 | c6b17bb453d52744e3c14270258284ead1e82fe3fff997919a781b5809c62d15
lha.txt
Posted May 4, 2004
Authored by Ulf Harnhammar

LHa versions 1.14d to 1.14i and 1.17 suffer from buffer overflows and directory traversal flaws.

tags | advisory, overflow
advisories | CVE-2004-0234, CVE-2004-0235
SHA-256 | 7ae3e4725ed69dd046198c050806c9823138937d3f1cdf941f31a097fd5ab9b4
anubis-crasher.pl
Posted Mar 5, 2004
Authored by Ulf Harnhammar

Remote exploit that makes use of a buffer overflow in GNU Anubis. Vulnerable versions: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others.

tags | exploit, remote, overflow
SHA-256 | 6f547b7717fcf62439171559f0223a0358e15ef1457120541045bf8af97228f1
anubisAdv.txt
Posted Mar 5, 2004
Authored by Ulf Harnhammar

GNU Anubis is vulnerable to multiple buffer overflow attacks and format string bugs. Vulnerable versions: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others

tags | advisory, overflow
SHA-256 | b0fe1f61d8763fc679ba6f83853b5115d77c1101fb9f753f2ba402ca8da4f1e1
metamail.advisory-data.tar.gz
Posted Feb 19, 2004
Authored by Ulf Harnhammar

Patch and test scripts for two format string bugs and two buffer overflows that exist in Metamail versions 2.2 through 2.7.

tags | overflow
systems | unix
advisories | CVE-2004-0104, CVE-2004-0105
SHA-256 | 5c1618c98e6a139bd0f992f39d1dbffadbc0e420c206670fe34abf8a5179ab40
metamailBUGS.txt
Posted Feb 19, 2004
Authored by Ulf Harnhammar

Two format string bugs and two buffer overflows exist in Metamail versions 2.2 through 2.7. Patch and test scripts to test for these vulnerabilities are available here.

tags | advisory, overflow, vulnerability
advisories | CVE-2004-0104, CVE-2004-0105
SHA-256 | f87cacd3242fbcf612c56f4eaf1a98087ff149f8e0193954c91e2f2045ff1a8f
lftpadv.tgz
Posted Dec 18, 2003
Authored by Ulf Harnhammar

Two buffer overflows exist in lftp versions 2.3 to 2.6.9. When using the ls and rels commands during an HTTP/HTTPS connection, an attacker has the opportunity to exploit a sscanf() call in try_netscape_proxy() and try_squid_eplf().

tags | advisory, web, overflow
SHA-256 | 763cfb7b83021a88fea152144b0becd3ae188d5febab74fae428d2aa26a62665
kses-0.2.1.tar.gz
Posted Sep 29, 2003
Authored by Ulf Harnhammar, Richard R. Vasquez, Simon Cornelius P. Umacob | Site sourceforge.net

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.

tags | denial of service, overflow, php, xss
systems | unix
SHA-256 | 650ffa702ed6c8d0c73b7c94d754b38660d482b371122c9d3809924aab1d6f76
alexandria.txt
Posted Mar 29, 2003
Authored by Ulf Harnhammar | Site secunia.com

Alexandria versions 2.5 and 2.0, the open-source project management system used by Sourceforge, has multiple vulnerabilities in its PHP scripts. In the upload scripts there is a lack of input validation that allows an attacker to remotely retrieve any files off of the system, such as /etc/passwd. Other vulnerabilities including the sendmessage.php script allowing spammers to make use of it to mask real source identities and various cross site scripting problems exist as well.

tags | exploit, php, vulnerability, xss
SHA-256 | 3b8cd898c56ffd9fbcad5f8c4a643c6201ae0184608d07c89c46e5d1ba679c07
hypermail.tgz
Posted Jan 27, 2003
Authored by Ulf Harnhammar | Site hypermail.org

Hypermail 2, a popular tool that converts mails into html, has two buffer overflows. One exists in the hypermail program itself and another is in the CGI program mail. The overflow in the main program can be overflowed by sending an email while the CGI program can be overflowed by a DNS server being populated with faulty information. Versions affected: 2.1.3, 2.1.4, 2.1.5, possibly others. 2.1.6 is not affected.

tags | exploit, overflow, cgi
SHA-256 | 61a11ef37ef28b1b5d6f5cb454068252442924f04a265874f41380b4830f4637
php-nuke_mail_crlf.patch
Posted Dec 21, 2002
Authored by Ulf Harnhammar

PHP-Nuke v6.0 allows remote users to send email to any address on the internet by entering malformed email addresses. Patch included.

tags | advisory, remote, php
SHA-256 | f324c19dbb506141832f85077a736850e56b7b492f689c7d1dbbcc19a71e156e
nocc.xss.txt
Posted Oct 22, 2002
Authored by Ulf Harnhammar

Nocc v0.9.5 contains cross site scripting vulnerabilities which allow an attacker to take over a victim's e-mail account and/or perform actions against the victim's will, by simply sending a malicious e-mail message to the victim. Fix available at http://nocc.sourceforge.net.

tags | web, vulnerability, xss
SHA-256 | 9dc7f58e6a84de7afd3c2dc0c1c01e0a92637f30032701f1adde85a1090db208
phpcrlf.txt
Posted Sep 11, 2002
Authored by Ulf Harnhammar

fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays.

tags | exploit, web, arbitrary, php
SHA-256 | 5290e8e6790626ca08c64a22a15bf3eaf5ff02cbf45a8623f2fd9c85f94d348f
lynx.cr.txt
Posted Aug 21, 2002
Authored by Ulf Harnhammar

Lynx prior to v2.8.4rel.1 contains a vulnerability which allows a web site owner to cause lynx to download files from the wrong site on a webserver with multiple virtual hosts because lynx fails to remove or encode dangerous characters such as space, tab, CR and LF before constructing HTTP queries.

tags | web
SHA-256 | 76cadd36c69520fb9295e1e9db5a96658f1721be3a8c838c891d9f76c4a927ae
FUDforum.txt
Posted Aug 18, 2002
Authored by Ulf Harnhammar

FUDforum is templatable forum with i18n support based on PHP and either MySQL or PostgreSQL. It has got two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program has also got some SQL Injection problems.

tags | php, sql injection
SHA-256 | e64f483bbd2b238d0b033fe09136f94a50002a78eace341308a2309094a7302c
choco.latte.txt
Posted Jul 15, 2002
Authored by Ulf Harnhammar

Double Choco Latte, a project management package, contains remote vulnerabilities which allow any file on the webserver to be read and cross site scripting bugs.

tags | remote, vulnerability, xss
SHA-256 | acb217fc6a980bd564416b4953fee5ba579712a79602d438e7328d8eb8697b65
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close