exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files from John Heasman

Email addressjohn at ngssoftware.com
First Active2004-06-14
Last Active2015-05-01
ElasticSearch Directory Traversal Proof Of Concept
Posted May 1, 2015
Authored by John Heasman, Pedro Andujar

ElasticPwn is a proof of concept exploit that demonstrates the directory traversal vulnerability in versions prior to 1.5.2 and 1.4.5.

tags | exploit, proof of concept
advisories | CVE-2015-3337
SHA-256 | b8dc5f1df82809852d6a77c351c7f2eb981f60244033ee5ab50a39260d9b0d1a
Elasticsearch Directory Traversal
Posted Apr 27, 2015
Authored by John Heasman

All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch.

tags | advisory, file inclusion
advisories | CVE-2015-3337
SHA-256 | e14bc9f35bf13a67b98981ea4b74e9432b3624b8a7bccf2d1aad94a07d646fee
NGS-SNMPc.txt
Posted May 1, 2008
Authored by John Heasman, Wade Alcorn | Site ngssoftware.com

Wade Alcorn and John Heasman of NGSSoftware have discovered a stack overflow vulnerability in Castle Rock Computing SNMPc Network Manager. Versions 7.1 and below are affected.

tags | advisory, overflow
SHA-256 | 44f1205ae4dc7f2841bac78a799e87ca996df01f25e2116bf1a2a9de5b97fa5d
NGS00419.txt
Posted Oct 30, 2007
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - It is possible to cause the Java Virtual Machine to overwrite an arbitrary memory location with an arbitrary value (repeatedly and in a stable manner) when parsing a malformed TrueType font. JDK and JRE versions 5.0 Update 9 and below as well as SDK and JRE versions 1.4.2_14 and below are affected.

tags | advisory, java, arbitrary
SHA-256 | 0f0ebea1254e1ec07669df846e6a69c1b0b5d28d5ec47a79fc20ee4ef9e02c1b
NGS00443.txt
Posted Oct 30, 2007
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - JDK and JRE versions 6 Update 1 and below, 5.0 Update 11 and below, and SDK and JRE versions 1.4.2_14 and below contain a vulnerability that allows an untrusted applet to violate the network access restrictions placed on it by the Java sandbox.

tags | advisory, java
SHA-256 | 9a7c6871dff0c09ab04b8fb752675bf310bc954b330129c49fbe3633fb2bc29c
realplayer-heap.txt
Posted Oct 29, 2007
Authored by John Heasman | Site ngssoftware.com

All versions of RealPlayer 10 and some builds of RealPlayer 10.5 suffer from a heap overflow in the ID3 tag parsing code.

tags | advisory, overflow
SHA-256 | 46421bbdec94678eace2f1448aa87b7317888d18e61f1d242f583bc1db79e149
NGS-java.txt
Posted Jul 3, 2007
Authored by John Heasman | Site ngssoftware.com

NGSSoftware has discovered a high risk vulnerability in Sun Microsystem's Java Web Start that ships with the JRE and JDK on Windows platforms. The vulnerability affects Java Web Start in JDK and JRE 5.0 Update 11 and earlier versions and Java Web Start in SDK and JRE 1.4.2_13 and earlier versions.

tags | advisory, java, web
systems | windows
SHA-256 | 18365c45e4d10cf127f912194570aa30696d54cc5d34635beed0f89e4620a0dd
rtf-office.txt
Posted Jun 14, 2007
Authored by John Heasman | Site ngssoftware.com

John Heasman of NGSSoftware has discovered a high risk vulnerability in the handling of RTF documents within OpenOffice. The vulnerability affects all versions of OpenOffice prior to 2.2.1. If an attacker can coax a user into opening a specially crafted RTF document then the attacker can execute arbitrary code in the security context of their victim.

tags | advisory, arbitrary
SHA-256 | be4a33febe226d70a1f14570aa889aadb761814ecb40cb7d6d9614c7df6778d0
NGS-openoffice.txt
Posted Apr 5, 2007
Authored by John Heasman | Site ngssoftware.com

A stack overflow affects all versions of OpenOffice prior to 2.2. The flaw exists in the handling of StarCalc documents within OpenOffice.

tags | advisory, overflow
SHA-256 | c06dc4d6cb7f25d0c27d7c5763173af7931fb5c54fce6b66c583a2a8e0cb583d
NGS00401.txt
Posted Feb 1, 2007
Authored by Mark Litchfield, John Heasman | Site ngssoftware.com

BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote resource exhaustion vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause LGSERVER.EXE to write very large files to the system disk. In addition, the LGSERVER.EXE process becomes unresponsive until the file has been written.

tags | advisory, remote, tcp
SHA-256 | 5e363b53e6622717f68088020395485bc3abf558e7989dfb9923e72982cf384e
ngs-openoffice.txt
Posted Jan 5, 2007
Authored by John Heasman | Site ngssoftware.com

Three heap overflows have been discovered in OpenOffice versions below 2.1.0 and StarOffice 6, 7 and 8. If an attacker can coax a user into opening a specially crafted document then the attacker can execute arbitrary code in the security context of their victim.

tags | advisory, overflow, arbitrary
SHA-256 | 0bc1c17478066157d522005ac5c33b04a9f2b3857860aeb56b9a06aedd499e60
Implementing_And_Detecting_A_PCI_Rootkit.pdf
Posted Nov 18, 2006
Authored by John Heasman | Site ngssoftware.com

Whitepaper entitled "Implementing and Detecting a PCI Rootkit". This paper discusses means of persisting a rootkit on a PCI device containing a flashable expansion ROM.

tags | paper
SHA-256 | 260ded5cc1071aca1b4d5dfacad60c3e7469b9713f06b292531eeef70176c5cd
netddefull.txt
Posted Jan 25, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the Microsoft NetDDE service which can allow a remote attacker to execute arbitrary code on a system without authentication. This vulnerability can also be used by any low privileged local user to gain Local System privileges. Systems Affected: Microsoft Windows NT/2000/XP/2003 Server.

tags | advisory, remote, arbitrary, local
systems | windows
SHA-256 | 7fe7b3cd43a05089bc18d0500d8382f190e1c29289808a9a8cd64afe62566c0d
real-03full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, remote, vulnerability, code execution
SHA-256 | 5c0369393320c3bc4942c495e3418f09710027a42e9c22a5dd5a498b9a15bf83
real-02full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in RealPlayer which can allow an attacker to delete arbitrary files from a users system through a specially crafted webpage with little user interaction. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, arbitrary
SHA-256 | b462f3260253fe793321c8e2dfeaaaa00172ff31bc7e9284b32f1a9c98fb0224
real-01full.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the RealPlayer ActiveX component which can allow remote code execution when visiting a specially crafted webpage or when opening a specially crafted skin file. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.

tags | advisory, remote, code execution, activex
SHA-256 | d332699dfef5d8bd70ed59b5f1cffff864fb02bf8b2f613b89ac2599be623d18
heartbeatfull.txt
Posted Jan 22, 2005
Authored by John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the MSN Heartbeat ActiveX component which can allow remote code execution through Internet Explorer. This component is installed by some MSN gaming sites and is marked safe for scripting by default.

tags | advisory, remote, code execution, activex
SHA-256 | 437cb0444e747bd19c3d33d21dc1c6e7f5bed0c0cc0ce510e105d1b9021bdcd7
athoc-01full.txt
Posted Jan 22, 2005
Authored by Mark Litchfield, John Heasman | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - Multiple vulnerabilities have been discovered in the AtHoc toolbar which can allow remote code execution through Internet Explorer when browsing to a specially crafted webpage.

tags | advisory, remote, vulnerability, code execution
SHA-256 | 47bfb3702c540e74e290ac45de0ac6236c9dac1d8ea51d84b10c5a95b4edf519
quicktime.txt
Posted Oct 28, 2004
Authored by John Heasman

A high risk vulnerability exists in Quicktime for Windows versions 6.5.2 and earlier.

tags | advisory
systems | windows
SHA-256 | e225e65e339978dc3071b9a5afce13c6687b3bd18967e4ff3e7c14bb2d873daa
realplayer105.txt
Posted Oct 28, 2004
Authored by John Heasman

Realplayer 10.5 permits execution of arbitrary code via a malformed skin.

tags | advisory, arbitrary
SHA-256 | b743a1d74b44fe7d8b975d6c7165caf91b93e5cc4d1f958f6e38c90fd2fdf13d
ms04-038.html
Posted Oct 24, 2004
Authored by Mitja Kolsek, John Heasman, Greg Jones | Site microsoft.com

Microsoft Security Advisory MS04-038 - Multiple Internet Explorer vulnerabilities have been patched by Microsoft. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

tags | advisory, vulnerability
advisories | CVE-2004-0842, CVE-2004-0727, CVE-2004-0216, CVE-2004-0839, CVE-2004-0844, CVE-2004-0843, CVE-2004-0841, CVE-2004-0845
SHA-256 | 8c12c38d2335efcde6058b11b2939c069107c03e4343a03882cdaf1d2b2296ee
realupdate.html
Posted Oct 7, 2004
Authored by Marc Maiffret, John Heasman | Site service.real.com

RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine. While they have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.

tags | advisory, arbitrary, vulnerability
SHA-256 | 6271c03d314637ce60285d26839c6ed02232a7c525f81fffb3637673d7cd4358
realra.txt
Posted Jun 14, 2004
Authored by John Heasman | Site nextgenss.com

NGSSoftware Insight Security Research Advisory #NISR11062004 - By crafting a malformed .RA, .RM, .RV or .RMJ file it possible to cause heap corruption that can lead to execution of arbitrary code. By forcing a browser or enticing a user to a website containing such a file, arbitrary attacker supplied code could be executed on the target machine. This code will run in the security context of the logged on user. Another attacker vector is via an e-mail attachment. NGSResearchers have created reliable exploits to take advantage of these issues. Versions affected are: RealOne Player (English), RealOne Player v2 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer 8 (all languages), RealPlayer Enterprise (all versions, standalone and as-configured by the RealPlayer Enterprise Manager).

tags | advisory, arbitrary
SHA-256 | 9386d33a1646cab5f7eba3a0866f4a1fc55d21938426f75fe5d480922d5d3f5b
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close