what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Andrew Christensen

First Active2004-10-23
Last Active2007-04-02
iDEFENSE Security Advisory 2007-03-29.1
Posted Apr 2, 2007
Authored by iDefense Labs, Andrew Christensen | Site idefense.com

iDefense Security Advisory 03.29.07 - Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component of IBM Corp.'s Lotus Sametime product. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. iDefense has confirmed that this vulnerability is present in IBM Corp.'s Lotus Sametime STJNILoader.ocx version

tags | advisory, remote, web, arbitrary, activex
SHA-256 | 176a7cb1e83f154ccc8af07f4cbe77546f283f0105fddba28d1cfc898267a850
Posted Nov 9, 2006
Authored by Andrew Christensen | Site fortconsult.net

FortConsult Security Advisory - It is possible to retrieve unencrypted data from the "names.nsf" database on Lotus Notes servers without being logged in.

tags | advisory
SHA-256 | 438f8fa64a94121b43b7b7e1b5eef7fc543a121fdbb1de48b7fc02b951ba17ae
iDEFENSE Security Advisory 2006-11-08.1
Posted Nov 9, 2006
Authored by iDefense Labs, Andrew Christensen | Site idefense.com

iDefense Security Advisory 11.08.06 - Local exploitation of multiple buffer overflow vulnerabilities in IBM's Lotus Domino could allow an attacker to elevate privileges to root. The 'tunekrnl' binary is used to set Linux/proc sysctl settings, allowing Domino to increase the resource limits of the running kernel. It is shipped with the owner set to root and the set-user-id bit on. Since the length of input is improperly validated when copying to fixed-size buffers, buffer overflow can occur.iDefense has confirmed the existence of this vulnerability in version of IBM's Lotus Domino for Linux. Earlier versions may also be vulnerable.

tags | advisory, overflow, kernel, local, root, vulnerability
systems | linux
SHA-256 | e24a6b648c0945b340012510654538e27d061dadc4ee809651273533be054a00
Posted Oct 16, 2006
Authored by Andrew Christensen | Site fortconsult.net

Perl and bash scripts to enable easy manipulation of Tor traffic exiting through your Tor node. Uses Linux iptables QUEUE target to dump Tor exit traffic into a processing script, which modifies the packet with a web-bug, then re-injects it onto the wire again.

tags | tool, web, perl, bash, peer2peer
systems | linux
SHA-256 | e264ded751e5361a5dd4ab1ab99f84c92f40fbc9acd30e7fdf0c7d4b072d2379
Posted Oct 16, 2006
Authored by Andrew Christensen | Site fortconsult.net

Paper describing simple means of finding the true address of Tor clients, if they are browsing an HTTP (non-encrypted) website and exit through an exit node which you control. Presents technique for using iptables to inject Javascript, Flash, into web traffic to persuade the client to temporarily bypass the Tor network.

tags | advisory, web, javascript
SHA-256 | 477c69883b11c9ea4888422b2968acc602e150bee30795b919f37527a85f5de8
Posted Oct 25, 2005
Authored by Andrew Christensen | Site fortconsult.net

Paros version 3.2.5 and below may contain a flaw where a remote attackers can connect to a database port opened on the machine running Paros, without supplying any credentials.

tags | advisory, remote
SHA-256 | e15f1f6aa00303b3b7411b2126695817306f14c95f70b336426ec3af0f2137ff
Posted Oct 23, 2004
Authored by Andrew Christensen

This is a Perl script that can search files to identify whether data has been hi dden using a weak steganography tool for Windows named Camouflage. If Camouflage has been used, it prints the approximate amount of hidden data, and says how many hidden files there are. If a password was used to "protect" the hidden data, the password is printed out. It has been tested against .doc carrier files, and tested against Camouflage v1.2.1. It also saves an unprotected version of the file with a different name.

tags | perl, encryption, steganography
systems | windows
SHA-256 | 1e41627ee891f89cb5aa1c4e441cd1ec6065587fedf8c8f504930887f92bb62a
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By