exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 48 RSS Feed

Files from Rodrigo Rubira Branco

Real NameRodrigo Rubira Branco BSDaemon
Email addressrodrigo at kernelhacking.com
Websitewww.kernelhacking.com/rodrigo
First Active2004-12-12
Last Active2012-05-15
View User Profile

Personal Background

Rodrigo Rubira Branco (BSDaemon) is the Chief Security Research of Check Point and the founder of the Vulnerability Discovery Team (VDT) of the company. Previously he worked as a Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the group RISE Security and the organizer of H2HC, the oldest hacking conference in Latin America. He is the maintainer of the StMichael/StJude projects (www.sf.net/projects/stjude), the developer of the SCMorphism (www.kernelhacking.com/rodrigo), and an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, HITB, XCon, VNSecurity, OLS, Defcon, Troopers and others.


Apple Quicktime .pct Parsing Memory Corruption
Posted May 15, 2012
Authored by Rodrigo Rubira Branco

Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.

tags | advisory
systems | windows, apple
advisories | CVE-2012-0671
SHA-256 | 177743c04df027711accb6be0442f662c763f68ae3e958ab54e44b32c5cdd929
Adobe Shockwave Player .dir Memory Corruption
Posted May 10, 2012
Authored by Rodrigo Rubira Branco | Site dissect.pe

Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities when parsing .dir media files. This file has three advisories pertaining to these issues. Versions affected include Shockwave Player version 11.6.3r633, Module IMLLib.framework on MacOS X 10.7.2 (11C74).

tags | advisory, vulnerability
advisories | CVE-2012-2029, CVE-2012-2030, CVE-2012-2031
SHA-256 | 68a2f9480c2bfe6e206c7c6cb220e52d87c7a6f1a454f30d7a1596ce26707535
Recaptcha WordPress Plugin Cross Site Scripting
Posted Mar 18, 2011
Authored by Rodrigo Rubira Branco

The Recaptcha WordPress plugin suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2011-0759
SHA-256 | 3380fb0810e15ce592d4dc8554dd0382521efd3b51f666fb7fa37f371bd0984b
Related Posts WordPress Plugin Cross Site Scripting
Posted Mar 18, 2011
Authored by Rodrigo Rubira Branco

The Related Posts WordPress plugin suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2011-0760
SHA-256 | d488164a8603b819908f4998ecd1a942907c98bd27482847a44773121f115473
rpc.cmsd Remote Proof Of Concept Exploit
Posted Feb 8, 2011
Authored by Rodrigo Rubira Branco

rpc.cmsd / Calendar Manager RPC service remote proof of concept buffer overflow exploit for Solaris, AIX, and HP-UX.

tags | exploit, remote, overflow, proof of concept
systems | solaris, aix, hpux
advisories | CVE-2010-4435
SHA-256 | 5b93d417eda40ad6a76cd6bd81c57c1a00b7622bb6aa9d80ff8bb2625d7e3c02
LiveZilla Cross Site Scripting
Posted Dec 27, 2010
Authored by Rodrigo Rubira Branco

LiveZilla versions prior to 3.2.0.2 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-4276
SHA-256 | f6edeefe91536b6d753f952535513ed99b5fedfaf49618dcb53bf3a41941f022
Radius Manager Cross Site Scripting
Posted Dec 17, 2010
Authored by Rodrigo Rubira Branco

Radius Manager version 3.8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-4275
SHA-256 | 849ce4124b8868d4964c836f3f0fe5032b8b695ec1975c135f686eb55ae4a79c
Embedded Video WordPress Plugin Cross Site Scripting
Posted Dec 17, 2010
Authored by Rodrigo Rubira Branco

Embedded Video WordPress Plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-4277
SHA-256 | e878442fc4101ed9c5163d489e152cacbae8369a6daf6621de5c5f33a5a44380
Apple Quicktime Memory Corruption
Posted Dec 17, 2010
Authored by Rodrigo Rubira Branco

The Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).

tags | advisory
systems | apple
advisories | CVE-2010-3801
SHA-256 | facb84d8419ffcf0bba2fe7f89e1f2ae1bc160d4a44a1f04b6c7f18419579e90
H2HC Cancun Entrance Is Free
Posted Nov 23, 2010
Authored by Rodrigo Rubira Branco | Site h2hc.com.br

Thanks to the sponsors that helped make it happen, H2HC Cancun entrance is free on December 3rd, 2010.

tags | paper, conference
SHA-256 | 548f02d8ec422aa20a8218ce3df321d8f8116d82f01e912ecba1597473a488f3
Apple Directory Services Memory Corruption
Posted Nov 11, 2010
Authored by Rodrigo Rubira Branco

Apple Directory Services suffers from a memory corruption vulnerability.

tags | advisory
systems | apple
advisories | CVE-2010-1840
SHA-256 | 8481c28235d20fa0485ba7450f678bb97a628f8d197b96a6443f807b2cf74e70
Spree e-commerce JSON Hijacking
Posted Nov 9, 2010
Authored by Rodrigo Rubira Branco

There are multiple JSON hijacking vulnerabilities in Spree e-commerce and as a result, an attacker can steal confidential information such as: product costs, price and quantities and users email, encrypted passwords, tokens, OpenID identifier, phone and address as well as orders count and values by period.

tags | advisory, vulnerability
advisories | CVE-2010-3978
SHA-256 | 129fcbe0112190916cc1826e1e039917100d9c116fdf4c0f538a86a5ca357a91
cforms WordPress Plugin Cross Site Scripting
Posted Nov 2, 2010
Authored by Rodrigo Rubira Branco

The cforms WordPress plugin suffers from a cross site scripting vulnerability. Version 11.5 is affected.

tags | exploit, xss
advisories | CVE-2010-3977
SHA-256 | 1e73fd19bd42e9d6d569ea3750b2bfb41338b03125cfcacefd4f28b8adc31117
Adobe Shockwave Player Memory Corruption
Posted Nov 1, 2010
Authored by Rodrigo Rubira Branco, Michael Golub

Adobe Shockwave Player suffers from multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089
SHA-256 | 11361a286c7fb83e25af1b9c1340df96ba726fed468d57467a1833d1809da8d7
Microsoft Internet Explorer Uninitialized Memory Corruption
Posted Oct 13, 2010
Authored by Rodrigo Rubira Branco

Microsoft Internet Explorer suffers from an uninitialized memory corruption vulnerability.

tags | advisory
advisories | CVE-2010-3331
SHA-256 | 38a3c922b972da71d7b40c535c1be74a12386f2bb68598ddcf92becd9732cf7f
Synology Disk Station Code Execution / Cross Site Request Forgery / Cross Site Scripting
Posted Sep 28, 2010
Authored by Rodrigo Rubira Branco

Synology Disk Station suffers from code execution, cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
advisories | CVE-2010-2453
SHA-256 | f6e790ae4cf51446cb1ee256dd0149e093643e66c06d4c0a07d0b80084afa7f1
Apple CoreGraphics Memory Corruption
Posted Aug 27, 2010
Authored by Rodrigo Rubira Branco

Apple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability).

tags | advisory
systems | apple
advisories | CVE-2010-1801
SHA-256 | 53ce5615d54db8981ef51e6b34e7974571da0512912d9784b1b7d1be0444b0fd
Adobe Shockwave Player Memory Corruption
Posted Aug 26, 2010
Authored by Rodrigo Rubira Branco

Checkpoint has released advisories detailing memory corruption vulnerabilities in Adobe Shockwave Player.

tags | advisory, vulnerability
advisories | CVE-2010-2868, CVE-2010-2882, CVE-2010-2869, CVE-2010-2864, CVE-2010-2881, CVE-2010-2880
SHA-256 | 4829efd722cb176afb7773873dd385fa21fc3c8bb1ec6cd4af10f5f67b7a7e38
rpc.ttdbserverd x86 Proof Of Concept Exploit
Posted Aug 17, 2010
Authored by Rodrigo Rubira Branco

rpc.ttdbserverd database parser heap overflow proof of concept exploit for Solaris x86.

tags | exploit, overflow, x86, proof of concept
systems | solaris
advisories | CVE-2010-0083
SHA-256 | 4309d6ea600529f4cb32d290cdc671e242d95116c79a1748a4d0cb19b53446c1
rpc.ttdbserverd SPARC Proof Of Concept Exploit
Posted Aug 17, 2010
Authored by Rodrigo Rubira Branco

rpc.ttdbserverd database parser heap overflow proof of concept exploit for Solaris SPARC.

tags | exploit, overflow, proof of concept
systems | solaris
advisories | CVE-2010-0083
SHA-256 | 51a856a4f60ca9c109097e6ad7f77b45c5f9b8654533179d8c56df7d756afcc4
Microsoft Office Word HTML Linked Objects Memory Corruption
Posted Aug 13, 2010
Authored by Rodrigo Rubira Branco

There exists a vulnerability within the way Microsoft Word handles html linked objects, which leads to attacker controlled memory write and code execution.

tags | advisory, code execution
advisories | CVE-2010-1903
SHA-256 | 388ef977d6d340327415d1bce4d0dccc5e9342fd13c3dfe272913b9f9aa483a9
rpc.pcnfsd Format String Exploit
Posted Jul 18, 2010
Authored by Rodrigo Rubira Branco

rpc.pcnfsd remote format string exploit for AIX versions 6.1.0 and below.

tags | exploit, remote
systems | aix
advisories | CVE-2010-1039
SHA-256 | 9608caf3a078bffe08324219439a68fb2fc7292b8e1b12c4e24838f89c4b78fa
Ghostscript Stack Overflow Exploits
Posted Jul 18, 2010
Authored by Rodrigo Rubira Branco

Two working proof of concept exploits for a stack overflow in Ghostscript. One works against PCBSD exploiting the vulnerability through CUPS. The other creates a .ps file that will trigger the vulnerability.

tags | exploit, overflow, proof of concept
advisories | CVE-2010-1869
SHA-256 | 5ae9270895d3e789549d5022b11b8a33534564778a2cf307bd28c33902b28c71
ToolTalk rpc.ttdbserverd Database Parser Heap Overflow
Posted Jul 14, 2010
Authored by Rodrigo Rubira Branco

There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability can be triggered by creating a fake database (.rec file) on the system and calling remote procedure 7 of ToolTalk database server pointing to this database, leading to a heap overflow.

tags | advisory, remote, overflow
SHA-256 | d52652680c2282a365582b370699c7a5d7ea1fad7ca3f74abec30bf475ffe69d
rpc.pcnfsd Syslog Format String
Posted May 22, 2010
Authored by Rodrigo Rubira Branco

rpc.pcnfsd suffers from a syslog related format string vulnerability. IBM AIX versions 6.1.0 and below, IRIX 6.5 and HP-UX versions 11.11, 11.23 and 11.31 are all affected.

tags | advisory
systems | irix, aix, hpux
advisories | CVE-2010-1039
SHA-256 | 78d8496b11da0be50a94a9121549a259d6a954ea9337ad9e3d7cd651348c21b2
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close