exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files from Ariel Berkman

First Active2004-12-30
Last Active2013-06-14
Android Debug Bridge Traversal
Posted Jun 14, 2013
Authored by Ariel Berkman

adb (Android Debug Bridge) backup and restore suffers from a traversal vulnerability where a file with a malicious name can overwrite files outside of the appropriate directory.

tags | exploit, file inclusion
MD5 | 2d7bc65136ca8031e3bd0a5ced31f1ff
Hiding Data In Hard-Drive's Service Areas
Posted Feb 19, 2013
Authored by Ariel Berkman | Site recover.co.il

In this paper the author demonstrates how spinning hard-drives' service areas can be used to hide data from the operating-system (or any software using the standard OS's API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands.

tags | paper
MD5 | 84a2861a39eb95ddeeb365c13f9e3531
xloadFlaws.tgz
Posted Oct 7, 2005
Authored by Ariel Berkman

Three buffer overflows have been discovered in xloadimage during the handling of the image title name. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed. Proof of concept files included.

tags | exploit, overflow, proof of concept
MD5 | 4ebe115927efb8268af7d4de94c58dc9
yanf.txt
Posted Dec 31, 2004
Authored by Ariel Berkman

A buffer overflow vulnerability exists in the Yanf news fetcher utility version 0.4.

tags | advisory, overflow
MD5 | 14bbda8f498430f2e0419965424f8c90
vilistextum.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

Vilistextum version 2.6.6 is susceptible to a buffer overflow in the get_attr() function.

tags | advisory, overflow
MD5 | bf08708a98b0a42384791a1dce9df5fd
elm-bolthole-filter.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

Bolthole Filter 2.6.1 is susceptible to a buffer overflow in the save_embedded_address() function.

tags | advisory, overflow
MD5 | 2377c54dc55dee29004918a211eb4beb
dxfscope.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

DXFscope version 0.2 is susceptible to a buffer overflow in the dxfin() function.

tags | advisory, overflow
MD5 | 82eb657d34bf358e211533dc74d15262
changepassword.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

changepassword version 0.8 fails to use a trusted path when calling make.

tags | advisory
MD5 | 7698f5ec75c1e6ffdae6c520099b1a09
convex3d.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

Convex 3D version 0.8pre1 is susceptible to a boundary error condition in the readObjectChunk() function that can result in arbitrary code execution.

tags | advisory, arbitrary, code execution
MD5 | f121a61b8ab0221cb66d4b8c80eb3527
cups.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error in the ParseCommand() function of CUPS version 1.x allows for a buffer overflow attack.

tags | advisory, overflow
MD5 | dc39406cac000791b41cbd2c2f4e58ac
xine-lib.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error condition in xine-lib versions 1-rc5 and 1-rc7 allows for arbitrary code execution.

tags | advisory, arbitrary, code execution
MD5 | ff26c74368757ae959f8e15478702404
2fax-djb.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error condition in ArBas 2fax allow for arbitrary code execution. Version 3.04 was found susceptible.

tags | advisory, arbitrary, code execution
MD5 | 1b879f49f13ed4a55da16edb0f3d5479
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    22 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    4 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close