exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Ariel Berkman

First Active2004-12-30
Last Active2013-06-14
Android Debug Bridge Traversal
Posted Jun 14, 2013
Authored by Ariel Berkman

adb (Android Debug Bridge) backup and restore suffers from a traversal vulnerability where a file with a malicious name can overwrite files outside of the appropriate directory.

tags | exploit, file inclusion
SHA-256 | eb3ffd09ecd5ca06060be0c442a3edcedfc027d3e35c7c125ecb2c9c47604770
Hiding Data In Hard-Drive's Service Areas
Posted Feb 19, 2013
Authored by Ariel Berkman | Site recover.co.il

In this paper the author demonstrates how spinning hard-drives' service areas can be used to hide data from the operating-system (or any software using the standard OS's API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands.

tags | paper
SHA-256 | 56c7d0d4187efd4b11c8476ff27ccc113b0205c32f936a78c17c88cafa947b3d
xloadFlaws.tgz
Posted Oct 7, 2005
Authored by Ariel Berkman

Three buffer overflows have been discovered in xloadimage during the handling of the image title name. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed. Proof of concept files included.

tags | exploit, overflow, proof of concept
SHA-256 | d6405d0250103efa153a79199d053e8ec209db2107cbb6bbed5155b986e00757
yanf.txt
Posted Dec 31, 2004
Authored by Ariel Berkman

A buffer overflow vulnerability exists in the Yanf news fetcher utility version 0.4.

tags | advisory, overflow
SHA-256 | 877eee2f42cbd1fbc93e5f7b498d7e966f2d625fc7823cb2e7dcd7ce37052da0
vilistextum.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

Vilistextum version 2.6.6 is susceptible to a buffer overflow in the get_attr() function.

tags | advisory, overflow
SHA-256 | 3647ccca69811067c47b4f3ca914498ff7ba6d96d57aa902ef52f5d4d65c7f20
elm-bolthole-filter.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

Bolthole Filter 2.6.1 is susceptible to a buffer overflow in the save_embedded_address() function.

tags | advisory, overflow
SHA-256 | e81216105c9e6872a277520889e10eb6ed145339886c78f8534bc7ae33ead91a
dxfscope.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

DXFscope version 0.2 is susceptible to a buffer overflow in the dxfin() function.

tags | advisory, overflow
SHA-256 | 34369099fb355879ef5d0da41977d60a2e86ad54487c2f236eb122ab38a89caf
changepassword.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

changepassword version 0.8 fails to use a trusted path when calling make.

tags | advisory
SHA-256 | da1061e9de0ae066f6c2d658e82865131a2705010fda490fa62cb52b0630431f
convex3d.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

Convex 3D version 0.8pre1 is susceptible to a boundary error condition in the readObjectChunk() function that can result in arbitrary code execution.

tags | advisory, arbitrary, code execution
SHA-256 | c0be34234c7b7ee264a7e65fbf8b54ae365a38cebd00de455fee697c1b176833
cups.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error in the ParseCommand() function of CUPS version 1.x allows for a buffer overflow attack.

tags | advisory, overflow
SHA-256 | 9ccc61dd6cf89fb1b7ef2aaa8f5dfe79a4ba5c2dd48a1000eff91a3631981c4c
xine-lib.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error condition in xine-lib versions 1-rc5 and 1-rc7 allows for arbitrary code execution.

tags | advisory, arbitrary, code execution
SHA-256 | 16d1652200dbbf84c39bd07bfd776f45e532758e649d978d1e7bc23cbbbd270f
2fax-djb.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error condition in ArBas 2fax allow for arbitrary code execution. Version 3.04 was found susceptible.

tags | advisory, arbitrary, code execution
SHA-256 | 356e87e258b9ac8d5fb03c4ec8826e44b8b471af4e4c8bba86981353f2aa2447
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close