what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files from Eric Romang

Email addresseromang at zataz.net
First Active2005-05-22
Last Active2013-01-02
Microsoft Internet Explorer CButton Object Use-After-Free
Posted Jan 2, 2013
Authored by Eric Romang, sinn3r, juan vazquez, mahmud ab rahman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-4792
MD5 | 96b9a317ae17d4372b4bc3e0e39e9edf
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
Posted Dec 31, 2012
Authored by Eric Romang, sinn3r, juan vazquez, mahmud ab rahman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-4792
MD5 | ded95fac262cac303634ac39e4211d5a
Microsoft Internet Explorer execCommand Use-After-Free
Posted Sep 17, 2012
Authored by Eric Romang, sinn3r, juan vazquez, binjo | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.

tags | exploit
advisories | OSVDB-85532
MD5 | 377c4b7a481946f0167f08116e969e05
Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
Posted Feb 17, 2012
Authored by Eric Romang, jduck | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2012-0209
MD5 | c67d692d4c351361a41b41a368ecd76d
php.4.4.1.txt
Posted Oct 26, 2005
Authored by Eric Romang | Site zataz.com

php version 4.4.1 .htaccess apache DOS exploit.

tags | exploit, php
MD5 | 260ebaf862ca70c620a9d4ceb5df872c
bacula-09192005.txt
Posted Sep 23, 2005
Authored by Eric Romang

bacula versions 1.36.3 and below are susceptible to a symlink attack.

tags | advisory
MD5 | b3ee293002ebe33b75104fe4fc9c318f
silc-server-toolkit-06152005.txt
Posted Sep 5, 2005
Authored by Eric Romang

silc-server versions 1.0 and below and silc-toolkit versions 0.9.12-r3 and below suffer from a symlink vulnerability.

tags | advisory
MD5 | 9b1b0e6fc6c10340770fd68d189ce548
shtool-05252005.txt
Posted Aug 14, 2005
Authored by Eric Romang

shtool suffers from an insecure temporary file creation vulnerability. Versions 2.0.1 and below are affected.

tags | advisory
MD5 | 818e07746e4f48fed9bb37ae74e7ab1d
net-snmp-05182005.txt
Posted Aug 14, 2005
Authored by Eric Romang

net-snmp fixproc contains a security flaw that allows a malicious local attacker the ability to execute arbitrary commands with root privileges.

tags | advisory, arbitrary, local, root
MD5 | 7766e8a7202c2a4684448d440baa7ac5
mysql-05172005.txt
Posted Aug 14, 2005
Authored by Eric Romang

MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.

tags | advisory, local, sql injection
MD5 | 78667fb8740885deecfd6ddb01e420fb
ekg.insecure.txt
Posted Jul 7, 2005
Authored by Eric Romang

ekg versions 2005-06-05 and below suffer from a temporary file creation vulnerability that can lead to arbitrary code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2005-1916
MD5 | f41ed795beaf615c6450fb97a091ee5a
kpopper10.txt
Posted Jul 7, 2005
Authored by Eric Romang | Site zataz.net

kpopper versions 1.0 and below suffer from an insecure temporary file creation vulnerability. Exploit included.

tags | exploit
MD5 | 22369ea4a48f2e5c26fc9a5c9ee0e9ab
xmysqladmin-05292005.txt
Posted Jun 21, 2005
Authored by Eric Romang | Site zataz.net

xmysqladmin versions 1.0 and below suffer from a symlink vulnerability.

tags | advisory
MD5 | 0bb03d59643ceccea6a9e236d03869c2
everybuddy-06062005.txt
Posted Jun 18, 2005
Authored by Eric Romang | Site zataz.net

everybuddy versions 0.4.3 and below suffer from an insecure file creation vulnerability that allows for symlink attacks.

tags | advisory
MD5 | 962320121d4f7088c7e78fb919a4fa34
lutelwall-05222005.txt
Posted Jun 18, 2005
Authored by Eric Romang | Site zataz.net

LutelWall versions 0.97 and below suffer from an insecure file creation vulnerability that allows for symlink attacks.

tags | advisory
MD5 | 14b7fd692889a00159e31aaa0988bb68
giptables-05222005.txt
Posted Jun 18, 2005
Authored by Eric Romang | Site zataz.net

GIPTables Firewall versions 1.1 and below suffer from an insecure file creation vulnerability that allows for symlink attacks.

tags | advisory
MD5 | 4ba933b7bbea64e52fae43b5df70dcf3
webapp-config-05182005.txt
Posted May 22, 2005
Authored by Eric Romang | Site zataz.net

Gentoo webapp-config prior to v1.10-r14 insecure temp file creation advisory and local root exploit. Requires that the root user installs, upgrades, or deletes a Gentoo provided web application with the webapp-config tool. More information available here.

tags | exploit, web, local, root
systems | linux, gentoo
MD5 | 5bfc5eee34fea8c7adaa88174a9466fd
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close