what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Eric Romang

Email addresseromang at zataz.net
First Active2005-05-22
Last Active2013-01-02
Microsoft Internet Explorer CButton Object Use-After-Free
Posted Jan 2, 2013
Authored by Eric Romang, sinn3r, juan vazquez, mahmud ab rahman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-4792
SHA-256 | 533129f761cf4d8924232d6abdcf16e58a9823d5ff768d51fa0cc0628e64d91b
Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free
Posted Dec 31, 2012
Authored by Eric Romang, sinn3r, juan vazquez, mahmud ab rahman | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.

tags | exploit, arbitrary, code execution
advisories | CVE-2012-4792
SHA-256 | e321b503a83791aeb063c8940adcdb875c9201669df143b59807fe08c4b13986
Microsoft Internet Explorer execCommand Use-After-Free
Posted Sep 17, 2012
Authored by Eric Romang, sinn3r, juan vazquez, binjo | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.

tags | exploit
advisories | OSVDB-85532
SHA-256 | 66f9396f0db135d2fa969a6675b705145fd8d9a8e475df6ffb4eb653d1a76be3
Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
Posted Feb 17, 2012
Authored by Eric Romang, jduck | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2012-0209
SHA-256 | 5817e62d4533bab2dbd047fa5bee1b0835f288d738632129acd4ba22eaf51ee4
php.4.4.1.txt
Posted Oct 26, 2005
Authored by Eric Romang | Site zataz.com

php version 4.4.1 .htaccess apache DOS exploit.

tags | exploit, php
SHA-256 | 89b45db948a6dc9783df06193d900b40d886c9e201fd99c49f8648806d4d12c6
bacula-09192005.txt
Posted Sep 23, 2005
Authored by Eric Romang

bacula versions 1.36.3 and below are susceptible to a symlink attack.

tags | advisory
SHA-256 | 0b733f367c71d2ab2a33bc47b8a5378b78ffdd5f6f2e4be7909b5df63d1beddb
silc-server-toolkit-06152005.txt
Posted Sep 5, 2005
Authored by Eric Romang

silc-server versions 1.0 and below and silc-toolkit versions 0.9.12-r3 and below suffer from a symlink vulnerability.

tags | advisory
SHA-256 | a6a05964534a2dfa04c3e9f02a2c330927237610ff486f3e7ed9e48c25e353ee
shtool-05252005.txt
Posted Aug 14, 2005
Authored by Eric Romang

shtool suffers from an insecure temporary file creation vulnerability. Versions 2.0.1 and below are affected.

tags | advisory
SHA-256 | f462542f401d5467cc710b4a9eefe73e22f0176de033abfdf0c5cba8a7747f76
net-snmp-05182005.txt
Posted Aug 14, 2005
Authored by Eric Romang

net-snmp fixproc contains a security flaw that allows a malicious local attacker the ability to execute arbitrary commands with root privileges.

tags | advisory, arbitrary, local, root
SHA-256 | e45fb19f19ec442e148803aa640b440b3b0b5470ff6e7fbd34aec296f42a3019
mysql-05172005.txt
Posted Aug 14, 2005
Authored by Eric Romang

MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.

tags | advisory, local, sql injection
SHA-256 | a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131
ekg.insecure.txt
Posted Jul 7, 2005
Authored by Eric Romang

ekg versions 2005-06-05 and below suffer from a temporary file creation vulnerability that can lead to arbitrary code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2005-1916
SHA-256 | f3e3068a5e4291be5395ccfdd515de3b42a8eb9539016b6057bb6f8c1704c6ca
kpopper10.txt
Posted Jul 7, 2005
Authored by Eric Romang | Site zataz.net

kpopper versions 1.0 and below suffer from an insecure temporary file creation vulnerability. Exploit included.

tags | exploit
SHA-256 | 5e595cc68818ef185cddc15d72da4f21886c1d6c97c53cf9a675490f90ec37d9
xmysqladmin-05292005.txt
Posted Jun 21, 2005
Authored by Eric Romang | Site zataz.net

xmysqladmin versions 1.0 and below suffer from a symlink vulnerability.

tags | advisory
SHA-256 | 2fa75758826d6d03130e584c9f1f59190b2772d66994dcc3615620ff5cfca684
everybuddy-06062005.txt
Posted Jun 18, 2005
Authored by Eric Romang | Site zataz.net

everybuddy versions 0.4.3 and below suffer from an insecure file creation vulnerability that allows for symlink attacks.

tags | advisory
SHA-256 | 46adc67a1df5282b44714898566130942229e761b77d09b090172e0d9eb8a519
lutelwall-05222005.txt
Posted Jun 18, 2005
Authored by Eric Romang | Site zataz.net

LutelWall versions 0.97 and below suffer from an insecure file creation vulnerability that allows for symlink attacks.

tags | advisory
SHA-256 | 419e4a6a72caaab54526ba5f7a714b611c277c831e9ef0d7195ebfcf33fc155b
giptables-05222005.txt
Posted Jun 18, 2005
Authored by Eric Romang | Site zataz.net

GIPTables Firewall versions 1.1 and below suffer from an insecure file creation vulnerability that allows for symlink attacks.

tags | advisory
SHA-256 | 916ac1b2eb458387fa4004ef64b4ae9968c40a51fdd18dd87f5c944c4e66394a
webapp-config-05182005.txt
Posted May 22, 2005
Authored by Eric Romang | Site zataz.net

Gentoo webapp-config prior to v1.10-r14 insecure temp file creation advisory and local root exploit. Requires that the root user installs, upgrades, or deletes a Gentoo provided web application with the webapp-config tool. More information available here.

tags | exploit, web, local, root
systems | linux, gentoo
SHA-256 | 2b65efbc316467f3bf71596936ac3d3b83b43b919e292377283fe01bacb7a19b
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close