the original cloud security
Showing 1 - 25 of 66 RSS Feed

Files from Tim Brown

Email addresstimb at nth-dimension.org.uk
First Active2005-08-17
Last Active2016-02-05
Viprinet Multichannel VPN Router 300 Cross Site Scripting
Posted Feb 5, 2016
Authored by Tim Brown | Site portcullis-security.com

Viprinet Multichannel VPN Router 300 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-2045
MD5 | 30d07877ad23d86e418cf832f5d292d7
Viprinet Multichannel VPN Router 300 Identity Verification Fail
Posted Feb 5, 2016
Authored by Tim Brown | Site portcullis-security.com

Viprinet Multichannel VPN Router 300 fails to verify the remote SSL VPN endpoint identity.

tags | advisory, remote
advisories | CVE-2014-9754, CVE-2014-9755
MD5 | 541e8718c57acb4a09240bf5249f7370
AMD fglrx-driver 14.4.2 Privilege Escalation
Posted Oct 29, 2015
Authored by Tim Brown | Site portcullis-security.com

Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 14.4.2.

tags | advisory
advisories | CVE-2015-7723
MD5 | af168e7674aa3ddcd91f2741d2711c3d
AMD fglrx-driver 15.7 Privilege Escalation
Posted Oct 29, 2015
Authored by Tim Brown | Site portcullis-security.com

Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 15.7.

tags | advisory
advisories | CVE-2015-7724
MD5 | 0ebfe857657e6659feb58180ca053e66
SAP ECC Privilege Escalation
Posted Jul 14, 2015
Authored by Tim Brown | Site portcullis-security.com

SAP ECC uses binaries that are executed with elevated privileges (SetGID and SetUID programs) that have been compiled in manner that means they searched for libraries in insecure locations.

tags | advisory
advisories | CVE-2015-3621
MD5 | 07567e01576d9b80a7b495235b1c2a95
Compaq/Hewlett Packard Glance 11.00 Privilege Escalation
Posted Nov 19, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected.

tags | exploit
systems | linux
advisories | CVE-2014-2630
MD5 | f281541bcce04bc302e057281caa162c
IBM AIX Runtime Linker Privilege Escalation
Posted Jul 9, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 6.1 and 7.1 suffer from a runtime linker privilege escalation vulnerability.

tags | advisory
systems | aix
advisories | CVE-2014-3074
MD5 | 5ed90263296038d7960e8d8e007b1e6a
IBM AIX 6.1.8+ Privilege Escalation
Posted Jun 12, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 6.1.8 and later suffer from a local privilege escalation vulnerability in libodm due to an arbitrary file write.

tags | exploit, arbitrary, local
systems | aix
advisories | CVE-2014-3977
MD5 | 319e4008a767f106fb7dc54a17237ed2
IBM DB2 Privilege Escalation
Posted Jun 4, 2014
Authored by Tim Brown | Site portcullis-security.com

setuid and setgid programs can escalate privileges via insecure RPATH use in IBM DB2 systems.

tags | advisory
advisories | CVE-2014-0907
MD5 | 6a99c82db7f5576482f6ca6bec6d7d12
IBM AIX Kernel Memory Leak / Denial Of Service
Posted May 6, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the parameters that are passed to the ptrace() system call when performing the PT_LDINFO operation. By calling ptrace(PT_LDINFO, childpid, leakbuffer, maximumleak, NULL) with a value of maximumleak that greater than that required for the expected result of the PT_LDINFO operation, the AIX kernel will xmalloc() this space (without initializing it), populate it and then perform a copy operation that returns the result within leakbuffer.

tags | advisory, denial of service, kernel, vulnerability, memory leak
systems | aix
advisories | CVE-2014-0930
MD5 | 4236298d7ba606989f3262b37ad6c132
HP Insecure RPATH Use
Posted Apr 14, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 9.40 of HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility running on Linux are affected.

tags | exploit
systems | linux
advisories | CVE-2013-6216
MD5 | 401a3c64d44816cbb03567f052a115fc
BMC Patrol For AIX Insecure RPATH Use
Posted Apr 14, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 3.9.00 of BMC Patrol for AIX is affected.

tags | exploit
systems | aix
advisories | CVE-2014-2591
MD5 | 82e142ecb7429ecf312c0bc873447d0a
QNX Neutrino RTOS 6.5.0 Privilege Escalation
Posted Mar 13, 2014
Authored by Tim Brown | Site nth-dimension.org.uk

QNX Neutrino RTOS version 6.5.0 suffers from multiple privilege escalation vulnerabilities.

tags | exploit, vulnerability
MD5 | 3748b8804887238b5f64b6871cf8ee63
HTML 5 Good Practice Guide
Posted May 16, 2013
Authored by Tim Brown | Site portcullis-security.com

This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.

tags | paper
MD5 | 419f5768fc2814c6e1eeaa774ba42148
RIM BlackBerry PlayBook OS 1.0.8.6067 Local File Access
Posted Dec 1, 2012
Authored by Tim Brown | Site nth-dimension.org.uk

The web browser which comes as part of the RIM BlackBerry PlayBook OS can be tricked into disclosing the contents of local files through the planting of a malicious HTML file through the standard download mechanism. It should be noted that in order to exploit this issue, user interaction is required as the user will need to confirm the download of the malicious HTML file.

tags | advisory, web, local
advisories | CVE-2012-5828
MD5 | ba5ca11c119d8b3288db7ea508cff6aa
Konqueror 4.7.3 Memory Corruption
Posted Oct 31, 2012
Authored by Tim Brown | Site nth-dimension.org.uk

Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2012-4512, CVE-2012-4513, CVE-2012-4514, CVE-2012-4515
MD5 | f3750e70c776544c1fff83a4d931e3dc
Perl 5 Memory Corruption
Posted Oct 26, 2012
Authored by Tim Brown | Site nth-dimension.org.uk

The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.

tags | advisory, arbitrary, perl, code execution
advisories | CVE-2012-5195
MD5 | faabce97452d026be018183bfea09b1a
Qt KSSL URL Spoofing
Posted Oct 7, 2011
Authored by Tim Brown | Site nth-dimension.org.uk

Various Qt applications including KSSL (the KDE class library responsible for SSL negotiation), Rekonq, Arora and Psi IM are vulnerable to UI spoofing due to their use of QLabel objects to render externally controlled security critical information. The primary area of concern at this time relates to the named applications SSL certificate dialogue UI however other similar dialogue boxes may also be vulnerable.

tags | advisory, spoof
advisories | CVE-2011-3365, CVE-2011-3366, CVE-2011-3367
MD5 | 9d5e74d484e1ef524e998f6fff70b217
Ark 2.16 Directory Traversal
Posted Oct 7, 2011
Authored by Tim Brown | Site nth-dimension.org.uk

Ark version 2.16 suffers from a directory traversal vulnerability when handling a malformed ZIP file.

tags | exploit
advisories | CVE-2011-2725
MD5 | 6c1614954b7cad538117b35e3e3a3cd6
Breaking The Links: Exploiting The Linker
Posted Jul 5, 2011
Authored by Tim Brown | Site nth-dimension.org.uk

The recent discussion relating to insecure library loading on the Microsoft Windows platform provoked a significant amount of debate as to whether GNU/Linux and UNIX variants could be vulnerable to similar attacks. Whilst the general consensus of the Slashdot herd appeared to be that this was just another example of Microsoft doing things wrong, the author felt this was unfair and responded with a blog post that sought to highlight an example of where POSIX style linkers get things wrong. Based on the feedback received to that post, the author decided to investigate the issue a little further. This paper is an amalgamation of what was learnt.

tags | paper
systems | linux, windows, unix, osx
MD5 | c2e33de59c93dcc1dc48a0dd72ca382f
Konqueror 4.4.x / 4.5.x / 4.6.x HTML Injection
Posted Apr 12, 2011
Authored by Tim Brown | Site nth-dimension.org.uk

Nth Dimension Security Advisory (NDSA20110321) - Konqueror versions 4.4.x, 4.5.x, and 4.6.x suffer from an HTML injection vulnerability.

tags | exploit
advisories | CVE-2011-1168
MD5 | 3b692ae225dc3279dc595392c8f44274
QNX Neutrino RTOS Runtime Linker Arbitrary File Creation
Posted Mar 11, 2011
Authored by Tim Brown

The QNX Neutrino RTOS runtime linker allows the creation or overwriting of an arbitrary file. Moreover the technique by which this can be achieved can be triggered even where the binary being executed is setUID and is running as another user. Version 6.5.0 is affected.

tags | advisory, arbitrary
MD5 | 3dae88e996eb5247a05bf4dd05567abf
Apache Traffic Server DNS Cache Poisoning
Posted Sep 11, 2010
Authored by Tim Brown | Site nth-dimension.org.uk

The Apache Traffic Server versions 2.1.1 and 2.0.0 suffer from a DNS cache poisoning vulnerability.

tags | advisory
advisories | CVE-2010-2952
MD5 | 5f4f7c3338cab0cb9421bfa572bffd50
Exploiting The Linux Linker
Posted Aug 26, 2010
Authored by Tim Brown | Site nth-dimension.org.uk

Brief write up discussing exploitation of the Linux linker.

tags | paper
systems | linux
MD5 | 94a399bf6ca375e7eb564d43e0ceeb22
Rekonq 0.5 Cross Site Scripting
Posted Aug 19, 2010
Authored by Tim Brown | Site nth-dimension.org.uk

The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.

tags | exploit, web, arbitrary, spoof, javascript
MD5 | f826575d696a6820199c0f8c21c9625a
Page 1 of 3
Back123Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close