what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files from Alexander Klink

Email addressa.klink at cynops.de
First Active2006-05-05
Last Active2013-11-12
Microsoft CryptoAPI / Outlook 2007-2013 Design Bug
Posted Nov 12, 2013
Authored by Alexander Klink

A design bug in X.509 certificate chain validation (RFC 3280) allows attackers to trigger (blind) HTTP requests for both external as well as internal IPs if a specially-crafted, S/MIME-signed email is opened in Microsoft Outlook. This issue, which has been originally reported in 2008, has been revisited and timing differences make it possible to identify open and closed ports on internal networks.

tags | advisory, web
advisories | CVE-2013-3870
MD5 | 0a1fe0e02125c165a77673a232791a2b
IBM iNotes Cross Site Scripting
Posted Aug 27, 2013
Authored by Alexander Klink

IBM Lotus iNotes suffered from four cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0590, CVE-2013-0591, CVE-2013-0595
MD5 | a668564eb96884f679abb44f540211b2
IBM Lotus Notes 8.5.3 Code Execution
Posted Apr 30, 2013
Authored by Alexander Klink | Site nruns.com

The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.

tags | advisory, java, remote, vulnerability
advisories | CVE-2013-0127
MD5 | 95cf0bdf3e81e3e7e835b24e233812fa
Splunk 4.x Denial Of Service
Posted Nov 19, 2012
Authored by Alexander Klink | Site nruns.com

Splunk versions 4.0 through 4.3.4 suffer from an unauthenticated remote denial of service vulnerability against splunkd.

tags | advisory, remote, denial of service
MD5 | 77701ef13cf8f0205b69ae5bc03f88df
Splunk 4.3.x Denial Of Service
Posted Nov 2, 2012
Authored by Alexander Klink | Site nruns.com

Splunk version 4.3.x suffers from a denial of service hash table vulnerability.

tags | advisory, denial of service
advisories | CVE-2012-1150
MD5 | b21dca98d8d2b5e3bc0cf392cb4186d4
Hash Table Collisions
Posted Dec 28, 2011
Authored by Alexander Klink, Julian Walde | Site nruns.com

Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.

tags | advisory
advisories | CVE-2011-4815
MD5 | cbcfb371cfb5bca1ebdd5d270ad722eb
SQL-Ledger XSS / XSRF / SQL Injection / LFI
Posted Dec 22, 2009
Authored by Alexander Klink

SQL-Ledger suffers from cross site scripting, cross site request forgery, local file inclusion, SQL injection, and various other security vulnerabilities.

tags | exploit, local, vulnerability, xss, sql injection, file inclusion, csrf
advisories | CVE-2009-3580, CVE-2009-3581, CVE-2009-3582, CVE-2009-3583, CVE-2009-3584
MD5 | 22a6db9ea6f0b4f6a0b15e9990c33c70
AKLINK-SA-2008-007.txt
Posted Sep 29, 2008
Authored by Alexander Klink | Site cynops.de

CAcert suffered from a cross site scripting vulnerability when parsing a given X.509 certificate.

tags | advisory, xss
MD5 | f4cc58b77fbb5af8495b6a5b91adc1b9
aklink-sa-2008-006-opera-heap-overflow.txt
Posted May 28, 2008
Authored by FX, Alexander Klink | Site cynops.de

Opera versions below 9.25 are susceptible to a heap-based buffer overflow that allows for a denial of service and possibly code execution.

tags | advisory, denial of service, overflow, code execution
advisories | CVE-2007-6521
MD5 | 4b4ae0f9c353645fb3e0a5010c2ef188
check_weak_dh_ssh.pl.bz2
Posted May 27, 2008
Authored by Alexander Klink | Site cynops.de

Debian OpenSSL weak client Diffie-Hellman Exchange checker version 0.1.

tags | tool, scanner
systems | linux, unix, debian
MD5 | b32413a2c121cd11b7a2754daf8f75e3
AKLINK-SA-2008-005.txt
Posted Apr 3, 2008
Authored by Alexander Klink | Site cynops.de

Apache-SSL versions prior to apache_1.3.41+ssl_1.59 suffer from a memory disclosure vulnerability that may allow for privilege escalation.

tags | advisory
advisories | CVE-2008-0555
MD5 | 2878008d9e266abac14534bd7ec467fe
AKLINK-SA-2008-004.txt
Posted Apr 2, 2008
Authored by Alexander Klink | Site cynops.de

Microsoft Office 2007 has a design flaw that allows outbound HTTP requests to be made when a document is opened that has a digital signature.

tags | advisory, web
MD5 | 9b1190af4261a5b7d8ef496435f47b40
AKLINK-SA-2008-003.txt
Posted Apr 2, 2008
Authored by Alexander Klink | Site cynops.de

Windows Live Mail has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.

tags | advisory, web
systems | windows
MD5 | aebe873d62162c203765c3b0fa9e8c94
AKLINK-SA-2008-002.txt
Posted Apr 2, 2008
Authored by Alexander Klink | Site cynops.de

Microsoft Outlook has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.

tags | advisory, web
MD5 | 909333355189bb942f90ebc1afc9cc71
AKLINK-SA-2008-001.txt
Posted Feb 14, 2008
Authored by Alexander Klink | Site cynops.de

OpenCA version 0.9.2.5 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2008-0556
MD5 | d800a62ef3d092661be03ffd4f6d61bd
AKLINK-SA-2007-003.txt
Posted Aug 27, 2007
Authored by Alexander Klink | Site cynops.de

Stampit Web suffers from a denial of service vulnerability.

tags | advisory, web, denial of service
advisories | CVE-2007-3871
MD5 | 4e202522846f0c7234d94246e0eb549a
AKLINK-SA-2007-002.txt
Posted Apr 11, 2007
Authored by Alexander Klink | Site cynops.de

DropAFew versions 0.2 and below suffer from SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-1363, CVE-2007-1364
MD5 | a37fd1e2db2fbf7cce6401d8457a2cc8
dproxy.pm.txt
Posted Mar 24, 2007
Authored by Alexander Klink | Site cynops.de

MetaSploit exploit for the remote buffer overflow issue in dproxy versions 0.5 and below.

tags | exploit, remote, overflow
advisories | CVE-2007-1465
MD5 | 4d26779a53eeeb4f62f7a1729eb78a96
AKLINK-SA-2007-001.txt
Posted Mar 24, 2007
Authored by Alexander Klink | Site cynops.de

dproxy suffers from a typical buffer overflow condition, which allows an attacker to overwrite the stack. Version 0.5 and below are affected.

tags | advisory, overflow
advisories | CVE-2007-1465
MD5 | 81204c81a6fde99b67ef6fa53a8f17ee
aklink-sa-2006-001-jsboard-xss.txt
Posted May 5, 2006
Authored by Alexander Klink | Site klink.name

JSBoard releases 2.0.10 and 2.0.11 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2006-2109
MD5 | 25479bacc173ad5bb2c098da0e825c2b
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close