exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Alexander Klink

Email addressa.klink at cynops.de
First Active2006-05-05
Last Active2013-11-12
Microsoft CryptoAPI / Outlook 2007-2013 Design Bug
Posted Nov 12, 2013
Authored by Alexander Klink

A design bug in X.509 certificate chain validation (RFC 3280) allows attackers to trigger (blind) HTTP requests for both external as well as internal IPs if a specially-crafted, S/MIME-signed email is opened in Microsoft Outlook. This issue, which has been originally reported in 2008, has been revisited and timing differences make it possible to identify open and closed ports on internal networks.

tags | advisory, web
advisories | CVE-2013-3870
SHA-256 | 9365e6ebb217675995930a39307adaa0068c69e67328ec203f67fb4ba9ac8f00
IBM iNotes Cross Site Scripting
Posted Aug 27, 2013
Authored by Alexander Klink

IBM Lotus iNotes suffered from four cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0590, CVE-2013-0591, CVE-2013-0595
SHA-256 | 618ce3eda1131f575c8580bda8bf0d3b521173ae62782e832850453ccb773385
IBM Lotus Notes 8.5.3 Code Execution
Posted Apr 30, 2013
Authored by Alexander Klink | Site nruns.com

The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.

tags | advisory, java, remote, vulnerability
advisories | CVE-2013-0127
SHA-256 | 72507df8ce813a6baed8ae1404ff3467f4a3d09f17024073ea1c0b531c0f08c6
Splunk 4.x Denial Of Service
Posted Nov 19, 2012
Authored by Alexander Klink | Site nruns.com

Splunk versions 4.0 through 4.3.4 suffer from an unauthenticated remote denial of service vulnerability against splunkd.

tags | advisory, remote, denial of service
SHA-256 | 712c0f2ebc8a92c6651117dcb6b048dd30c332c12100a46fccd41ffa48f1183d
Splunk 4.3.x Denial Of Service
Posted Nov 2, 2012
Authored by Alexander Klink | Site nruns.com

Splunk version 4.3.x suffers from a denial of service hash table vulnerability.

tags | advisory, denial of service
advisories | CVE-2012-1150
SHA-256 | d5cbcf654bede60e73b046c746c6d6c0a805b9e9a6f72f4af8548cd3f36fa296
Hash Table Collisions
Posted Dec 28, 2011
Authored by Alexander Klink, Julian Walde | Site nruns.com

Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.

tags | advisory
advisories | CVE-2011-4815
SHA-256 | 5ba7d905a60a09b9e51b4bfc83a4c27718fe15666e0535630b7937cc69f6152f
SQL-Ledger XSS / XSRF / SQL Injection / LFI
Posted Dec 22, 2009
Authored by Alexander Klink

SQL-Ledger suffers from cross site scripting, cross site request forgery, local file inclusion, SQL injection, and various other security vulnerabilities.

tags | exploit, local, vulnerability, xss, sql injection, file inclusion, csrf
advisories | CVE-2009-3580, CVE-2009-3581, CVE-2009-3582, CVE-2009-3583, CVE-2009-3584
SHA-256 | 3829bdb05149d1bc7598b7a78e6ebb24bc4dda65fe6aa1226850034c3332a707
AKLINK-SA-2008-007.txt
Posted Sep 29, 2008
Authored by Alexander Klink | Site cynops.de

CAcert suffered from a cross site scripting vulnerability when parsing a given X.509 certificate.

tags | advisory, xss
SHA-256 | 010dc8224e527b25fcbaf1dd8c4db3d011ad35ad977a4c283f92787b8471e40c
aklink-sa-2008-006-opera-heap-overflow.txt
Posted May 28, 2008
Authored by FX, Alexander Klink | Site cynops.de

Opera versions below 9.25 are susceptible to a heap-based buffer overflow that allows for a denial of service and possibly code execution.

tags | advisory, denial of service, overflow, code execution
advisories | CVE-2007-6521
SHA-256 | f6dc341cce8dd3f5bc84c05a0c44cde29463acefebfde3867a34bf222e7aabf7
check_weak_dh_ssh.pl.bz2
Posted May 27, 2008
Authored by Alexander Klink | Site cynops.de

Debian OpenSSL weak client Diffie-Hellman Exchange checker version 0.1.

tags | tool, scanner
systems | linux, unix, debian
SHA-256 | f751596b32f587e79025ba709c16d9fdad9f31526709e13da3da0d3110928de6
AKLINK-SA-2008-005.txt
Posted Apr 3, 2008
Authored by Alexander Klink | Site cynops.de

Apache-SSL versions prior to apache_1.3.41+ssl_1.59 suffer from a memory disclosure vulnerability that may allow for privilege escalation.

tags | advisory
advisories | CVE-2008-0555
SHA-256 | 39036c5cb769695609adfa378084ea68badbe067b04e9ae812fda9a39d1ed918
AKLINK-SA-2008-004.txt
Posted Apr 2, 2008
Authored by Alexander Klink | Site cynops.de

Microsoft Office 2007 has a design flaw that allows outbound HTTP requests to be made when a document is opened that has a digital signature.

tags | advisory, web
SHA-256 | b4cb7f3e817924351a210a026c7bec9e430863cef89fb05b4f7fa6540b4f7384
AKLINK-SA-2008-003.txt
Posted Apr 2, 2008
Authored by Alexander Klink | Site cynops.de

Windows Live Mail has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.

tags | advisory, web
systems | windows
SHA-256 | 4d5511e520d30bf9ecbbdb40513e02a8b285c8a0a0062c017da8916a99f7afc5
AKLINK-SA-2008-002.txt
Posted Apr 2, 2008
Authored by Alexander Klink | Site cynops.de

Microsoft Outlook has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.

tags | advisory, web
SHA-256 | 1ff267973798cd8447b986b796dd166b737f9cbfe9fb69d0bef95485ff36340a
AKLINK-SA-2008-001.txt
Posted Feb 14, 2008
Authored by Alexander Klink | Site cynops.de

OpenCA version 0.9.2.5 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2008-0556
SHA-256 | c8cc08a802f0472bdd435e3b3e2dacbf30c477ffb9c1ff098f2c5e82d42a1001
AKLINK-SA-2007-003.txt
Posted Aug 27, 2007
Authored by Alexander Klink | Site cynops.de

Stampit Web suffers from a denial of service vulnerability.

tags | advisory, web, denial of service
advisories | CVE-2007-3871
SHA-256 | e61e043ac6440a474444d36cbba6289065dc1f9dafa15661b38403cd78790bb9
AKLINK-SA-2007-002.txt
Posted Apr 11, 2007
Authored by Alexander Klink | Site cynops.de

DropAFew versions 0.2 and below suffer from SQL injection vulnerabilities.

tags | exploit, vulnerability, sql injection
advisories | CVE-2007-1363, CVE-2007-1364
SHA-256 | d70a0ebccd74c188c38dd1d78303d396a7e2aa349786b47a134cca14004840c7
dproxy.pm.txt
Posted Mar 24, 2007
Authored by Alexander Klink | Site cynops.de

MetaSploit exploit for the remote buffer overflow issue in dproxy versions 0.5 and below.

tags | exploit, remote, overflow
advisories | CVE-2007-1465
SHA-256 | 93a48384d4123533a4cf4d4b95a8e2faf0006039c1860712e18e3f39485121bc
AKLINK-SA-2007-001.txt
Posted Mar 24, 2007
Authored by Alexander Klink | Site cynops.de

dproxy suffers from a typical buffer overflow condition, which allows an attacker to overwrite the stack. Version 0.5 and below are affected.

tags | advisory, overflow
advisories | CVE-2007-1465
SHA-256 | 105b19b9f636ba774d84d4ddd91b39ff45110d8e236554da8ee19b7dd5e116e5
aklink-sa-2006-001-jsboard-xss.txt
Posted May 5, 2006
Authored by Alexander Klink | Site klink.name

JSBoard releases 2.0.10 and 2.0.11 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2006-2109
SHA-256 | ef4921c4eaae2c60489129528cea8016ef9baaaed728b17d6583b53923c60897
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close