exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from George D. Gal

Email addressggal at vsecurity.com
First Active2006-05-17
Last Active2014-09-18
Apple Foundation NSXMLParser XML eXternal Entity (XXE)
Posted Sep 18, 2014
Authored by George D. Gal | Site vsecurity.com

In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker's ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable.

tags | advisory, remote, denial of service, info disclosure, xxe
systems | apple, osx
advisories | CVE-2014-4374
SHA-256 | af1807dc188fc9b6e13cebb3ebe39700f51b071e81849be0f02375f2c6778418
IBM WebSphere Commerce Padding Oracle Attacks
Posted Jun 19, 2013
Authored by George D. Gal, Timothy D. Morgan | Site vsecurity.com

In February 2013, VSR identified a vulnerability in the IBM WebSphere Commerce framework which could allow an attacker to tamper with values stored in the "krypto" URL parameter. This parameter is encrypted with a block cipher without any independent integrity protection. This, combined with observed application behavior, allows for padding oracle attacks which can be used to decrypt the krypto token and forge new tokens with arbitrary embedded parameters.

tags | advisory, arbitrary
advisories | CVE-2013-0523
SHA-256 | 5998d6a975a57dc3921286cababdc5aa780a65141183d9726f3d8938c1392707
Citrix Access Gateway Command Execution
Posted Mar 4, 2011
Authored by George D. Gal, Erwin Paternotte | Site metasploit.com

The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.

tags | exploit, web, arbitrary, shell
advisories | CVE-2010-4566, OSVDB-70099
SHA-256 | 67ee0d90c122f14d2d05bf0be45df498f4d30d47f4fb4d085869433a4c230eb3
Citrix Access Gateway Command Injection
Posted Dec 21, 2010
Authored by George D. Gal | Site vsecurity.com

Citrix Access Gateway Command Injection Enterprise Edition up to 9.2-49.8 and Standard and Advanced Editions prior to 5.0 suffer from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2010-4566
SHA-256 | cc70050cfc786f1a1df78cc3270117077f714bea62b7947328a95fd0f7ef906a
WebLogic Plugin HTTP Injection Via Encoded URLs
Posted Jul 14, 2010
Authored by George D. Gal, Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.

tags | exploit, web
advisories | CVE-2010-2375
SHA-256 | 5d7636d4025d8667dd9edaf1762d3650f321ba8bf02999b83dd50d2261a56eff
Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities
Posted Jul 3, 2010
Authored by George D. Gal | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - VSR identified multiple weaknesses in the Cisco CSS 11500's handling of HTTP header interpretation and client-side SSL certificates.

tags | exploit, web
systems | cisco
advisories | CVE-2010-1575, CVE-2010-1576
SHA-256 | a326af05d494ce329e501c8d31cb88ef5241ca54732e93cb94798f317f50e528
Posted May 17, 2006
Authored by George D. Gal

For each HTTP request the Cisco PIX or other Cisco device forwards individual packets to Websense to determine whether or not the request should be permitted. However, when splitting the HTTP request into two or more packets on the HTTP method it is possible to circumvent the filtering mechanism. Affected versions are Websense 5.5.2, Cisco PIX OS / ASA versions below, Cisco PIX OS versions below 6.3.6(112), FWSM 2.3.x, and FWSM 3.x.

tags | advisory, web
systems | cisco
advisories | CVE-2006-0515
SHA-256 | 8aeae261f2d8b33cb7f16363b89f38beceb4080fce9a0d8b8fc55851a9705816
Page 1 of 1

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    14 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By