exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

Files from George D. Gal

Email addressggal at vsecurity.com
First Active2006-05-17
Last Active2014-09-18
Apple Foundation NSXMLParser XML eXternal Entity (XXE)
Posted Sep 18, 2014
Authored by George D. Gal | Site vsecurity.com

In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker's ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable.

tags | advisory, remote, denial of service, info disclosure, xxe
systems | apple, osx
advisories | CVE-2014-4374
MD5 | 0c9f3ececdf22fb201e7df1d53e7c95e
IBM WebSphere Commerce Padding Oracle Attacks
Posted Jun 19, 2013
Authored by George D. Gal, Timothy D. Morgan | Site vsecurity.com

In February 2013, VSR identified a vulnerability in the IBM WebSphere Commerce framework which could allow an attacker to tamper with values stored in the "krypto" URL parameter. This parameter is encrypted with a block cipher without any independent integrity protection. This, combined with observed application behavior, allows for padding oracle attacks which can be used to decrypt the krypto token and forge new tokens with arbitrary embedded parameters.

tags | advisory, arbitrary
advisories | CVE-2013-0523
MD5 | 3c38b0c9d639c49e3902b05612570972
Citrix Access Gateway Command Execution
Posted Mar 4, 2011
Authored by George D. Gal, Erwin Paternotte | Site metasploit.com

The Citrix Access Gateway provides support for multiple authentication types. When utilizing the external legacy NTLM authentication module known as ntlm_authenticator the Access Gateway spawns the Samba 'samedit' command line utility to verify a user's identity and password. By embedding shell metacharacters in the web authentication form it is possible to execute arbitrary commands on the Access Gateway.

tags | exploit, web, arbitrary, shell
advisories | CVE-2010-4566, OSVDB-70099
MD5 | 98babd1d509bb683e1feb7d73b7e149d
Citrix Access Gateway Command Injection
Posted Dec 21, 2010
Authored by George D. Gal | Site vsecurity.com

Citrix Access Gateway Command Injection Enterprise Edition up to 9.2-49.8 and Standard and Advanced Editions prior to 5.0 suffer from a remote command injection vulnerability.

tags | exploit, remote
advisories | CVE-2010-4566
MD5 | 626b7e8ef114dd5c1495d029374915f7
WebLogic Plugin HTTP Injection Via Encoded URLs
Posted Jul 14, 2010
Authored by George D. Gal, Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.

tags | exploit, web
advisories | CVE-2010-2375
MD5 | 9764aaeda5a938776e77b9f8161323a8
Multiple Cisco CSS / ACE Client Certificate And HTTP Header Manipulation Vulnerabilities
Posted Jul 3, 2010
Authored by George D. Gal | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - VSR identified multiple weaknesses in the Cisco CSS 11500's handling of HTTP header interpretation and client-side SSL certificates.

tags | exploit, web
systems | cisco
advisories | CVE-2010-1575, CVE-2010-1576
MD5 | 797c8a38bb53ab5306f8eb704417e228
Posted May 17, 2006
Authored by George D. Gal

For each HTTP request the Cisco PIX or other Cisco device forwards individual packets to Websense to determine whether or not the request should be permitted. However, when splitting the HTTP request into two or more packets on the HTTP method it is possible to circumvent the filtering mechanism. Affected versions are Websense 5.5.2, Cisco PIX OS / ASA versions below, Cisco PIX OS versions below 6.3.6(112), FWSM 2.3.x, and FWSM 3.x.

tags | advisory, web
systems | cisco
advisories | CVE-2006-0515
MD5 | e4117b7343ffc213b150f115207bd0a9
Page 1 of 1

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By