exploit the possibilities
Showing 1 - 25 of 157 RSS Feed

Files from Tavis Ormandy

Email addresstaviso at google.com
First Active2006-10-09
Last Active2020-06-01
Avast Array.prototype.toString Out-Of-Bounds Copy
Posted Jun 1, 2020
Authored by Tavis Ormandy, Google Security Research

Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.

tags | exploit
MD5 | 59b15e0413a1cb080644249586af9699
SecureCRT Memory Corruption
Posted May 15, 2020
Authored by Tavis Ormandy, Google Security Research

SecureCRT suffers from a memory corruption vulnerability in CSI functions.

tags | exploit
advisories | CVE-2020-12651
MD5 | e90a6d22c2cdbe99b5796b3c3e382581
systemd-machined Incorrect Reference Decrement
Posted Feb 7, 2020
Authored by Tavis Ormandy, Google Security Research

systemd has an issue in systemd-machined where it decrements the reference count when references are still held.

tags | exploit
MD5 | 892461d03b79e21e6c1303c5d998422e
Grub2 grub2-set-bootflag Environment Corruption
Posted Nov 27, 2019
Authored by Tavis Ormandy, Google Security Research

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

tags | exploit
systems | linux, fedora
MD5 | 521fcef9f7dbf428929332a5f1ece053
Visual Studio Code Remote Debugger Enabled
Posted Oct 11, 2019
Authored by Tavis Ormandy, Google Security Research

Visual Studio Code enables its remote debugger by default when installed.

tags | exploit, remote
MD5 | e2bed7919efd579b180ac1c498c16541
LastPass Credential Leak From Previous Site
Posted Sep 16, 2019
Authored by Tavis Ormandy, Google Security Research

LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.

tags | exploit
MD5 | 868ccacf1a79234f0073d4e84c526158
msctf Text Services Framework Design Flaws
Posted Aug 13, 2019
Authored by Tavis Ormandy, Google Security Research

msctf in the Text Services Framework suffers from multiple design flaws that can lead to things like UIPI bypass and interfering with processes.

tags | exploit
MD5 | 189c76e3be251b75e5537879968164e9
SymCrypt Infinite Loop
Posted Jun 12, 2019
Authored by Tavis Ormandy, Google Security Research

There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.

tags | exploit
MD5 | 90963ad9f841cc0101c717a81a229464
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Posted Apr 19, 2019
Authored by Tavis Ormandy, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on: systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).

tags | exploit, arbitrary, root
systems | linux, fedora
advisories | CVE-2010-4170
MD5 | b8d10e29a77409ce1871a790dad33d49
GnuTLS verify_crt() Use-After-Free
Posted Mar 27, 2019
Authored by Tavis Ormandy, Google Security Research

This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines in GnuTLS.

tags | exploit
MD5 | ccebe291a8ca3ffea320b528513b5f23
NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash
Posted Mar 21, 2019
Authored by Tavis Ormandy, Google Security Research

NSS suffers from a NULL dereference issue when parsing Netscape Certificate Sequences in CERT_DecodeCertPackage().

tags | exploit
MD5 | 35138609aae47bba66dfd5eb881a1aa8
MatrixSSL x.509 Certificate Verification Stack Buffer Overflow
Posted Feb 21, 2019
Authored by Tavis Ormandy, Google Security Research

MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.

tags | exploit, overflow
MD5 | af74f61a0e0930cd9ea350d669953baf
Ghostscript Pseudo-Operator Remote Code Execution
Posted Jan 23, 2019
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.

tags | exploit, remote, code execution
advisories | CVE-2019-6116
MD5 | e54b142d6e973b2eeff15f79436c06e9
Razer Cortex Debugger Remote Command Execution
Posted Dec 17, 2018
Authored by Tavis Ormandy, Google Security Research

Razer Cortex has a CEF debugger stub enabled by default allowing arbitrary remote command execution.

tags | exploit, remote, arbitrary
MD5 | 1d2152a1c114ec3e8cfb933b419a219c
Logitech Options Craft WebSocket Server Missing Authentication
Posted Dec 12, 2018
Authored by Tavis Ormandy, Google Security Research

The Logitech "Options" craft websocket server has no authentication.

tags | advisory
MD5 | 351cebf77410e506f6772f6e57f6204e
Ubuntu Ghostscript Failed Fix
Posted Nov 30, 2018
Authored by Tavis Ormandy, Google Security Research

The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2018-16510
MD5 | bf60fb38f298c008133783e5223c3485
Ghostscript 1Policy Dangerous Access To Operator
Posted Oct 18, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.

tags | advisory
advisories | CVE-2018-18284
MD5 | f6013aa13df201f50c343927fca57dcd
Ghostscript .loadfontloop Exposed System Operators
Posted Oct 15, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.

tags | advisory
MD5 | 8ee6daa56e7b3cbcf912ca5433934a03
Ghostscript executeonly Bypass
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an executeonly bypass with errorhandler setup.

tags | exploit
advisories | CVE-2018-17961
MD5 | de8be7c4957ab4b3c8a37259c65b3c84
gsview -dSAFER Not Used
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

gsview does not run -dSAFER, allowing for the execution of arbitrary code.

tags | advisory, arbitrary
MD5 | bc269c0811f9b687fc29e4ed1a486a78
Ghostscript Exposed System Operators
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue where an error object can expose system operators in the saved execution stack.

tags | advisory
advisories | CVE-2018-18073
MD5 | f076ce456ca16868992ed63958eaa396
Ghostscript Failed Restore Command Execution
Posted Sep 6, 2018
Authored by Tavis Ormandy, wvu | Site metasploit.com

This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscript.

tags | exploit, arbitrary
advisories | CVE-2018-16509
MD5 | e1336336af62bb506d362910f0cca41f
Ghostscript Command Execution / File Disclosure / Memory Corruption
Posted Aug 23, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from file disclosure, shell command execution, memory corruption, and type confusion bugs.

tags | exploit, shell
MD5 | 1bbaaab44336f199ff5bab7ea5351935
FromDocToPdf Browser History Disclosure
Posted Apr 17, 2018
Authored by Tavis Ormandy, Google Security Research

FromDocToPdf exposes browsing history to all websites.

tags | advisory
MD5 | a8432820a6f1a3e3079881f89fa100f9
Video Downloader Universal Cross Site Scripting
Posted Apr 6, 2018
Authored by Tavis Ormandy, Google Security Research

The Video Downloader Chrome extension suffers from a universal cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7773a2a48a1659869a5f513b21355dfb
Page 1 of 7
Back12345Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close