what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files from Alfredo Ortega

First Active2006-12-15
Last Active2018-05-16
Signal Desktop HTML Tag Injection Variant 2
Posted May 16, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro, Matt Bryant

This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

tags | exploit, proof of concept
advisories | CVE-2018-11101
SHA-256 | 5f9aa1e1147648a40479bc5b43a72f60f8b6d73aedadd62e3613fc7f5288b2b5
Signal Desktop HTML Injection
Posted May 15, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro

Signal Desktop suffers from an HTML injection vulnerability.

tags | exploit
advisories | CVE-2018-10994
SHA-256 | 7342445a2a81bafeda692b4072a1691a6690f325366e6a19c447cb00b1ecd5e3
Core Security Technologies Advisory 2008.1127
Posted Dec 9, 2008
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - Vinagre is a VNC client for the GNOME Desktop. A format string error has been found on the 'vinagre_utils_show_error()' function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user. Proof of concept code included.Versions 2.24.1 and below are affected.

tags | exploit, web, arbitrary, proof of concept
SHA-256 | 3e17538dd72cc925a9aa97a372aec9f82e566dd73c6ec01b5df998cf7ed1b783
Core Security Technologies Advisory 2008.0425
Posted Jun 5, 2008
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - The NASA BigView package suffers from a stack buffer overflow when parsing specially crafted (invalid) PNM input files. If successful, a malicious third party could trigger execution of arbitrary code within the context of the application, or otherwise crash the whole application.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-2542
SHA-256 | e485520020981d3b3ed65b4b395b30ad8f4b39e901af7cdacb5e619551524084
Core Security Technologies Advisory 2008.0326
Posted May 5, 2008
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - NASA's Common Data Format library suffers from a buffer overflow vulnerability. CDF versions 3.2 and earlier are vulnerable.

tags | exploit, overflow
advisories | CVE-2008-2080
SHA-256 | 6403648bcce3ca7a5c2552a8a172062ded855abbee671444f823f2bf228073af
Core Security Technologies Advisory 2007.1219
Posted Jan 28, 2008
Authored by Core Security Technologies, Alfredo Ortega, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - The Firebird database manager contains an integer overflow in the processing of certain tags on the XDR protocol used for communication with the server. Version vulnerable include Firebird SQL 1.0.3 and before, 1.5.5 and before, 2.0.3 and before, and 2.1.0 Beta 2 and before.

tags | exploit, overflow, protocol
advisories | CVE-2008-0387
SHA-256 | 049362d5b2e4e09658272b9a1503df66c276926189db05c55ad7bfdb78bb1d0c
Core Security Technologies Advisory 2007.1106
Posted Jan 7, 2008
Authored by Core Security Technologies, Alfredo Ortega, Oren Isacson | Site coresecurity.com

Core Security Technologies Advisory - The vdccm daemon from SynCE version 0.92 is susceptible to a remote command injection vulnerability. Proof of concept code included.

tags | exploit, remote, proof of concept
SHA-256 | 686f2cf42763970f2eb071d3ad0b8654108f0faa3334bc4f61de9ff5409255cc
Core Security Technologies Advisory 2007.0219
Posted Mar 14, 2007
Authored by Core Security Technologies, Gerardo Richarte, Alfredo Ortega, Mario Vilas | Site coresecurity.com

Core Security Technologies Advisory - The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in remote execution of arbitrary code at the kernel level on the vulnerable systems and/or a remote denial of service condition. Affected systems include OpenBSD 4.1 prior to Feb. 26th, 2006, OpenBSD 4.0 Current, OpenBSD 4.0 Stable, OpenBSD 3.9, OpenBSD 3.8, OpenBSD 3.6, and OpenBSD 3.1. Proof of concept exploit included.

tags | exploit, remote, denial of service, arbitrary, kernel, proof of concept
systems | openbsd
advisories | CVE-2007-1365
SHA-256 | 2d5d5651f3ce213312cb165a62fc0f511f0b8d1488dfffa7ab49170738c88652
Core Security Technologies Advisory 2006.1127
Posted Dec 15, 2006
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - A locally exploitable stack overflow vulnerability has been found in the mod_ctrls module of ProFTPD server. ProFTPD versions 1.3.0a and 1.3.0 are affected.

tags | advisory, overflow
SHA-256 | d36acaee71f87bea897777e3ff93edf6478e47c07c9a9d32a58514040e1ae1cf
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close