Twenty Year Anniversary
Showing 1 - 9 of 9 RSS Feed

Files from Alfredo Ortega

First Active2006-12-15
Last Active2018-05-16
Signal Desktop HTML Tag Injection Variant 2
Posted May 16, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro, Matt Bryant

This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

tags | exploit, proof of concept
advisories | CVE-2018-11101
MD5 | 660bd6347ef764f0453a90d36941066a
Signal Desktop HTML Injection
Posted May 15, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro

Signal Desktop suffers from an HTML injection vulnerability.

tags | exploit
advisories | CVE-2018-10994
MD5 | 6ba6cba9579d623f07767c74079873cb
Core Security Technologies Advisory 2008.1127
Posted Dec 9, 2008
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - Vinagre is a VNC client for the GNOME Desktop. A format string error has been found on the 'vinagre_utils_show_error()' function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user. Proof of concept code included.Versions 2.24.1 and below are affected.

tags | exploit, web, arbitrary, proof of concept
MD5 | 283543f20948ec3d0633251b9ba6ce8e
Core Security Technologies Advisory 2008.0425
Posted Jun 5, 2008
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - The NASA BigView package suffers from a stack buffer overflow when parsing specially crafted (invalid) PNM input files. If successful, a malicious third party could trigger execution of arbitrary code within the context of the application, or otherwise crash the whole application.

tags | exploit, overflow, arbitrary
advisories | CVE-2008-2542
MD5 | f3bb46112a00e3dca32ab1e3bf3cc30c
Core Security Technologies Advisory 2008.0326
Posted May 5, 2008
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - NASA's Common Data Format library suffers from a buffer overflow vulnerability. CDF versions 3.2 and earlier are vulnerable.

tags | exploit, overflow
advisories | CVE-2008-2080
MD5 | e7ba30ef761ce1c7ccb9bff13ce3e94f
Core Security Technologies Advisory 2007.1219
Posted Jan 28, 2008
Authored by Core Security Technologies, Alfredo Ortega, Damian Frizza | Site coresecurity.com

Core Security Technologies Advisory - The Firebird database manager contains an integer overflow in the processing of certain tags on the XDR protocol used for communication with the server. Version vulnerable include Firebird SQL 1.0.3 and before, 1.5.5 and before, 2.0.3 and before, and 2.1.0 Beta 2 and before.

tags | exploit, overflow, protocol
advisories | CVE-2008-0387
MD5 | ac209dad40c1355525544bb9deffc4b0
Core Security Technologies Advisory 2007.1106
Posted Jan 7, 2008
Authored by Core Security Technologies, Alfredo Ortega, Oren Isacson | Site coresecurity.com

Core Security Technologies Advisory - The vdccm daemon from SynCE version 0.92 is susceptible to a remote command injection vulnerability. Proof of concept code included.

tags | exploit, remote, proof of concept
MD5 | 1655c1e06c6c7900d54c01c00c885bc4
Core Security Technologies Advisory 2007.0219
Posted Mar 14, 2007
Authored by Core Security Technologies, Gerardo Richarte, Alfredo Ortega, Mario Vilas | Site coresecurity.com

Core Security Technologies Advisory - The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in remote execution of arbitrary code at the kernel level on the vulnerable systems and/or a remote denial of service condition. Affected systems include OpenBSD 4.1 prior to Feb. 26th, 2006, OpenBSD 4.0 Current, OpenBSD 4.0 Stable, OpenBSD 3.9, OpenBSD 3.8, OpenBSD 3.6, and OpenBSD 3.1. Proof of concept exploit included.

tags | exploit, remote, denial of service, arbitrary, kernel, proof of concept
systems | openbsd
advisories | CVE-2007-1365
MD5 | f37a6332b213078f5620d3413f0db749
Core Security Technologies Advisory 2006.1127
Posted Dec 15, 2006
Authored by Core Security Technologies, Alfredo Ortega | Site coresecurity.com

Core Security Technologies Advisory - A locally exploitable stack overflow vulnerability has been found in the mod_ctrls module of ProFTPD server. ProFTPD versions 1.3.0a and 1.3.0 are affected.

tags | advisory, overflow
MD5 | 6096a9dd5e3ec88cb5749723f3b93f9c
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close