exploit the possibilities
Showing 1 - 25 of 32 RSS Feed

Files from Hanno Boeck

Email addressmail at hboeck.de
First Active2007-03-14
Last Active2017-06-13
GStreamer gst-plugins-bad NULL Pointer Dereference
Posted Jun 13, 2017
Authored by Hanno Boeck

GStreamer suffers from a null pointer dereference vulnerability in the gst-plugins-bad plugin.

tags | exploit
advisories | CVE-2016-9813
MD5 | 8e651e06a9c9c81fd6fc3cc6be298707
Courier Heap Overflow / Out Of Bounds Read Access
Posted Jun 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Courier mail server versions before 0.75 suffer from out of bounds read access and heap overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | c1c0df32acb8ba606085012203b1f8be
Wireshark Heap Overflow
Posted May 14, 2015
Authored by Hanno Boeck | Site hboeck.de

Wireshark versions prior to 1.12.5 suffer from a heap overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2015-3815
MD5 | e948ec9f69141043f623a5219b4195ec
SQLite 3.89 Heap Overflow
Posted May 12, 2015
Authored by Hanno Boeck | Site hboeck.de

SQLite version 3.8.9 suffers from two read heap overflow errors.

tags | advisory, overflow
MD5 | 24f5ad7dbdc43046ad009aa8833dd824
libtasn1 Heap Overflow
Posted May 1, 2015
Authored by Hanno Boeck | Site hboeck.de

Fuzzing GnuTLS, it was discovered that a malformed certificate input sample would cause a heap overflow read of 99 bytes in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

tags | advisory, overflow
MD5 | 1efcb67683ea76bca3f30eb9e4cc0311
libtasn1 Stack Write Overflow
Posted Mar 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Fuzzing libtasn1 led to the discovery of a stack write overflow in the function _asn1_ltostr (file parser_aux.c). It overflows a temporary buffer variable on certain inputs.

tags | advisory, overflow
MD5 | 3e26f04e6b86ede33eb62fb437cb37d5
less Out Of Bounds Read Access
Posted Dec 2, 2014
Authored by Hanno Boeck | Site hboeck.de

An out of bounds read access in the UTF-8 decoding can be triggered with a malformed file in the tool less.

tags | advisory
MD5 | 85dda24e891f4b59cba49cdb41729e55
ImageMagick Out-Of-Bounds Read / Heap Overflow
Posted Nov 4, 2014
Authored by Hanno Boeck | Site hboeck.de

ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.

tags | advisory, overflow
advisories | CVE-2014-8354, CVE-2014-8355, CVE-2014-8561, CVE-2014-8562
MD5 | e1ff855f01c65563219957c5d0ebf816
PowerArchiver Insecure PKZIP Encryption
Posted Mar 13, 2014
Authored by Hanno Boeck | Site hboeck.de

PowerArchiver version 14.02.03 creates files with an insecure encryption method even if the user selects a (secure) AES encryption in the GUI. If a user clicks on the "Encrypt Files" and selects "AES 256-bit" for encryption, the outcoming file will not be AES-encrypted. It will instead use the legacy PKZIP encryption, which uses a broken encryption algorithm.

tags | advisory
advisories | CVE-2014-2319
MD5 | 16046dfa310f5e0f62b3975be478f38b
PHPList 2.10.12 Cross Site Request Forgery
Posted Apr 7, 2011
Authored by Hanno Boeck | Site hboeck.de

PHPList versions 2.10.12 and below suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2011-0748
MD5 | 13285ebf59fd007df62537b069149d6c
O2 Classic Router Cross Site Request Forgery / Cross Site Scripting
Posted Apr 7, 2011
Authored by Hanno Boeck | Site hboeck.de

O2 Classic Router suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2010-1482, CVE-2011-0746
MD5 | 1ea026f943f7ff3803093336465d541a
CMS Made Simple Cross Site Scripting
Posted May 8, 2010
Authored by Hanno Boeck | Site hboeck.de

CMS Made Simple versions 1.7.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-1482
MD5 | 480ad2827d9c90ecc0c20a0b82857006
Pmwiki Cross Site Scripting
Posted May 8, 2010
Authored by Hanno Boeck | Site hboeck.de

Pmwiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-1481
MD5 | e5158fbff504a99aee511439b4e117c5
Joomla Session Hijacking
Posted Dec 16, 2008
Authored by Hanno Boeck | Site hboeck.de

Joomla fails to set the secure flag in the session cookie allowing the possibility of a session getting hijacked.

tags | advisory
advisories | CVE-2008-4122
MD5 | 95fbf04625986e8c49609ed85150cbae
drupal-hijack.txt
Posted Sep 20, 2008
Authored by Hanno Boeck | Site hboeck.de

Drupal CMS fails to set the secure flag in the session cookie allowing for session hijacking.

tags | advisory
advisories | CVE-2008-3661
MD5 | 0d2d91a8c0bb6ed4aa82b2d10b5a3e49
menalto-hijack.txt
Posted Sep 18, 2008
Authored by Hanno Boeck | Site hboeck.de

Menalto Gallery versions prior to 2.2.6 failed to set the secure flag in the session cookie allowing for session hijacking.

tags | advisory
advisories | CVE-2008-3662
MD5 | 5ca9b6c1b89eabfdbe1d2e4f5b14b032
clamav-chm.txt
Posted Sep 4, 2008
Authored by Hanno Boeck | Site hboeck.de

A fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited.

tags | advisory
advisories | CVE-2008-1389
MD5 | c8b9acfe29e5a5daeac2e3016acef2b1
s9y-xss.txt
Posted Apr 23, 2008
Authored by Hanno Boeck | Site hboeck.de

Serendipity version 1.3 suffers from cross site scripting vulnerabilities in the referrer plugin and installer.

tags | exploit, vulnerability, xss
advisories | CVE-2008-1385, CVE-2008-1386
MD5 | 34d7a4ec4c8ab830966a77284d03bbc2
CVE-2008-1387-clamav.txt
Posted Apr 15, 2008
Authored by Hanno Boeck | Site hboeck.de

Clam-AV versions below 0.93 suffer from an endless loop vulnerability when handling specially crafted ARJ files.

tags | advisory
advisories | CVE-2008-1387
MD5 | d569a215b87202920f4d03ae2ff5ec92
phpstats0.1-xss.txt
Posted Mar 18, 2008
Authored by Hanno Boeck | Site hboeck.de

PHP-Stats version 0.1_alpha appears to suffer from a cross site scripting vulnerability in phpstats.php.

tags | exploit, php, xss
advisories | CVE-2008-0125
MD5 | 3f94115fa562a3a9aac1464212dde058
CVE-2008-0124-s9y.txt
Posted Feb 26, 2008
Authored by Hanno Boeck | Site hboeck.de

Serendipity (S9Y) is vulnerable to cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2008-0124
MD5 | 85e03397b4a76fadb8bb598544eeabb0
moodleinstall-xss.txt
Posted Jan 12, 2008
Authored by Hanno Boeck | Site hboeck.de

Moodle versions below 1.8.4 suffer from a cross site scripting vulnerability in the installer code.

tags | exploit, xss
advisories | CVE-2008-0123
MD5 | 07101c5967bd57438fd39a130ed5c2eb
serendipity-xss.txt
Posted Dec 11, 2007
Authored by Hanno Boeck | Site hboeck.de

The Serendipity blog system contains a plugin to display the content of feeds in the sidebar (serendipity_plugin_remoterss). If an attacker can modify the RSS feed, it is possible to inject javascript code in the link part, because it is not correctly escaped. Versions below 1.2.1 are affected.

tags | exploit, javascript, xss
advisories | CVE-2007-6205
MD5 | b821d6ea55e23f0392f1f8a833a17acd
freewvs-0.1.tar.bz2
Posted Nov 15, 2007
Authored by Hanno Boeck | Site source.schokokeks.org

Freewvs is a tool to search web roots for known vulnerable versions of web applications.

tags | tool, web, root, scanner
systems | unix
MD5 | 878057eefc3b081dfa68944923c31aaa
CVE-2007-3694-bm.txt
Posted Nov 13, 2007
Authored by Hanno Boeck | Site hboeck.de

Broadcast Machine is susceptible a cross site scripting vulnerability in the login form.

tags | exploit, xss
advisories | CVE-2007-3694
MD5 | af5ef361335a152dc3da006e882a4a6d
Page 1 of 2
Back12Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    7 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close