what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files from Timothy D. Morgan

Email addresstmorgan at vsecurity.com
First Active2007-05-03
Last Active2017-02-24
Java / Python FTP URL Handling XXE / SSRF
Posted Feb 24, 2017
Authored by Timothy D. Morgan

Java and Python both have URL handling code that can be leveraged for XML external entity (XXE) injection and SSRF attacks.

tags | advisory, java, python, xxe
MD5 | b46f35be652c08f2529c29a9fccd6755
Python urllib HTTP Header Injection
Posted Jun 16, 2016
Authored by Timothy D. Morgan

Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme.

tags | exploit, web, protocol, python
MD5 | ca041924a3e7ed37da6b0480373af01a
XML Schema, DTD, And Entity Attacks
Posted May 22, 2014
Authored by Timothy D. Morgan | Site vsecurity.com

The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.

tags | paper, vulnerability
MD5 | 0824384b1cb8559eb52570b897ac8f6a
PayPal Padding Oracle Flaw
Posted Sep 3, 2013
Authored by Timothy D. Morgan | Site vsecurity.com

The main PayPal web site sets a cookie named "aksession" which contains a blob of base64-encoded ciphertext. This ciphertext is encrypted using a 64-bit block cipher in CBC mode and does not have any other integrity protection. Naturally, this means the aksession cookie is vulnerable to a padding oracle attack allowing full decryption and forgery.

tags | advisory, web
MD5 | bfaf04a83027847f929a3381861996bc
IBM WebSphere Commerce Padding Oracle Attacks
Posted Jun 19, 2013
Authored by George D. Gal, Timothy D. Morgan | Site vsecurity.com

In February 2013, VSR identified a vulnerability in the IBM WebSphere Commerce framework which could allow an attacker to tamper with values stored in the "krypto" URL parameter. This parameter is encrypted with a block cipher without any independent integrity protection. This, combined with observed application behavior, allows for padding oracle attacks which can be used to decrypt the krypto token and forge new tokens with arbitrary embedded parameters.

tags | advisory, arbitrary
advisories | CVE-2013-0523
MD5 | 3c38b0c9d639c49e3902b05612570972
Libraptor XXE In RDF/XML File Interpretation
Posted Mar 24, 2012
Authored by Timothy D. Morgan | Site vsecurity.com

VSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products.

tags | advisory
advisories | CVE-2012-0037
MD5 | 3e6d60ab820b0e5bea02963d8cac4740
OpenOffice.org Data Leakage
Posted Mar 23, 2012
Authored by Timothy D. Morgan | Site apache.org

An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.

tags | advisory, xxe
advisories | CVE-2012-0037
MD5 | 151237e4e5475ac81f0b89e30fba0e55
RegLookup Registry Parser 1.0.0
Posted Jun 20, 2011
Authored by Timothy D. Morgan | Site projects.sentinelchicken.org

RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.

Changes: SK records and security descriptors are now accessible in pyregfi. Key caching was added to regfi, and SK caching was reintroduced. Minor API simplifications were made and documentation was improved. Numerous bugs were fixed.
tags | registry
systems | windows, unix, nt
MD5 | 1fb1eea7435d368a91ade8c4016b5be6
RegLookup Registry Parser 0.99.0
Posted May 2, 2011
Authored by Timothy D. Morgan | Site projects.sentinelchicken.org

RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.

Changes: This 1.0 release candidate contains major improvements to regfi usability. regfi was made a proper library, and major improvements were made to the API. Python bindings (pyregfi) were added for regfi. The Make-based build system was replaced with a SCons-based one. Numerous improvements were made in regfi for multithreaded use and memory management. API documentation was improved.
tags | registry
systems | windows, unix, nt
MD5 | c86d45b55756ed754c04db13f7eac408
WebLogic Plugin HTTP Injection Via Encoded URLs
Posted Jul 14, 2010
Authored by George D. Gal, Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.

tags | exploit, web
advisories | CVE-2010-2375
MD5 | 9764aaeda5a938776e77b9f8161323a8
Tandberg VCS Authentication Bypass
Posted Apr 12, 2010
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - On December 2nd, VSR identified an authentication bypass vulnerability in TANDBERG's Video Communication Server, firmware version x4.2.1. This vulnerability allows for the complete bypass of authentication in the administrative web console. Since this web interface can be used to execute arbitrary code on the appliance as root (via software updates), the severity is considered critical.

tags | advisory, web, arbitrary, root, bypass
advisories | CVE-2009-4509
MD5 | f13444c6d65951ca345e4b05a6f79965
Tandberg VCS Arbitrary File Retrieval
Posted Apr 12, 2010
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - On December 3rd, VSR identified a directory traversal and file retrieval vulnerability in the TANDBERG's Video Communication Server. This issue would allow an authenticated attacker (who has access as an administrator or less privileged user on the web administration interface) to retrieve files from the filesystem which are readable by the "nobody" system user.

tags | exploit, web
advisories | CVE-2009-4511
MD5 | f586837c0c3b5fd0fd090fd5f8a9d454
Tandberg VCS Static SSH Host Keys
Posted Apr 12, 2010
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - On December 2nd, VSR identified a SSH service authentication weakness vulnerability in the TANDBERG's Video Communication Server. This issue would allow an attacker with privileged network access to conduct server impersonation and man-in-the-middle attacks on administrator SSH sessions. Successful attacks could yield shell access to vulnerable appliances.

tags | advisory, shell
advisories | CVE-2009-4510
MD5 | aaab92619545376ade437a1fdb3dce9b
RegLookup Register Parser 0.12.0
Posted Mar 9, 2010
Authored by Timothy D. Morgan | Site projects.sentinelchicken.org

RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.

Changes: Big data support was improved and added to reglookup-recover. A -i option was added to reglookup for assisting with timeline generation. Unicode support was improved by correctly interpreting UTF-16LE key and value names. Data type interpretation was moved into regfi, and the regfi library interface was reorganized. regfi documentation was improved and Doxygen formatting was added.
tags | registry
systems | windows, nt
MD5 | 7fa5bd1f55f3f8345952bf6a03ef2e1a
Chrome Password Manager Cross Origin Weakness
Posted Feb 16, 2010
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - In mid-January, VSR identified a vulnerability in Google Chrome which could be used in phishing attacks in specific types of web sites. This issue may make it much easier to convince a victim to submit web application credentials to the attacker's site.

tags | advisory, web
advisories | CVE-2010-0556
MD5 | cc80c14cdde56d4b987f9bd1d621ad47
Weaning The Web Off Of Session Cookies
Posted Jan 27, 2010
Authored by Timothy D. Morgan | Site vsecurity.com

Whitepaper called Weaning The Web Off Of Session Cookies. It compares the security weaknesses and usability limitations of both cookie-based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice.

tags | paper, web
MD5 | 9469a3766c681c802663697fe6cb6347
JWS-props.txt
Posted Dec 4, 2008
Authored by Timothy D. Morgan | Site vsecurity.com

VSR identified a vulnerability in Java Web Start related to the execution of privileged applications. This flaw could allow an attacker to execute arbitrary code on a victim system if a user could be convinced to visit a malicious web site.

tags | advisory, java, web, arbitrary
advisories | CVE-2008-2086
MD5 | 995e5858c19c3cf0bcb952a0f98f20bf
afflib-overflows.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple buffer overflows exist in AFFLIB version 2.2.0. Earlier versions may also be affected.

tags | advisory, overflow
advisories | CVE-2007-2053
MD5 | 446352877e3aa73c1f54b3318d5ff7be
afflib-toctou.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - A Time-of-Check-Time-of-Use file race condition exists in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory
advisories | CVE-2007-2056
MD5 | 0c56679cd5d6f442117bbe96db6ea730
afflib-shellinject.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple shell metacharacter injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory, shell, vulnerability
advisories | CVE-2007-2055
MD5 | 250aadb801be2ae9dd1d5c05882b2ec4
afflib-fmtstr.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple format string injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory, vulnerability
advisories | CVE-2007-2054
MD5 | f5720e6ca358ef67b2fbb4e58f26fd49
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close