what you don't know can hurt you
Showing 1 - 25 of 33 RSS Feed

Files from Stefan Cornelius

First Active2007-06-29
Last Active2012-07-10
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Posted Jul 10, 2012
Authored by Stefan Cornelius, sinn3r, juan vazquez, littlelightlittlefire, mihi | Site metasploit.com

This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.

tags | exploit
advisories | CVE-2012-1723, OSVDB-82877
MD5 | 94d1b02973615daa0c50e2dd0f511b93
Cyrus IMAPd NTTP Authentication Bypass
Posted Oct 5, 2011
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused by an error in the authentication mechanism of the NNTP server. This can be exploited to bypass the authentication process and execute commands intended for authenticated users only by sending an "AUTHINFO USER" command without a following "AUTHINFO PASS" command. Versions 2.4.10 and 2.4.11 are affected.

tags | advisory
MD5 | bdc245287c58d035977407b17f525b1b
KDE Okular PDB Parsing RLE Decompression Buffer Overflow
Posted Aug 26, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KDE Okular, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error within the RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/unpluck/image.cpp. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDB file. Version 4.4.5 is affected.

tags | advisory, overflow
advisories | CVE-2010-2575
MD5 | 4206064fb3450a30a10689d42f8e9717
Mono libgdiplus Image Processing Three Integer Overflows
Posted Aug 24, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered three integer overflow vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. Version 2.6.7 is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2010-1526
MD5 | edd8180baf4f75f6b26ee4e642069834
SWFTools Two Integer Overflows
Posted Aug 13, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the "getPNG()" function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the "jpeg_load()" function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.

tags | advisory, overflow, vulnerability
advisories | CVE-2010-1516
MD5 | 449024581463936d88d1336bcdf8f8cd
Ziproxy Two Integer Overflow Vulnerabilities
Posted May 25, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered two vulnerabilities in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system. An integer overflow within the "jpg2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images. An integer overflow within the "png2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. Ziproxy version 3.0.0 is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2010-1513
MD5 | e4aabda878242182c10ebbe6fb429698
Orbit Downloader metalink "name" Directory Traversal
Posted May 20, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.

tags | advisory
MD5 | 9bf1696f33e4255c295cdf8d7557b96c
aria2 metalink "name" Directory Traversal Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.

tags | advisory
advisories | CVE-2010-1512
MD5 | 8a22c61c138639b9792910d307904f0d
Free Download Manager metalink "name" Directory Traversal
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The "name" attribute of the "file" element of metalink files is not properly sanitised before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Free Download Manager version 3.0 build 850 is affected.

tags | advisory
advisories | CVE-2010-0999
MD5 | 6a6ed6b4d16c3e2e5da57f216df52d68
Free Download Manager Four Buffer Overflow Vulnerabilities
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered four vulnerabilities in Free Download Manager, which can be exploited by malicious people to compromise a user's system. Free Download Manager version 3.0 build 850 is affected.

tags | advisory, vulnerability
advisories | CVE-2010-0998
MD5 | e4107f8f7aff093286d9da965cbb3133
KDE KGet metalink "name" Directory Traversal Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to KGet not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. KDE version 4.4.2 is affected.

tags | advisory
advisories | CVE-2010-1000
MD5 | 3305045279517e7f1a37b710180a597d
KDE KGet Insecure File Operation Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused by KGet downloading files without the user's acknowledgment, overwriting existing files of the same name when displaying a dialog box that allows a user to choose the file to download out of the options offered by a metalink file. KDE version 4.4.2 is affected.

tags | advisory
advisories | CVE-2010-1511
MD5 | a18d2589a2ed398500a429606f2e9904
IrfanView PSD RLE Decompression Buffer Overflow
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing certain RLE compressed PSD images and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1510
MD5 | c459eb16eb6d204e377978b43457b810
IrfanView PSD Image Parsing Sign-Extension Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when processing certain PSD images, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1509
MD5 | 1d02a239b656c9b47420d49aa0503894
Internet Download Manager FTP Buffer Overflow
Posted Apr 30, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when sending certain test sequences to an FTP server. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading a file from a specially crafted FTP URI. Successful exploitation allows execution of arbitrary code. Internet Download Manager version 5.18 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-0995
MD5 | 3c4375824800f2b5512b3eddcbc4331b
imlib2 "IMAGE_DIMENSIONS_OK()" Logic Error
Posted Apr 22, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in imlib2, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a logic error within the "IMAGE_DIMENSIONS_OK()" macro in src/lib/image.h. This can be exploited to cause heap-based buffer overflows via e.g. specially crafted ARGB, XPM, and BMP image files.

tags | advisory, overflow
advisories | CVE-2010-0991
MD5 | 7c12c62fa341ea3a6ab8bc44b2a0f180
XnView DICOM Parsing Integer Overflow
Posted Mar 11, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected.

tags | advisory, overflow
advisories | CVE-2009-4001
MD5 | 06aae772fe010c07ca5d04fd20ac13e2
DevIL DICOM GetUID() Buffer Overflow
Posted Dec 5, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a boundary error within the "GetUID()" function in src-IL/src/il_dicom.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file in an application using the library. The vulnerability is confirmed in version 1.7.8. Other versions may also be affected.

tags | advisory, overflow
advisories | CVE-2009-3994
MD5 | 58714520d3876effb9f18755329c2f3d
Gimp PSD Image Parsing Integer Overflow
Posted Nov 18, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.

tags | advisory, overflow
advisories | CVE-2009-3909
MD5 | 386e572c3ff9889366d1e2085c1d0e06
Gimp BMP Image Parsing Integer Overflow
Posted Nov 18, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "ReadImage()" function in plug-ins/file-bmp/bmp-read.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted BMP file. Version 2.6.7 is affected.

tags | advisory, overflow
advisories | CVE-2009-1570
MD5 | 3dabb0a7395d955c0d3e07a1ba13e642
Secunia - IrfanView Formats Integer Overflow
Posted Apr 7, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in version 4.22, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.

tags | advisory, overflow
advisories | CVE-2009-0197
MD5 | 176a384654d3a2af79e25045ad3ab1b2
Secunia - ksquirrel-libs Radiance RGBE Buffer Overflows
Posted Feb 25, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered some buffer overflows ksquirrel-libs, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "mt_codec::getHdrHead()" function in kernel/kls_hdr/fmt_codec_hdr.cpp, which can be exploited to cause stack-based buffer overflows by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Version 0.8.0 is affected.

tags | advisory, overflow, kernel, vulnerability
advisories | CVE-2008-5263
MD5 | 2d62b3f35db85dee2a1ad160a43353b7
Secunia - SHOUTcast DNAS Relay Buffer Overflow
Posted Feb 25, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in SHOUTcast DNAS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when receiving data from a relay master server. This can be exploited to overflow a static buffer by tricking a SHOUTcast admin into setting up a server to act as relay for a malicious server. Successful exploitation allows to e.g. overwrite the password of the web administration interface. Version 1.9.8 is affected.

tags | advisory, web, overflow
MD5 | 4f013be57abc3ad84ed62019f85a0932
Secunia - Orbit Downloader Buffer Overflow
Posted Feb 25, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when generating the "Connecting" log message for HTTP downloads. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading from a malicious HTTP server or opening a specially crafted HTTP URL containing an overly long host name. Successful exploitation allows execution of arbitrary code. Orbit Downloader versions 2.8.2 and 2.8.3 are vulnerable.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2009-0187
MD5 | 1549f884d3cbf6fade719a7e7dbf7df9
OpenSG Radiance RGBE Buffer Overflow
Posted Jan 21, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in OpenSG, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "HDRImageFileType::checkHDR()" function in Source/System/Image/ OSGHDRImageFileType.cpp, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
MD5 | 0067bce449d99bdc3c90ab7a2e162950
Page 1 of 2
Back12Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close