exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files from Stefan Cornelius

First Active2007-06-29
Last Active2012-07-10
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Posted Jul 10, 2012
Authored by Stefan Cornelius, sinn3r, juan vazquez, littlelightlittlefire, mihi | Site metasploit.com

This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.

tags | exploit
advisories | CVE-2012-1723, OSVDB-82877
SHA-256 | d0f87e2217146b16aef1f52fdc1199e419212c967c36b2332599cb9bbc44e022
Cyrus IMAPd NTTP Authentication Bypass
Posted Oct 5, 2011
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused by an error in the authentication mechanism of the NNTP server. This can be exploited to bypass the authentication process and execute commands intended for authenticated users only by sending an "AUTHINFO USER" command without a following "AUTHINFO PASS" command. Versions 2.4.10 and 2.4.11 are affected.

tags | advisory
SHA-256 | a527d453cfb32475e8deb8f919bc978fc3f901cd5b277252506bccdd46d12b1f
KDE Okular PDB Parsing RLE Decompression Buffer Overflow
Posted Aug 26, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KDE Okular, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error within the RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/unpluck/image.cpp. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDB file. Version 4.4.5 is affected.

tags | advisory, overflow
advisories | CVE-2010-2575
SHA-256 | 8c7614ed1d10fc84857b0b29006d609762118b6119da09eab610cc7c6558b0de
Mono libgdiplus Image Processing Three Integer Overflows
Posted Aug 24, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered three integer overflow vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. Version 2.6.7 is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2010-1526
SHA-256 | ea9c0dd4e0ae6caef818713363a025771127f81ca5d4db62da1b8b3654b2e0ee
SWFTools Two Integer Overflows
Posted Aug 13, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. An integer overflow error within the "getPNG()" function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. An integer overflow error within the "jpeg_load()" function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.

tags | advisory, overflow, vulnerability
advisories | CVE-2010-1516
SHA-256 | 0ac4acaa34693c9c47c3dd9fce7cfc4554b9166403d11d3a10fa1521d9a9191c
Ziproxy Two Integer Overflow Vulnerabilities
Posted May 25, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered two vulnerabilities in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system. An integer overflow within the "jpg2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images. An integer overflow within the "png2bitmap()" function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. Ziproxy version 3.0.0 is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2010-1513
SHA-256 | 851e9952130f099d0edcb8f4fe028a7bca82ee0b035f4ac62192137852301972
Orbit Downloader metalink "name" Directory Traversal
Posted May 20, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected.

tags | advisory
SHA-256 | 5825ac39d755020d1305d07d57da443f669935047166133b4fe048ba2ff493bd
aria2 metalink "name" Directory Traversal Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.

tags | advisory
advisories | CVE-2010-1512
SHA-256 | 5db2e877b929448ce53fbaefcd4fe1dc429beb3e14f7b1dcec039f413a870480
Free Download Manager metalink "name" Directory Traversal
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The "name" attribute of the "file" element of metalink files is not properly sanitised before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Free Download Manager version 3.0 build 850 is affected.

tags | advisory
advisories | CVE-2010-0999
SHA-256 | 60c825619601682037a8558f5c997dc4b92f393d1622d48462b4a8dad92fde7a
Free Download Manager Four Buffer Overflow Vulnerabilities
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered four vulnerabilities in Free Download Manager, which can be exploited by malicious people to compromise a user's system. Free Download Manager version 3.0 build 850 is affected.

tags | advisory, vulnerability
advisories | CVE-2010-0998
SHA-256 | a7c535c78279767e6f7e01d49794419b36ad3c9b5fb60a3d1bcf78f26b853f28
KDE KGet metalink "name" Directory Traversal Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to KGet not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. KDE version 4.4.2 is affected.

tags | advisory
advisories | CVE-2010-1000
SHA-256 | 4753c3b2fd7ba990fce8cff97b3b26d9f9af9b4835f05f0238026d7fc09ec1ca
KDE KGet Insecure File Operation Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused by KGet downloading files without the user's acknowledgment, overwriting existing files of the same name when displaying a dialog box that allows a user to choose the file to download out of the options offered by a metalink file. KDE version 4.4.2 is affected.

tags | advisory
advisories | CVE-2010-1511
SHA-256 | 00f3b8e980ac034a80679c30c79ae908a7436b59928d9cc490152b17d823b990
IrfanView PSD RLE Decompression Buffer Overflow
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing certain RLE compressed PSD images and can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1510
SHA-256 | eb0045d8335d416396d4ea3020455da381eb50f86bb4463506df1c7146b6572d
IrfanView PSD Image Parsing Sign-Extension Vulnerability
Posted May 14, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when processing certain PSD images, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation may allow execution of arbitrary code. Version 4.25 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1509
SHA-256 | 0c62dba45771af84679292305942045e3e82e928d385b162cf38c58f700e5354
Internet Download Manager FTP Buffer Overflow
Posted Apr 30, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when sending certain test sequences to an FTP server. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading a file from a specially crafted FTP URI. Successful exploitation allows execution of arbitrary code. Internet Download Manager version 5.18 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-0995
SHA-256 | 56af8243c012b2993b884e0396af073ae6088b78ca52aa485de63621dbffa10c
imlib2 "IMAGE_DIMENSIONS_OK()" Logic Error
Posted Apr 22, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in imlib2, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a logic error within the "IMAGE_DIMENSIONS_OK()" macro in src/lib/image.h. This can be exploited to cause heap-based buffer overflows via e.g. specially crafted ARGB, XPM, and BMP image files.

tags | advisory, overflow
advisories | CVE-2010-0991
SHA-256 | 468d8120f75f67faa1343a7d1231b3d69caa8405116258fcbd1b58c624cfdefd
XnView DICOM Parsing Integer Overflow
Posted Mar 11, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected.

tags | advisory, overflow
advisories | CVE-2009-4001
SHA-256 | efa3ea2064ba6d18a4e149ff97e318e1885159d38d9d0c2bc5986a2d69036f67
DevIL DICOM GetUID() Buffer Overflow
Posted Dec 5, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a boundary error within the "GetUID()" function in src-IL/src/il_dicom.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file in an application using the library. The vulnerability is confirmed in version 1.7.8. Other versions may also be affected.

tags | advisory, overflow
advisories | CVE-2009-3994
SHA-256 | bef338476ab50b7b135a8f8a62a9fce7233fca04b978409af9cb476cd97ecad5
Gimp PSD Image Parsing Integer Overflow
Posted Nov 18, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.

tags | advisory, overflow
advisories | CVE-2009-3909
SHA-256 | d7ed67ca8048162c65807572876c20725ffeeafb25e10c4e521996f9876bd56c
Gimp BMP Image Parsing Integer Overflow
Posted Nov 18, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "ReadImage()" function in plug-ins/file-bmp/bmp-read.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted BMP file. Version 2.6.7 is affected.

tags | advisory, overflow
advisories | CVE-2009-1570
SHA-256 | 85f0dc9e18157639fcbd9378b0285371a6aa9be92f500f354cfb55b30a5693ba
Secunia - IrfanView Formats Integer Overflow
Posted Apr 7, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in version 4.22, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.

tags | advisory, overflow
advisories | CVE-2009-0197
SHA-256 | 6353310b973c85424bb98e6be658d9995c4aa4e06a23fd615418d3a85048220e
Secunia - ksquirrel-libs Radiance RGBE Buffer Overflows
Posted Feb 25, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered some buffer overflows ksquirrel-libs, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "mt_codec::getHdrHead()" function in kernel/kls_hdr/fmt_codec_hdr.cpp, which can be exploited to cause stack-based buffer overflows by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Version 0.8.0 is affected.

tags | advisory, overflow, kernel, vulnerability
advisories | CVE-2008-5263
SHA-256 | eb1d8112400b196dea2591dccfd81df121f28ffaee5ad333a604b160533fee4e
Secunia - SHOUTcast DNAS Relay Buffer Overflow
Posted Feb 25, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in SHOUTcast DNAS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when receiving data from a relay master server. This can be exploited to overflow a static buffer by tricking a SHOUTcast admin into setting up a server to act as relay for a malicious server. Successful exploitation allows to e.g. overwrite the password of the web administration interface. Version 1.9.8 is affected.

tags | advisory, web, overflow
SHA-256 | 2d7b85e2f2f5d2dc651c63804b70e4fb20f7e54604685f128142095eef9b9acd
Secunia - Orbit Downloader Buffer Overflow
Posted Feb 25, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when generating the "Connecting" log message for HTTP downloads. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading from a malicious HTTP server or opening a specially crafted HTTP URL containing an overly long host name. Successful exploitation allows execution of arbitrary code. Orbit Downloader versions 2.8.2 and 2.8.3 are vulnerable.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2009-0187
SHA-256 | c0fec1b2b959aed07156096d8dc79baf656806760da36812f1bc48b1d551b693
OpenSG Radiance RGBE Buffer Overflow
Posted Jan 21, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in OpenSG, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "HDRImageFileType::checkHDR()" function in Source/System/Image/ OSGHDRImageFileType.cpp, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
SHA-256 | 0a0ddef036ae7c83eee5bfb6b1e7145ac35c00fbf80dfe9fc0b15b4281e02ef4
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close