what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files from Stephen Fewer

First Active2007-08-11
Last Active2012-07-19
Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow
Posted Jul 19, 2012
Authored by Stephen Fewer, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x06 (PROXY_CMD_CLEAR_WS) to the 998/TCP port. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | OSVDB-65361
SHA-256 | d8e51661349a2d58c55ebba98e0aab7bf40252bcd11e9570670dbb09e98a4244
Novell ZENworks Configuration Management Preboot Service 0x21 Buffer Overflow
Posted Jul 19, 2012
Authored by Stephen Fewer, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x21 (PROXY_CMD_FTP_FILE) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | OSVDB-65361
SHA-256 | 10965ccc1d7f3bdfb1cdc1edf6199b5eb01250bbec68ab0ee4cf54ba20262a61
iDEFENSE Security Advisory 2009-04-28.1
Posted Apr 28, 2009
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.28.09 - Remote exploitation of a stack based buffer overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability occurs when parsing requests on the UDP interface of the RTserver. iDefense has confirmed the existence of this vulnerability in the RTserver version 4.0.10.1. Previous versions may also be affected. The SmartSockets framework is resold to various 3rd party vendors, and in this case iDefense used the version provided with Computer Associates Enterprise Communicator.

tags | advisory, remote, overflow, arbitrary, udp
advisories | CVE-2009-1291
SHA-256 | 6d008d52e91cfd5a4ca4ff613e0e700fd8d4e1656b66671f3a7aa9fae61e7a63
HS-P005_ReflectiveDllInjection.pdf
Posted Oct 31, 2008
Authored by Stephen Fewer | Site harmonysecurity.com

Whitepaper on reflective DLL injection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) loader.

tags | paper
SHA-256 | d4c845146542e7c4daa316021f940f6a435e62c6de95c4a2ff54f948743b9bf2
iDEFENSE Security Advisory 2008-10-14.1
Posted Oct 14, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 10.14.08 - Remote exploitation of an arbitrary command execution vulnerability in Microsoft Corp.'s Host Integration Server 2006 could allow an attacker to execute arbitrary code with the privileges of the affected service. The RPC interface exposes several methods that an unauthenticated attacker can use to execute arbitrary programs on the server. RPC opcodes 1 and 6 both allow an attacker to call the CreateProcess() function with full control over the application started, as well as the command line passed to it. This allows an attacker to run arbitrary programs on the server. iDefense has confirmed the existence of this vulnerability in Host Integration Server 2006. Previous versions may also be affected.

tags | advisory, remote, arbitrary
advisories | CVE-2008-3466
SHA-256 | b9fe753909d642655b6aa83a4515cd2e1b53dc02408456d1fb3e5c5f01d9aca4
iDEFENSE Security Advisory 2008-06-04.3
Posted Jun 6, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 06.04.08 - Local exploitation of a input validation vulnerability within VMware's Hgfs.sys driver could allow an unprivileged attacker to execute arbitrary code within the kernel of a Windows guest operating system. When a VMware guest operating system has the VMware Tools package installed, the hgfs.sys driver is loaded on the machine. This driver allows any user to open the device "\\.\hgfs" and issue IOCTLs with a buffering mode of METHOD_NEITHER. This allows untrusted user mode code to pass kernel addresses as arguments to the driver. iDefense confirmed the existence of this vulnerability in hgfs.sys as included with VMware Workstation 5.5.4. Other versions are suspected vulnerable as well.

tags | advisory, arbitrary, kernel, local
systems | windows
advisories | CVE-2008-5671
SHA-256 | 94965d18331de5c2c720b4857032236ba30344a29f60b2f9431727bdeac556fa
iDEFENSE Security Advisory 2008-05-27.2
Posted May 27, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 05.27.08 - Remote exploitation of an arbitrary command execution vulnerability in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Library Manager. The Library Manager is used to manage the replacement of disk drives in distributed locations. The Manager consists of a single process, the "robotd" process, that listens on TCP port 3500 for incoming connections. The Library Manager is prone to an arbitrary command execution vulnerability. When sent a specific request, "robotd" will use a string from the packet as a command to execute on the system via the CreateProcess() function. This allows an attacker to run arbitrary programs on the host with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.

tags | advisory, remote, arbitrary, tcp
systems | windows
advisories | CVE-2008-2157
SHA-256 | 89af74c8a928b81854ee449e94087273d27f78d647c9fd326a1544aff4057f61
iDEFENSE Security Advisory 2008-05-27.1
Posted May 27, 2008
Authored by iDefense Labs, Sean Larsson, Stephen Fewer | Site idefense.com

iDefense Security Advisory 05.27.08 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Server Agent. The Server Agent is one of the core components of AlphaStor, and is used to initiate disk management requests. The Agent consists of several processes, one of which is the AlphaStor Command Line Interface process. This process listens on TCP port 41025, and is prone to multiple stack based buffer overflow vulnerabilities. iDefense has confirmed the existence of these vulnerabilities in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.

tags | advisory, remote, overflow, arbitrary, tcp, vulnerability
systems | windows
advisories | CVE-2008-2158
SHA-256 | 8da9b9e7f94fd0d1345754a53a84aca4080928bbb8dcd14ed122e9038bc29440
iDEFENSE Security Advisory 2008-04-09.3
Posted Apr 11, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.09.08 - Remote exploitation of a format string vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the content of a string in requests. Since this string is passed directly to a formatting function, a format string vulnerability occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2008-0963
SHA-256 | 5b88804d6ae7468d490bc8ef3fe7c0ea5e0670d6692d6006ad9bcc470224792c
iDEFENSE Security Advisory 2008-04-09.2
Posted Apr 11, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.09.08 - Remote exploitation of a buffer overflow vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. The File System Manager is prone to a stack-based buffer overflow vulnerability. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the length of a string in the request. By making a specially crafted request, a stack based buffer overflow occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2008-0962
SHA-256 | cc3f3fbc0041112ee44d533bc22ba56a70fd751510708f2c713a709b97e17abf
iDEFENSE Security Advisory 2008-04-09.1
Posted Apr 11, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.09.08 - Remote exploitation of an authentication bypass vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code. Each of the main components of the DiskXtender suite is vulnerable to an authentication bypass vulnerability. Specifically, the authentication code contains a hard-coded login and password. By connecting to the RPC interface, and logging on with these credentials, it is possible to bypass the normal authentication process. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.

tags | advisory, remote, arbitrary, bypass
systems | windows
advisories | CVE-2008-0961
SHA-256 | e7ab9fbbb99710e5ebe00c8010b6d349ef5bccd241e9f3a13af867571d08d281
iDEFENSE Security Advisory 2008-02-19.1
Posted Feb 21, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 02.19.08 - Remote exploitation of multiple heap overflow vulnerabilities in EMC Corp.'s RepliStor could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities in EMC RepliStor version 6.2 SP2. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2007-6426
SHA-256 | f6b201a399d7e3b18a39c000839a38b6ffcaed2ca3d31bea6313b242f920f322
iDEFENSE Security Advisory 2008-01-09.1
Posted Jan 10, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 01.09.08 - Local exploitation of an input validation error vulnerability within Novell Inc.'s NetWare Client allows attackers to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nicm.sys, file version 3.0.0.4, as included with Novell's NetWare Client 4.91 SP4. Other versions may also be vulnerable.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5762
SHA-256 | 1199edc5e5bb2e36aec4a186f945949d624aafcfeafaede7918b2e7d59888b2a
iDEFENSE Security Advisory 2008-01-07.1
Posted Jan 7, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 01.07.08 - Local exploitation of a privilege escalation vulnerability in Motorola Inc.'s netOctopus could allow an attacker to execute arbitrary code in kernel context. iDefense has confirmed the existence of this vulnerability in version 5.0.0.115 of the nantsys.sys driver as included with netOctopus version 5.1.2 build 1011. Previous versions may also be affected.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5761
SHA-256 | 8c1d1e8dc48c46909722b81670b93c2a3e9c3a8a5803f30b9a78e760c2b94d3e
iDEFENSE Security Advisory 2007-12-24.1
Posted Jan 5, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 12.24.07 - Local exploitation of a privilege escalation vulnerability in Novell ZENworks Endpoint Security Management allows attackers to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in STEngine.exe version 3.5.0.20 as included with Novell Inc's ZENworks Endpoint Security Management 3.5. Other versions may also be affected.

tags | advisory, arbitrary, local
advisories | CVE-2007-5665
SHA-256 | c21648e448a450e5c089b4ac38b4da87f03e5e26df576e7609afeb546933705f
iDEFENSE Security Advisory 2007-11-12.2
Posted Nov 14, 2007
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 11.12.07 - Local exploitation of an input validation error vulnerability within Novell NetWare Client could allow an unprivileged attacker to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nwfilter.sys, file version 4.91.1.1, as included with Novell's NetWare Client 4.91 SP4. Other versions are suspected vulnerable as well.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5667
SHA-256 | 39e537fefe55f9545bc7e0198660352f71e947724af29fd65f1b295a346eda32
iDEFENSE Security Advisory 2007-11-06.1
Posted Nov 7, 2007
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 11.06.07 - Local exploitation of a design error vulnerability in Microsoft's DebugView could allow attackers to execute arbitrary kernel code. As part of its design, DebugView loads a kernel module Dbgv.sys. This module includes functionality that can be abused to copy user supplied data into the kernel, to controlled addresses. This allows malicious users to inject arbitrary code into the running kernel. iDefense confirmed the existence of this vulnerability in Microsoft DebugView version 4.64. The specific file version of Dbgv.sys is 4.60.0.0. This file is deleted automatically after being loaded and will not be found on disk. Previous versions are suspected to be vulnerable as well.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-4223
SHA-256 | 0b00f9045bac936d268732de36b5e66cbcf489bf0fd354410de4b492a97276f0
iDEFENSE Security Advisory 2007-10-10.1
Posted Oct 11, 2007
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 10.10.07 - Remote exploitation of a format string vulnerability in Kaspersky Lab's Online Scanner virus scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user. iDefense has confirmed the existence of this vulnerability within version 5.0.93.0 of Kaspersky Lab's kavwebscan.dll. Previous versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary, virus
advisories | CVE-2007-3675
SHA-256 | f707942595ccab88728e76bcf1c0ea83ad5306251adf6e09c6e313ef8b7a67a1
HS-A007.txt
Posted Aug 11, 2007
Authored by Stephen Fewer | Site harmonysecurity.com

Harmony Security Advisory - Qbik's WinGate versions below 6.2.2 suffer from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
SHA-256 | 01bc3078c7944cbe079a4848b79ed8258c76fb99bef205db3e3b00b3fe9bca9e
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close