ignore security and it'll go away
Showing 1 - 19 of 19 RSS Feed

Files from Stephen Fewer

First Active2007-08-11
Last Active2012-07-19
Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow
Posted Jul 19, 2012
Authored by Stephen Fewer, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x06 (PROXY_CMD_CLEAR_WS) to the 998/TCP port. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | OSVDB-65361
MD5 | f34f24fcc433e4b088d9cd6e4754435b
Novell ZENworks Configuration Management Preboot Service 0x21 Buffer Overflow
Posted Jul 19, 2012
Authored by Stephen Fewer, juan | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x21 (PROXY_CMD_FTP_FILE) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).

tags | exploit, remote, overflow, tcp
systems | windows
advisories | OSVDB-65361
MD5 | 152908928a9c6adae51d63c01d75b875
iDEFENSE Security Advisory 2009-04-28.1
Posted Apr 28, 2009
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.28.09 - Remote exploitation of a stack based buffer overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability occurs when parsing requests on the UDP interface of the RTserver. iDefense has confirmed the existence of this vulnerability in the RTserver version 4.0.10.1. Previous versions may also be affected. The SmartSockets framework is resold to various 3rd party vendors, and in this case iDefense used the version provided with Computer Associates Enterprise Communicator.

tags | advisory, remote, overflow, arbitrary, udp
advisories | CVE-2009-1291
MD5 | 9dfabca1de537611a55f2a79e07d3727
HS-P005_ReflectiveDllInjection.pdf
Posted Oct 31, 2008
Authored by Stephen Fewer | Site harmonysecurity.com

Whitepaper on reflective DLL injection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) loader.

tags | paper
MD5 | 9dcfe4b1a13f2b6430c44bf6ea224287
iDEFENSE Security Advisory 2008-10-14.1
Posted Oct 14, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 10.14.08 - Remote exploitation of an arbitrary command execution vulnerability in Microsoft Corp.'s Host Integration Server 2006 could allow an attacker to execute arbitrary code with the privileges of the affected service. The RPC interface exposes several methods that an unauthenticated attacker can use to execute arbitrary programs on the server. RPC opcodes 1 and 6 both allow an attacker to call the CreateProcess() function with full control over the application started, as well as the command line passed to it. This allows an attacker to run arbitrary programs on the server. iDefense has confirmed the existence of this vulnerability in Host Integration Server 2006. Previous versions may also be affected.

tags | advisory, remote, arbitrary
advisories | CVE-2008-3466
MD5 | 05e989925ceb282962a869ddba7121b7
iDEFENSE Security Advisory 2008-06-04.3
Posted Jun 6, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 06.04.08 - Local exploitation of a input validation vulnerability within VMware's Hgfs.sys driver could allow an unprivileged attacker to execute arbitrary code within the kernel of a Windows guest operating system. When a VMware guest operating system has the VMware Tools package installed, the hgfs.sys driver is loaded on the machine. This driver allows any user to open the device "\\.\hgfs" and issue IOCTLs with a buffering mode of METHOD_NEITHER. This allows untrusted user mode code to pass kernel addresses as arguments to the driver. iDefense confirmed the existence of this vulnerability in hgfs.sys as included with VMware Workstation 5.5.4. Other versions are suspected vulnerable as well.

tags | advisory, arbitrary, kernel, local
systems | windows
advisories | CVE-2008-5671
MD5 | 20c213b8be2a663119c92bebefe0f3b0
iDEFENSE Security Advisory 2008-05-27.2
Posted May 27, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 05.27.08 - Remote exploitation of an arbitrary command execution vulnerability in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Library Manager. The Library Manager is used to manage the replacement of disk drives in distributed locations. The Manager consists of a single process, the "robotd" process, that listens on TCP port 3500 for incoming connections. The Library Manager is prone to an arbitrary command execution vulnerability. When sent a specific request, "robotd" will use a string from the packet as a command to execute on the system via the CreateProcess() function. This allows an attacker to run arbitrary programs on the host with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.

tags | advisory, remote, arbitrary, tcp
systems | windows
advisories | CVE-2008-2157
MD5 | 6c8ff6e0b7f32b25ed4398d7091c900b
iDEFENSE Security Advisory 2008-05-27.1
Posted May 27, 2008
Authored by iDefense Labs, Sean Larsson, Stephen Fewer | Site idefense.com

iDefense Security Advisory 05.27.08 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Server Agent. The Server Agent is one of the core components of AlphaStor, and is used to initiate disk management requests. The Agent consists of several processes, one of which is the AlphaStor Command Line Interface process. This process listens on TCP port 41025, and is prone to multiple stack based buffer overflow vulnerabilities. iDefense has confirmed the existence of these vulnerabilities in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.

tags | advisory, remote, overflow, arbitrary, tcp, vulnerability
systems | windows
advisories | CVE-2008-2158
MD5 | f0e331dc95a7505a4903764fd5697dca
iDEFENSE Security Advisory 2008-04-09.3
Posted Apr 11, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.09.08 - Remote exploitation of a format string vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the content of a string in requests. Since this string is passed directly to a formatting function, a format string vulnerability occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2008-0963
MD5 | ab70e4fbca77cf4217be52d72bd24f1c
iDEFENSE Security Advisory 2008-04-09.2
Posted Apr 11, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.09.08 - Remote exploitation of a buffer overflow vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. The File System Manager is prone to a stack-based buffer overflow vulnerability. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the length of a string in the request. By making a specially crafted request, a stack based buffer overflow occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2008-0962
MD5 | 6bf48ca72b6e0a4c486fac37e6e7c96a
iDEFENSE Security Advisory 2008-04-09.1
Posted Apr 11, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 04.09.08 - Remote exploitation of an authentication bypass vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code. Each of the main components of the DiskXtender suite is vulnerable to an authentication bypass vulnerability. Specifically, the authentication code contains a hard-coded login and password. By connecting to the RPC interface, and logging on with these credentials, it is possible to bypass the normal authentication process. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.

tags | advisory, remote, arbitrary, bypass
systems | windows
advisories | CVE-2008-0961
MD5 | dbf348e8b2d22a48dd9a267fca454033
iDEFENSE Security Advisory 2008-02-19.1
Posted Feb 21, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 02.19.08 - Remote exploitation of multiple heap overflow vulnerabilities in EMC Corp.'s RepliStor could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities in EMC RepliStor version 6.2 SP2. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2007-6426
MD5 | 8fdd689c073572f029a49569de013795
iDEFENSE Security Advisory 2008-01-09.1
Posted Jan 10, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 01.09.08 - Local exploitation of an input validation error vulnerability within Novell Inc.'s NetWare Client allows attackers to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nicm.sys, file version 3.0.0.4, as included with Novell's NetWare Client 4.91 SP4. Other versions may also be vulnerable.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5762
MD5 | c3b21473ead37ed6968f5bd86ad99e65
iDEFENSE Security Advisory 2008-01-07.1
Posted Jan 7, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 01.07.08 - Local exploitation of a privilege escalation vulnerability in Motorola Inc.'s netOctopus could allow an attacker to execute arbitrary code in kernel context. iDefense has confirmed the existence of this vulnerability in version 5.0.0.115 of the nantsys.sys driver as included with netOctopus version 5.1.2 build 1011. Previous versions may also be affected.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5761
MD5 | 61e51ae15fb273e26e18067d2f5ee0d4
iDEFENSE Security Advisory 2007-12-24.1
Posted Jan 5, 2008
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 12.24.07 - Local exploitation of a privilege escalation vulnerability in Novell ZENworks Endpoint Security Management allows attackers to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in STEngine.exe version 3.5.0.20 as included with Novell Inc's ZENworks Endpoint Security Management 3.5. Other versions may also be affected.

tags | advisory, arbitrary, local
advisories | CVE-2007-5665
MD5 | e67c26c468fb8d535a7fe75eab2aae44
iDEFENSE Security Advisory 2007-11-12.2
Posted Nov 14, 2007
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 11.12.07 - Local exploitation of an input validation error vulnerability within Novell NetWare Client could allow an unprivileged attacker to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nwfilter.sys, file version 4.91.1.1, as included with Novell's NetWare Client 4.91 SP4. Other versions are suspected vulnerable as well.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-5667
MD5 | 1649d7033630962f4294717eba16002e
iDEFENSE Security Advisory 2007-11-06.1
Posted Nov 7, 2007
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 11.06.07 - Local exploitation of a design error vulnerability in Microsoft's DebugView could allow attackers to execute arbitrary kernel code. As part of its design, DebugView loads a kernel module Dbgv.sys. This module includes functionality that can be abused to copy user supplied data into the kernel, to controlled addresses. This allows malicious users to inject arbitrary code into the running kernel. iDefense confirmed the existence of this vulnerability in Microsoft DebugView version 4.64. The specific file version of Dbgv.sys is 4.60.0.0. This file is deleted automatically after being loaded and will not be found on disk. Previous versions are suspected to be vulnerable as well.

tags | advisory, arbitrary, kernel, local
advisories | CVE-2007-4223
MD5 | 87ee8e8b4f4b5d6e9b73f52c5547ba4f
iDEFENSE Security Advisory 2007-10-10.1
Posted Oct 11, 2007
Authored by iDefense Labs, Stephen Fewer | Site idefense.com

iDefense Security Advisory 10.10.07 - Remote exploitation of a format string vulnerability in Kaspersky Lab's Online Scanner virus scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user. iDefense has confirmed the existence of this vulnerability within version 5.0.93.0 of Kaspersky Lab's kavwebscan.dll. Previous versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary, virus
advisories | CVE-2007-3675
MD5 | 3e0b4dc5a2a3f864e788a00519e4dc3a
HS-A007.txt
Posted Aug 11, 2007
Authored by Stephen Fewer | Site harmonysecurity.com

Harmony Security Advisory - Qbik's WinGate versions below 6.2.2 suffer from a remote denial of service vulnerability.

tags | advisory, remote, denial of service
MD5 | 45c1a91e39daec5d0522f41741611a6b
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close