what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files from Marcin Kozlowski

Email addressmarcinguy at yahoo.com
First Active2007-12-20
Last Active2020-11-19
TCMalloc Inspector Tool
Posted Nov 19, 2020
Authored by Marcin Kozlowski | Site github.com

TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.

tags | tool
systems | unix
MD5 | 5bfabbb583351d1bd58083c6bba6c75c
Bluetooth Impersonation Attack (BIAS) Proof Of Concept
Posted Jun 3, 2020
Authored by Marcin Kozlowski, francozappa

This archive holds Bluetooth Impersonation Attack (BIAS) CVE-2020-10135 proof of concept and reproduction research from multiple researchers.

tags | exploit, proof of concept
advisories | CVE-2020-10135
MD5 | a475ec6792f7dd27ad27b9595b77195a
jQuery html() Cross Site Scripting
Posted Apr 25, 2020
Authored by Marcin Kozlowski, Masato Kinugawa

jQuery versions prior to 3.5 suffer from an html() cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1eb6f7c99d9e83fd3ae94efce8b462a1
pppd 2.4.8 Buffer Overflow
Posted Mar 9, 2020
Authored by Marcin Kozlowski

Proof of concept crash exploit for pppd versions 2.4.2 through 2.4.8. It leverages a rhostname buffer overflow in the eap_request and eap_response functions in eap.c.

tags | exploit, overflow, proof of concept
advisories | CVE-2020-8597
MD5 | 694ecff0fb2c7aa589655a4edc33f057
Android-Gif-Drawable Double-Free
Posted Nov 27, 2019
Authored by Marcin Kozlowski

A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn't mention "android-gif-drawable". It only mentions WhatsApp. There could be over 28,400 free Android apps that use this library.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2019-11932
MD5 | a6614c2514fa1b374a4aab6d0310003c
Android Binder Use-After-Free
Posted Oct 18, 2019
Authored by Marcin Kozlowski

These are notes on further exploitation of the Android Binder use-after-free vulnerability as noted in CVE-2019-2215 and leveraged against Kernel 3.4.x and 3.18.x on Samsung Devices using Samsung Android and LineageOS.

tags | exploit, kernel
advisories | CVE-2019-2215
MD5 | 615c42102bb321281534f993eefa6acb
Android VideoPlayer ihevcd_parse_pps Out-Of-Bounds Write
Posted Jul 15, 2019
Authored by Marcin Kozlowski

VideoPlayer on Android versions 7 through 9 suffer from an ihevcd_parse_pps out-of-bounds write vulnerability.

tags | exploit
advisories | CVE-2019-2107
MD5 | b6e2167ecafb748c6ed3b913f56c4e69
Dynamic Loader Oriented Programming - Wiederganger Proof Of Concept
Posted Dec 12, 2018
Authored by Marcin Kozlowski

This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.

tags | exploit, vulnerability, code execution, proof of concept
systems | linux
MD5 | 9450ff4b4e1f182c2f3845ea9c3bdb86
LineageOS 14.1 Blueborne Remote Code Execution
Posted Apr 6, 2018
Authored by Marcin Kozlowski

LineageOS version 14.1 Blueborne suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-0781
MD5 | 90410d5586fb58a108784ae1818b9a2b
BlueBorne BlueTooth Buffer Overflow Proof Of Concept
Posted Sep 25, 2017
Authored by Marcin Kozlowski

BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.

tags | exploit, denial of service, overflow, kernel, proof of concept
systems | linux
advisories | CVE-2017-1000251
MD5 | 8fe062e0b377bb75c70ddb9e02781792
Ntpd ntp-4.2.6p5 ctl_putdata() Buffer Overflow
Posted Feb 16, 2016
Authored by Marcin Kozlowski

Ntpd versions ntp-4.2.6p5 and below ctl_putdata() buffer overflow exploit.

tags | exploit, overflow
MD5 | cf5f515d92a7b19604afb18d863b1a15
powerfuzzer_v1_beta.zip
Posted Jul 25, 2008
Authored by Marcin Kozlowski | Site powerfuzzer.sourceforge.net

Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (including cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering a website and identifying inputs.

tags | web, fuzzer
MD5 | 396b2d6d7bff4882890ef159d826b641
mswinqueue-overflow.txt
Posted Jan 18, 2008
Authored by Marcin Kozlowski

Microsoft Windows Message Queueing Server RPC buffer overflow exploit that relates to MS07-065.

tags | exploit, overflow
systems | windows
MD5 | 2d7ee74e959b003854de19078715c9c8
apache-mod-rewrite.rb.txt
Posted Jan 7, 2008
Authored by Marcin Kozlowski

Apache mod_rewrite escape_absolute_uri() off-by-one buffer overflow Metasploit exploit module. This affects Apache versions 1.3.28 through 1.3.36, 2.0.46 through 2.0.58, and 2.2.1 through 2.2.2.

tags | exploit, overflow
advisories | CVE-2006-3747
MD5 | e71e56d7bfd5e229f331137228932628
3proxylogurl-overflow.txt
Posted Dec 20, 2007
Authored by Marcin Kozlowski

3Proxy versions below 0.5.3h remote buffer overflow exploit that takes advantage of a vulnerability in logurl().

tags | exploit, remote, overflow
MD5 | f58544734ccbcf2bf4fdd69d9386a5d2
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close