exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Marcin Kozlowski

Email addressmarcinguy at yahoo.com
First Active2007-12-20
Last Active2022-02-07
Scanmycode Community Edition
Posted Feb 7, 2022
Authored by Marcin Kozlowski | Site github.com

Scanmycode is based on QuantifedCode. QuantifiedCode is a code analysis and automation platform. It helps you to keep track of issues and metrics in your software projects, and can be easily extended to support new types of analyses.

tags | tool
systems | unix
SHA-256 | e28c19bb8ef7a7e3b7d38386219fa4cb37f386016b6f914739deeb6a63addeca
Dr Checker 4 Linux
Posted Aug 31, 2021
Authored by Marcin Kozlowski | Site github.com

This is an LLVM based tool to audit Linux kernel module security using both pointer and taint analyses that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers. It is port of Dr. Checker.

tags | tool, kernel
systems | linux, unix
SHA-256 | 1fd358d47de323bd7dadfb4148d4c52f11fe6a9eca3e9dbc43431082fd5c62a9
TCMalloc Inspector Tool
Posted Nov 19, 2020
Authored by Marcin Kozlowski | Site github.com

TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.

tags | tool
systems | unix
SHA-256 | 2b86aa20695ff99c9d185ed04df1ba3584158ebaa73e1ac6836170d8afc84ad0
Bluetooth Impersonation Attack (BIAS) Proof Of Concept
Posted Jun 3, 2020
Authored by Marcin Kozlowski, francozappa

This archive holds Bluetooth Impersonation Attack (BIAS) CVE-2020-10135 proof of concept and reproduction research from multiple researchers.

tags | exploit, proof of concept
advisories | CVE-2020-10135
SHA-256 | 41004a9e2b60df9ce140f6ce8134c8d2d77630719d6ee1ae883f9de82e4b456b
jQuery html() Cross Site Scripting
Posted Apr 25, 2020
Authored by Marcin Kozlowski, Masato Kinugawa

jQuery versions prior to 3.5 suffer from an html() cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 806fd26fbc6fd6a800e9b74e6dd857dc88fdeef9c3b39d821ec111c8bb913aef
pppd 2.4.8 Buffer Overflow
Posted Mar 9, 2020
Authored by Marcin Kozlowski

Proof of concept crash exploit for pppd versions 2.4.2 through 2.4.8. It leverages a rhostname buffer overflow in the eap_request and eap_response functions in eap.c.

tags | exploit, overflow, proof of concept
advisories | CVE-2020-8597
SHA-256 | 5f3f031504ced5c6e33a19ffcc5762feb18c6704650c050b6b15df49d8a9357d
Android-Gif-Drawable Double-Free
Posted Nov 27, 2019
Authored by Marcin Kozlowski

A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn't mention "android-gif-drawable". It only mentions WhatsApp. There could be over 28,400 free Android apps that use this library.

tags | advisory, remote, denial of service, arbitrary
advisories | CVE-2019-11932
SHA-256 | deb671a58483113fa01c7556131f6c1924fc8c60528a056679836812d446ff89
Android Binder Use-After-Free
Posted Oct 18, 2019
Authored by Marcin Kozlowski

These are notes on further exploitation of the Android Binder use-after-free vulnerability as noted in CVE-2019-2215 and leveraged against Kernel 3.4.x and 3.18.x on Samsung Devices using Samsung Android and LineageOS.

tags | exploit, kernel
advisories | CVE-2019-2215
SHA-256 | e1a2e97063e031e1295f8213749b666e7722c92fde1fd5b0de1274b5316e32f1
Android VideoPlayer ihevcd_parse_pps Out-Of-Bounds Write
Posted Jul 15, 2019
Authored by Marcin Kozlowski

VideoPlayer on Android versions 7 through 9 suffer from an ihevcd_parse_pps out-of-bounds write vulnerability.

tags | exploit
advisories | CVE-2019-2107
SHA-256 | 641316a0c31ea9598297b3208706dd4ecbdd3747d0c8cf2d223873bb200df9dd
Dynamic Loader Oriented Programming - Wiederganger Proof Of Concept
Posted Dec 12, 2018
Authored by Marcin Kozlowski

This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.

tags | exploit, vulnerability, code execution, proof of concept
systems | linux
SHA-256 | 778d2218c137533f1b5a870d4881b65e376de7c26bbe92fcc05d05af21c7c1e1
LineageOS 14.1 Blueborne Remote Code Execution
Posted Apr 6, 2018
Authored by Marcin Kozlowski

LineageOS version 14.1 Blueborne suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-0781
SHA-256 | 118abf176aea0790980dec87b92c424f9758c2fd8db35e43bc7364522de3fcfa
BlueBorne BlueTooth Buffer Overflow Proof Of Concept
Posted Sep 25, 2017
Authored by Marcin Kozlowski

BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.

tags | exploit, denial of service, overflow, kernel, proof of concept
systems | linux
advisories | CVE-2017-1000251
SHA-256 | 974f187dadca11aa8a6672fa308652e8c4e301f2e239dcd9ebe671ec208a6e34
Ntpd ntp-4.2.6p5 ctl_putdata() Buffer Overflow
Posted Feb 16, 2016
Authored by Marcin Kozlowski

Ntpd versions ntp-4.2.6p5 and below ctl_putdata() buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 20c1ff267a8bcac5da58926e1274d79d39784fce12793f29a8cdf27998079989
Posted Jul 25, 2008
Authored by Marcin Kozlowski | Site powerfuzzer.sourceforge.net

Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (including cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer) and information gathered from numerous security resources and websites. It is capable of spidering a website and identifying inputs.

tags | web, fuzzer
SHA-256 | 4ee9ca809287166d059f03478f84ab9ae3b6ab083adaee34d3b2091de62e924b
Posted Jan 18, 2008
Authored by Marcin Kozlowski

Microsoft Windows Message Queueing Server RPC buffer overflow exploit that relates to MS07-065.

tags | exploit, overflow
systems | windows
SHA-256 | ae024ee0b98228f5ca3aa6c85b6654e303aaa2be37dce6d521de55a1d196b859
Posted Jan 7, 2008
Authored by Marcin Kozlowski

Apache mod_rewrite escape_absolute_uri() off-by-one buffer overflow Metasploit exploit module. This affects Apache versions 1.3.28 through 1.3.36, 2.0.46 through 2.0.58, and 2.2.1 through 2.2.2.

tags | exploit, overflow
advisories | CVE-2006-3747
SHA-256 | 503139768b0cda278959c2bc8df18f7cb0aee2077db8a28468990531d48c3000
Posted Dec 20, 2007
Authored by Marcin Kozlowski

3Proxy versions below 0.5.3h remote buffer overflow exploit that takes advantage of a vulnerability in logurl().

tags | exploit, remote, overflow
SHA-256 | 926292037e0da8602004851e43faaf9a45ad65581dc592a0d00794c9a0e267b9
Page 1 of 1

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    7 Files
  • 30
    Mar 30th
    31 Files
  • 31
    Mar 31st
    15 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By