| Real Name | John Leitch |
|---|---|
| Email address | john.leitch5 at gmail.com |
| Website | autosectools.com |
| First Active | 2014-04-10 |
| Last Active | 2018-04-24 |
BadParser is a vulnerability parser designed to aid in the testing of fuzzers by simulating different kinds of memory corruption issues. Vulnerabilities are simulated by causing write-access violations at specific addresses, which serve as unique identifiers for the different issues. BadParser supports JSON and XML input files, with other file formats planned.
367f7dde5a91009874def600cffd3663977c783f792f9dde52d689d05d61d3afPerl version 5.22 suffers from two out-of-bounds reads and multiple small buffer over-read vulnerabilities in the VDir::MapPathA and VDir::MapPathW functions that could potentially be exploited to achieve arbitrary code execution.
cd84d70480486213183c751f06e787f023b2261ad301971f1c15757a078757f7Exploit web applications with SnappingTurtle, a cross-platform tool written in Aphid and compiled into Python. SnappingTurtle can exploit SQL injection, arbitrary upload, local file inclusion, and cross-site scripting.
a5b8094701db252077afcb55bbe7d22f2e1f457fb1b671ab24b4f46b2f5011ceThis is a cross platform web exploitation tool written in Aphid and compiled into Python. Currently supports exploitation of PHP local file inclusion and SQL injection with more on the way.
95b04c51ae4075a56716ce0a231f64be1caf216efe3d1a1e359c795e51ab9309Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in check_multiply_size(). The problem exists because the check to confirm that size == product / y / x does not take remainders into account.
4fbbcdb0014f6b5b36412b5b0d77e13fcea4362e7222692a9ca1f45aad0c9e23Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the pack_string function at line 633.
215ced90e06682bf1853666f18abba9118707d5f15f9bdb78f63075a6ea12305Python versions 2.7 and 3.4 through 3.6 audioop.lin2adpcm function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1436 of Modules\audioop.c.
2c8b66929eceb72bf3da7c48c1148a09862a0cd29361eca125f67b93810e39c3Python versions 2.7 and 3.4 through 3.6 audioop.adpcm2lin function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1545 of Modules\audioop.c.
ada2d4f0a482e3504f02bdd84933b923a7fbe62837b34a1a13838fd8b8480ca2Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject ob_size is less than ob_alloc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a range of length 0x10, then calling pop with a valid index.
4a88d411899b3dbec134ad2fd731df7ad8bb96206440397840cb6a04963e5ab7Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.
1a0162389dadd3c3ed027351470e8c0be159c0f185fd44220ede2cc603b48d8aPython version 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.
94542f2a805b7a58ea094d2832d50dc1b24b949fa6c966598dd788d4698a07fcPython versions 3.3 through 3.5 suffer from a vulnerability caused by the behavior of the product_setstate() function. When called, the function loops over the state tuple provided and clamps each given index to a value within a range from 0 up to the max number of pools. Then, it loops over the pools and gets an item from the pool using the previously clamped index value. However, for the upper bound, the clamping logic is using the number of pools and not the size of the individual pool, which can result in a call to PyTuple_GET_ITEM that uses an index outside of the bounds of the pool.
93b02aa3ae19b663219ced42d062d599f4173fd86c326115247762c4c49f4875Python version 3.5 suffers from a vulnerability caused by the behavior of the newblock() function used by the collections.deque module. When called, newblock() allocates memory using PyMem_Malloc() and does not initialize it.
beb3e126e78bd70fe14f6262da0e8790ff307a93235f23188e500745b0a5be92Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements which assume that the name argument is a string. However, if a name argument is provided that is not a string, this logic will make several calls to PyUnicode_CompareWithASCIIString that expect a string, yet receive some other type of object, leading to a type confusion vulnerability.
2f285d0b1a031d0ca91b5be2513b66aa771b0b6b0abc07f26cece30a0372c084Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of '%'. After finding a '%', it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with '%', this logic will result in a call to strchr that reads off the end of the format string buffer.
247c41f7b289418808f840d29093ddf7d7fec17408a6503c55ac90be7d7cdeb1Python 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.
11ad4ff03a7d48ad669798a540d150f6b9a96705027ddfb79905aac9959c3fc9The yaml_* parsing functions suffers from an exploitable double free caused by the error path for the php_var_unserialize() call on line 797 of pecl/file_formats/yaml.git/parse.c.
222691a6762e7a56ff629bdd866e2f3741c307b8856b25b0efcef4850bb9383fThe PHP unserialize() function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor.
25ba50f88dac6d73405bd6b613b421c3efdf062bb33df0303b3857f5a2f462f0PHP version 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote code execution. The vulnerability exists due to inconsistent behavior in the get_icu_value_internal function of ext\intl\locale\locale_methods.c. In most cases, get_icu_value_internal allocates memory that the caller is expected to free. However, if the first argument, loc_name, satisfies the conditions specified by the isIDPrefix macro (figure 1), and fromParseLocal is true, loc_name itself is returned. If a caller abides by contract and frees the return value of such a call, then the pointer passed via loc_name is freed again elsewhere, a double free occurs.
e1dcadb447af1ab80dabe070ca75aed52d71efed2b43a7c6a34d21061054de25This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.
ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
b9dd8ee3053813f5ff75d34d8e0f41a37a3efeac003a6ab767604dd17a77f4ffBleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
8ac230f3902a7f35b6b76d9ad09ffa77ce032177754a06743c1ffa83672c1fcfBleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
0154e0117391da9f265ff0a83bcd76a93f62d16f309e587ba789d69c8bbd8009
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed