Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

Files from Felix Wilhelm

First Active2010-11-20
Last Active2018-09-06
NetworkManager Daemon Command Execution
Posted Sep 6, 2018
Authored by Felix Wilhelm, Sameer Goyal

This is a small tutorial write up that provides a DynoRoot exploit proof of concept.

tags | exploit, proof of concept
advisories | CVE-2018-1111
MD5 | 34564033c2577542c76d3de9c82d2615
Xen xen-netback xenvif_set_hash_mapping Integer Overflow
Posted Aug 17, 2018
Authored by Felix Wilhelm, Google Security Research

Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.

tags | advisory, overflow
MD5 | 056a37f9c265e3d9566b012c2ea95423
KVM Nest Virtualization L1 Guest Privilege Escalation
Posted Jun 25, 2018
Authored by Felix Wilhelm, Google Security Research

When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0.

tags | exploit
MD5 | 52237ddbf09d9e8e93706408732deecf
DHCP Client Command Injection (DynoRoot)
Posted Jun 12, 2018
Authored by Felix Wilhelm | Site

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

tags | exploit, arbitrary, local, root, spoof, protocol
systems | linux, redhat, fedora
advisories | CVE-2018-1111
MD5 | 5260d2ef5bb8f8bbc5edbc0ec7cb7c67
EMC Replication Manager / Network Module Remote Code Execution
Posted Oct 4, 2016
Authored by Felix Wilhelm | Site

EMC Replication Manager (RM) is affected by a remote code execution vulnerability that may be exploited by an attacker to compromise an affected system. A remote unauthenticated attacker may execute arbitrary commands on an RM Client, with high privileges, by starting a rogue RM Server that connects to the RM Client and executes the malicious script/payload that is placed in an SMB share, by the attacker, that is accessible to the RM Client. Affected include EMC Replication Manager versions prior to 5.5.3 on all supported OS, EMC Network Module for Microsoft version 3.x, and EMC Networker Module for Microsoft version 8.2.x.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2016-0913
MD5 | 4196d1c352856a42a93ca08de065887a
Action Pack DoS / SQL Injection / Code Execution
Posted Jan 8, 2013
Authored by Felix Wilhelm, Jonathan Rudenberg, Ben Murphy, Bryan Helmkamp, Magnus Holm, Charlie Somerville, Aaron Patterson, Darcy Laycock, Benoist Claassen

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a denial of service attack on a Rails application.

tags | advisory, denial of service, arbitrary, sql injection, ruby
advisories | CVE-2013-0156
MD5 | 85e44204ba7170674ab3b48f8e9aa554
CakePHP <= 1.3.5 / 1.2.8 Cache Corruption Exploit
Posted Nov 20, 2010
Authored by Felix Wilhelm, tdz | Site

CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.

tags | exploit, web, arbitrary, php
advisories | OSVDB-69352
MD5 | 27a4713b86a9f2dc74fea03d6d22680a
Page 1 of 1

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By