ignore security and it'll go away
Showing 1 - 7 of 7 RSS Feed

Files from Pierre Ernst

Email addresspierre.ernst at ca.ibm.com
First Active2011-07-03
Last Active2017-04-18
Apache XML Graphics FOP 2.1 Information Disclosure
Posted Apr 18, 2017
Authored by Pierre Ernst

Apache XML Graphics FOP versions 1.0 through 2.1 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2017-5661
MD5 | f11848a50ebc706def02791acef83651
Apache Ignite 1.8 XXE Injection
Posted Apr 7, 2017
Authored by Pierre Ernst

Apache Ignite versions 1.0.0-RC3 through 1.8 suffer from an arbitrary file read that can be leveraged due to an eXternal Xml Entity vulnerability.

tags | advisory, arbitrary
advisories | CVE-2016-6805
MD5 | 5eec1b04829292f4ab3a52e46055fcc4
Apache Tika 1.13 Code Execution
Posted Nov 10, 2016
Authored by Pierre Ernst

Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.

tags | advisory, java, arbitrary
advisories | CVE-2016-6809
MD5 | 0e55b4f2c2ebaa5d4d0df84d0ad7cdc4
Apache Tomcat 7.0.39 Remote Code Execution
Posted Sep 10, 2014
Authored by Mark Thomas, Pierre Ernst | Site tomcat.apache.org

In very limited circumstances, it was possible for an attacker to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP. While Remote Code Execution would normally be viewed as a critical vulnerability, the circumstances under which this is possible are, in the view of the Tomcat security team, sufficiently limited that this vulnerability is viewed as important. Apache Tomcat versions 7.0.0 through 7.0.39 are affected.

tags | advisory, remote, code execution
advisories | CVE-2013-4444
MD5 | 6f71df48b43e53b12fd987b6c4f4c4b1
Apache Geronimo 3 RMI Classloader Exposure
Posted Jul 1, 2013
Authored by Pierre Ernst

A misconfigured RMI classloader in Apache Geronimo version 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.

tags | advisory
advisories | CVE-2013-1777
MD5 | d0b53bbbc25781a09af049d19cddde49
Apache OpenJPA 1.x / 2.x Code Execution
Posted Jun 13, 2013
Authored by Pierre Ernst

Deserialization of a maliciously crafted Apache OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit the vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability.

tags | advisory
advisories | CVE-2013-1768
MD5 | becbb8d45dc29ac14fd8f873bc084827
Spring Source OXM 3.0.4 Command Injection
Posted Jul 3, 2011
Authored by Pierre Ernst

Spring Source OXM when XStream and IBM JRE are used suffers from a remote OS command injection vulnerability. The author wants Packet Storm to note publicly that he did not submit this to the site but only to Bugtraq, where Packet Storm picked it up in the public domain.

tags | exploit, remote
MD5 | 947091a34df5cd1d9e4ee837d7e9c1d0
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close