what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Markus Vervier

Email addressmarkus.vervier at lsexperts.de
First Active2012-03-09
Last Active2021-05-26
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
SHA-256 | 3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
SHA-256 | a6ae5d3d4dedcc85875a8b486ef5cb3f062250e0ddef95b52ca59a9b77f9c066
PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection
Posted Nov 10, 2017
Authored by Markus Vervier, Eric Sesterhenn

PSFTPd Windows FTP Server version 10.0.4 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2017-15269, CVE-2017-15270, CVE-2017-15271, CVE-2017-15272
SHA-256 | 2ab7fc41e437445992806fe81144885bb0a72f231da48d63855358ad4c080447
libotr 4.1.0 Memory Corruption
Posted Mar 11, 2016
Authored by Markus Vervier

A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected.

tags | exploit, remote, arbitrary
advisories | CVE-2016-2851
SHA-256 | ea7da15f0bdfd219e45644306a8022ee070808fe6f08855862fdfa8bf03c3509
Perl 5.20.1 Deep Recursion Stack Overflow
Posted Sep 25, 2014
Authored by Markus Vervier | Site lsexperts.de

A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory.

tags | exploit, overflow, perl
advisories | CVE-2014-4330
SHA-256 | 5739d0c214a552e16df8c1827940aaed394eeceffff1b5e158eb34f54598672a
Check_MK Arbitrary File Disclosure
Posted May 29, 2014
Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

Check_MK suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary
advisories | CVE-2014-0243
SHA-256 | 29ea17ad8196b8ca5a593382f3d744479bd2f4a883b8f7db788780575f11978e
Sitepark Information Enterprise Server 2.9 Unauthenticated Access
Posted May 1, 2014
Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

LSE discovered that the installer of the Information Enterprise Server (IES) was available to unauthenticated users over HTTP. When updating from previous versions of IES, an installation form was not disabled after installation. In this case the servlet "/ies/install" was exposed to unauthenticated users. By accessing the servlet at URI "/ies/install/" on an affected IES server, an unauthenticated attacker was able to set a new password for the manager account. Additionally sensitive information regarding the IES installation was displayed.

tags | advisory, web
advisories | CVE-2014-3006
SHA-256 | a3bd5fbb77d7da353b590c6fc5e71a5468197a93c7835a587b10d09fad706a47
rsyslog ElasticSearch Memory Corruption
Posted Jul 5, 2013
Authored by Markus Vervier, Marius Ionescu | Site lsexperts.de

rsyslog ElasticSearch plugin suffers from a double free memory corruption. rsyslog versions 7.4.0 stable through 7.4.1 stable and 7.3.2 devel through 7.5.1 devel are affected.

tags | advisory
advisories | CVE-2013-4758
SHA-256 | c9b79425a99d604dd1c1d69b803474783b1a91144c92fa3d3e6e0ef941f7e904
Avira AntiVir Engine Denial Of Service / Filter Evasion
Posted Jun 14, 2013
Authored by Markus Vervier, Eric Sesterhenn | Site lsexperts.de

Avira AntiVir Engine versions prior to suffers from filter evasion and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4602
SHA-256 | f5e46b03133d76cb79b53518f4dfe1360eac24c598dd82d32a8f7e0fd3a49db7
PyPAM 0.4.2 Double-Free Corruption
Posted Mar 9, 2012
Authored by Markus Vervier | Site lsexperts.de

By supplying a NULL-byte to the PyPAM module, a double-free condition is triggered. This condition may allow for remote code execution. Proof of concept included.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2012-1502
SHA-256 | b9936d838bd10ba319a3a27d9876c6d69526d361baacacbc111fa9967983d80d
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    31 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By