Twenty Year Anniversary
Showing 1 - 6 of 6 RSS Feed

Files from David Jorm

First Active2012-05-24
Last Active2016-12-03
Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution
Posted Dec 3, 2016
Authored by David Jorm

Apache ActiveMQ versions 5.11.1 and 5.13.2 suffer from command execution and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2015-1830, CVE-2016-3088
MD5 | a1a27784f99e8712823fe6fd785434b4
Grandstream GXV3275 SSH Key / Command Execution
Posted Jul 8, 2015
Authored by David Jorm

Grandstream GXV3275 ships with a default root SSH key which could be used a backdoor. It also suffers from an issue where restricted commands can be leveraged to break out into a full shell.

tags | exploit, shell, root
MD5 | 6dad684ae645e29ac75cadc8f69b03bb
Apache Standard Taglibs 1.2.1 XXE / Remote Command Execution
Posted Feb 27, 2015
Authored by David Jorm

Apache Standard Taglibs version 1.2.1 suffers from XXE and remote command execution vulnerabilities via the XSL extension in JSTL XML tags.

tags | advisory, remote, vulnerability, xxe
MD5 | b775eafea2729bd44cabb6a385742f9f
Apache Camel Critical Disclosure
Posted Mar 2, 2014
Authored by David Jorm | Site camel.apache.org

The Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java methods. A remote attacker able to submit messages to an xslt Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
advisories | CVE-2014-0003
MD5 | 98f7ec03dffc49891d4370696e72adee
Apache Camel Resolve Entities Information Disclosure
Posted Mar 2, 2014
Authored by David Jorm | Site camel.apache.org

The Apache Camel XSLT component will resolve entities in XML messages when transforming them using an xslt route. A remote attacker able to submit messages to an xslt route could use this flaw to read files accessible to the running application server and potentially perform other more advanced XXE attacks. Versions affected include Camel 2.11.0 to 2.11.3 and Camel 2.12.0 to 2.12.2.

tags | advisory, remote, xxe
advisories | CVE-2014-0002
MD5 | 44bfc21a5109211ec481ac71bc3f0288
Apache Commons Compress / Apache Ant Denial Of Service
Posted May 24, 2012
Authored by David Jorm

Apache Commons Compress versions 1.0 through 1.4 and Apache Ant versions 1.5 through 1.8.3 suffer from a denial of service vulnerability. The bzip2 compressing streams in Apache Commons Compress and Apache Ant internally use sorting algorithms with unacceptable worst-case performance on very repetitive inputs. A specially crafted input to Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used to make the process spend a very long time while using up all available processing time effectively leading to a denial of service.

tags | advisory, denial of service
advisories | CVE-2012-2098
MD5 | 17555b0ed05795db50cf85fee87064ec
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    3 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close