exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Eric Sesterhenn

First Active2013-06-14
Last Active2021-05-26
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
SHA-256 | 3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4
mgetty 1.2.0 Buffer Overflow / Privilege Escalation
Posted Sep 20, 2018
Authored by Eric Sesterhenn

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
advisories | CVE-2018-16741, CVE-2018-16742, CVE-2018-16743, CVE-2018-16744, CVE-2018-16745
SHA-256 | 5cde5e7365b154e8262b6205e6637682d79c5af218b7b7eaba96caf20fd7870a
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
SHA-256 | a6ae5d3d4dedcc85875a8b486ef5cb3f062250e0ddef95b52ca59a9b77f9c066
Linux PAM 0.6.9 Authentication Replay
Posted Aug 14, 2018
Authored by Eric Sesterhenn

It is possible to replay an authentication by using a specially prepared smartcard or token in case pam-pkcs11 is compiled with NSS support. Furthermore two minor implementation issues have been identified. Linux PAM version 0.6.9 is affected.

tags | advisory
systems | linux
SHA-256 | b156716f0716691c0ca438fba63d6af0df228025140f98efed7f8babd73f2e70
Yubico 0.1.9 libykneomgr Out Of Bounds Read / Write
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Yubico version 0.1.9 libykneomgr suffers from out of bounds read and write vulnerabilities.

tags | advisory, vulnerability
SHA-256 | f026402949671b5c7eaa93c8c450e63c93a2dd7a8bf17ecede7d2e2b8238938b
Apple Smart Card Services Memory Corruption
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as any user.

tags | advisory, local, vulnerability, code execution
advisories | CVE-2018-4300, CVE-2018-4301
SHA-256 | 03f8a989d5a6ce06634983e336918a7bae2b2c343a199065eb0802f689d3a8c5
OpenSC 0.18.0 Buffer Overflow / Out Of Bounds Read
Posted Aug 14, 2018
Authored by Eric Sesterhenn

Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Additionally to those fixes reported here, a lot of minor issues (eg. OOB reads and similar) have been reported and fixed. Version 0.18.0 is affected.

tags | advisory, overflow
SHA-256 | 7cbf1ff1fb1b510bc49220cd0645d75c841ff20cdb39c8575a2bdfc1fe2b2b64
Yubico PIV Tool 1.5.0 Buffer Overflow
Posted Aug 14, 2018
Authored by Eric Sesterhenn

A buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token.

tags | advisory, overflow
advisories | CVE-2018-14779, CVE-2018-14780
SHA-256 | ba4bb77ccc36b888c9bfe1c04ac1e72de278a001510604b38d74fbc9bf952c81
PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection
Posted Nov 10, 2017
Authored by Markus Vervier, Eric Sesterhenn

PSFTPd Windows FTP Server version 10.0.4 Build 729 suffers from use-after-free, log injection, and various other vulnerabilities.

tags | exploit, vulnerability
systems | windows
advisories | CVE-2017-15269, CVE-2017-15270, CVE-2017-15271, CVE-2017-15272
SHA-256 | 2ab7fc41e437445992806fe81144885bb0a72f231da48d63855358ad4c080447
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
Posted Jun 5, 2017
Authored by Eric Sesterhenn, Claus Overbeck

Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2017-8835, CVE-2017-8836, CVE-2017-8837, CVE-2017-8838, CVE-2017-8839, CVE-2017-8840, CVE-2017-8841
SHA-256 | a35c1582b7882363268493dd6fbe070be8641b56ca33272bfb77a7e2594c12ff
X.org Privilege Escalation / Use-After-Free / Weak Entropy
Posted Mar 1, 2017
Authored by Eric Sesterhenn

X.org suffers from privilege escalation, weak entropy, and use-after-free vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-2624, CVE-2017-2625, CVE-2017-2626
SHA-256 | f72f05abe9036269c3ae97121d5341b234d6db2cbe445c9d8643a82f22648e4d
tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows
Posted Feb 24, 2017
Authored by Eric Sesterhenn

tnef versions 1.4.12 and below suffer from multiple integer overflows, type confusions, and out of bounds read and write vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 5705b80ef5130f182eaa09743b3b19d2e17761e1bcc5443fc91394d3bdbe51e3
ytnef 1.9 Heap Overflow / Out-Of-Bounds Read / Write
Posted Feb 15, 2017
Authored by Eric Sesterhenn

Multiple heap overflows, out of bound writes and reads, NULL pointer dereferences, and infinite loops have been discovered in ytnef versions 1.9 and below. These could be exploited by tricking a user into opening a malicious winmail.dat file.

tags | advisory, overflow
SHA-256 | 863155d81c8f400b25a4c4da9abcbe4f9c556d4ce5bca22e8188cfbb64d6d669
HumHub 0.11.2 / 0.20.0-beta.2 SQL Injection
Posted Nov 30, 2015
Authored by Eric Sesterhenn | Site lsexperts.de

HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | de97ea4c72cb25e8cbe17f57855cac312d4ef10577f8830837d47392f45dc630
Grand MA 300 Fingerprint Reader Weak PIN Verification
Posted Aug 26, 2014
Authored by Eric Sesterhenn | Site lsexperts.de

Grand MA 300/ID with firmware 6.60 has a weakness that allows the retrieval of the access pin from sniffed data, as well as a weakness that allows a fast brute-force attack on the pin.

tags | exploit
advisories | CVE-2014-5380, CVE-2014-5381
SHA-256 | c73e32f4a61efb4da53a29921041f8c4a0851a33cb60cbbd40518269570c7eb7
F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting
Posted Jun 3, 2014
Authored by Eric Sesterhenn | Site lsexperts.de

F*EX version 20140313-1 suffers from HTTP response splitting and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
advisories | CVE-2014-3875, CVE-2014-3876, CVE-2014-3877
SHA-256 | 4dc3b01fde7c0d86d616433b95f0ae326f207faf8f3d2b9d094c09535ccd6b6e
Avira AntiVir Engine Denial Of Service / Filter Evasion
Posted Jun 14, 2013
Authored by Markus Vervier, Eric Sesterhenn | Site lsexperts.de

Avira AntiVir Engine versions prior to 8.2.12.58 suffers from filter evasion and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4602
SHA-256 | f5e46b03133d76cb79b53518f4dfe1360eac24c598dd82d32a8f7e0fd3a49db7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close