exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Moritz Bechler

First Active2016-07-26
Last Active2022-09-13
TIBCO JasperReports Server 8.0.2 Community Edition Code Execution
Posted Sep 13, 2022
Authored by Moritz Bechler | Site syss.de

Due to JMX/RMI services in TIBCO JasperReports Server version 8.0.2 Community Edition performing unsafe deserialization, it is possible to execute arbitrary code and system commands on the server system.

tags | exploit, arbitrary
SHA-256 | cf89a5a1afe1398d346a6c138d693ce3eb1e1c2bf02ce2079b699b2424581b9c
Oracle Database Weak NNE Integrity Key Derivation
Posted Dec 13, 2021
Authored by Moritz Bechler | Site syss.de

NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes (MACs). Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.

tags | exploit
advisories | CVE-2021-2351
SHA-256 | 819ba67d5e27ccd91c65c8f0781b76862e43a929fdc227c9dab9c9d20d7aa8d2
Oracle Database Protection Mechanism Bypass
Posted Dec 13, 2021
Authored by Moritz Bechler | Site syss.de

Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected.

tags | exploit
advisories | CVE-2021-2351
SHA-256 | d0de07f4f0e48542261c0ae9b420a3424f2d3aa4191dbb91e07c6c991ab3de7b
Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization
Posted May 19, 2020
Authored by Moritz Bechler | Site syss.de

Protection Licensing Toolkit ReadyAPI version 3.2.5 suffers from an unsafe deserialization vulnerability that allows for remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2020-12835
SHA-256 | 0a738ab46dd18ea4fe3151340310163ee7d1af2f6352f68d94c163c9e82580b4
SquirrelMail 1.4.22 Cross Site Scripting
Posted Jul 1, 2019
Authored by Moritz Bechler | Site syss.de

SquirrelMail version 1.4.22 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-12970
SHA-256 | e0fade0e7c5216f5956fdcd3b89294dead81e66b576a08326b496cc18d4bc0f4
Coldfusion / JNBridge Remote Code Execution
Posted Jun 26, 2019
Authored by Moritz Bechler | Site syss.de

Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2019-7839
SHA-256 | f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58d
LDAP Swiss Army Knife
Posted Jun 12, 2019
Authored by Moritz Bechler | Site github.com

This paper presents the "LDAP Swiss Army Knife", an easy to use LDAP server implementation built for penetration oder software testing. Apart from general usage as a server or proxy it also shows some specific attacks against Java/JNDI based LDAP clients.

tags | paper, java
SHA-256 | 341da515f73e2922c4e4729bef9645201fe4a74fdb8cb1bf8b386787d5631e80
Dojo Toolkit 1.13 Cross Site Scripting
Posted Aug 27, 2018
Authored by Moritz Bechler | Site syss.de

Dojo Toolkit version 1.13 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-15494
SHA-256 | f84edcee9a5e3daa0ab8b77ca5133492843ef287eff253e7a7157bf5d674faa8
ILIAS 5.3.2 / 5.2.14 / 5.1.25 Cross Site Scripting
Posted May 22, 2018
Authored by Moritz Bechler | Site syss.de

ILIAS versions 5.3.2, 5.2.14, and 5.1.25 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-10428
SHA-256 | 2aac0222aebf2e7413630a3b07065dedd067ddc45d6a86a9fc12a1676428cf5d
Bamboo Deserialization Issue
Posted Jul 26, 2016
Authored by David Black, Moritz Bechler

This advisory discloses a critical severity security vulnerability which was introduced in version 2.3.1 of Bamboo. Versions of Bamboo starting with 2.3.1 before 5.11.4.1 (the fixed version for 5.11.x) and from 5.12.0 before 5.12.3.1 (the fixed version for 5.12.x) are affected by this vulnerability.

tags | advisory
advisories | CVE-2016-5229
SHA-256 | dbfb17c0ede40ea6f49b801493783efdda5b7f9fcc1178a440c9e193c5f682f4
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close