exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from Luis Merino

First Active2018-09-20
Last Active2021-05-26
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
SHA-256 | 3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4
YARA 4.0.3 Denial Of Service / Information Disclosure
Posted Feb 2, 2021
Authored by Luis Merino

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA version 4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.

tags | exploit, denial of service, overflow, info disclosure
SHA-256 | 183f1463a17d86e57cdffc4bbe68da6feacd0ea4ddea585d5da2223c4199d865
Colin Percival's bsdiff 4.3 Memory Corruption
Posted Jul 10, 2020
Authored by Luis Merino

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival's bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. Proof of concept included.

tags | exploit, proof of concept
advisories | CVE-2020-14315
SHA-256 | 643f39b2a94fbeb126dfc6e857751a1e90b11ec7a3a02e0368174a11f3c10689
Thunderbird libical Type Confusion
Posted Jun 14, 2019
Authored by Luis Merino

A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies. Proof of concept included.

tags | exploit, remote, proof of concept
advisories | CVE-2019-11706
SHA-256 | ef2673a39e913d07181596a62fd8c9246e3d5812f7d9b077e77524dc51376013
Thunderbird libical Stack Buffer Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution, proof of concept
advisories | CVE-2019-11705
SHA-256 | 47c3eb61b29367d5a2946ff2994c08510a93a27c3f70aae7b73521d1c8fa4c8e
Thunderbird libical icalparser.c Heap Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution
advisories | CVE-2019-11703
SHA-256 | fbc427324f7bbbd52b32d86534519facca35022c50ab621232e63a61a9d5146c
Thunderbird libical Heap Overflow
Posted Jun 14, 2019
Authored by Luis Merino

A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.

tags | exploit, remote, overflow, code execution, proof of concept
advisories | CVE-2019-11704
SHA-256 | 766c136bb2357c16dd4df02ef330217cd6ff8d8808169a3d9f9621d7f7750e6c
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write
Posted Sep 20, 2018
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2018-17141
SHA-256 | a6ae5d3d4dedcc85875a8b486ef5cb3f062250e0ddef95b52ca59a9b77f9c066
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close