exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 37 of 37 RSS Feed

Files from Felix Wilhelm

Email addressfwilhelm at google.com
First Active2010-11-20
Last Active2023-01-02
haproxy hpack-tbl.c Out-Of-Bounds Write
Posted Apr 21, 2020
Authored by Google Security Research, Felix Wilhelm

The haproxy hpack implementation in hpack-tbl.c handles 0-length HTTP headers incorrectly. This can lead to a fully controlled relative out-of-bounds write when processing a malicious HTTP2 request (or response).

tags | exploit, web
advisories | CVE-2020-11100
SHA-256 | 6313a8193a04a7546984327f36401b3e595cd897bef3968ddef00a3d7d80f2c5
Git Credential Helper Protocol Newline Injection
Posted Apr 15, 2020
Authored by Google Security Research, Felix Wilhelm

A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.

tags | exploit, protocol
advisories | CVE-2020-5260
SHA-256 | 6ed18788c9d0b689b962cf0717c7f1295a605925baa43166ab82599970c79913
KVM VMX Preemption Timer Use-After-Free
Posted Feb 16, 2019
Authored by Google Security Research, Felix Wilhelm

KVM suffers from a use-after-free vulnerability after using the emulated VMX preemption timer.

tags | exploit
advisories | CVE-2019-7221
SHA-256 | 6128c94e53f07c17d60e06af6b3765bb461919eaaf1675c8911ad9a188e4a045
KVM kvm_inject_page_fault Uninitialized Memory Leak
Posted Feb 16, 2019
Authored by Google Security Research, Felix Wilhelm

KVM suffers from an uninitialized memory leak vulnerability in kvm_inject_page_fault.

tags | exploit, memory leak
advisories | CVE-2019-7222
SHA-256 | 37dc7ba8615294d9fc43ecd68259d32a25cc5c8838fffbdc609d3dfd89196566
Evince CBT File Command Injection
Posted Feb 7, 2019
Authored by Sebastian Krahmer, Brendan Coles, Matlink, Felix Wilhelm | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book `.cbt` files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited space is available for the payload.

tags | exploit
advisories | CVE-2017-1000083
SHA-256 | be7441cb5d0ca4f4495067990292385a52fbdd586a1d34cad46036dcc7576c4c
NetworkManager Daemon Command Execution
Posted Sep 6, 2018
Authored by Sameer Goyal, Felix Wilhelm

This is a small tutorial write up that provides a DynoRoot exploit proof of concept.

tags | exploit, proof of concept
advisories | CVE-2018-1111
SHA-256 | 05bd61cb8ce0024fe6348ca11ae1d9aa32b087a7faf6df353ddc2aface0c11eb
Xen xen-netback xenvif_set_hash_mapping Integer Overflow
Posted Aug 17, 2018
Authored by Google Security Research, Felix Wilhelm

Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.

tags | advisory, overflow
SHA-256 | a57c9bdaee536be75c911cbc36bfde9628b265d45ec11186e3c633aa95fb102c
KVM Nest Virtualization L1 Guest Privilege Escalation
Posted Jun 25, 2018
Authored by Google Security Research, Felix Wilhelm

When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0.

tags | exploit
SHA-256 | e4f92891c53308037346815989f93e355401e22ad52a077945971a06a625d400
DHCP Client Command Injection (DynoRoot)
Posted Jun 12, 2018
Authored by Felix Wilhelm | Site metasploit.com

This Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.

tags | exploit, arbitrary, local, root, spoof, protocol
systems | linux, redhat, fedora
advisories | CVE-2018-1111
SHA-256 | 6b992abd6eb4488b1451744ac9a29b8cfc36bb9a4b8e764995041383204e8229
EMC Replication Manager / Network Module Remote Code Execution
Posted Oct 4, 2016
Authored by Felix Wilhelm | Site emc.com

EMC Replication Manager (RM) is affected by a remote code execution vulnerability that may be exploited by an attacker to compromise an affected system. A remote unauthenticated attacker may execute arbitrary commands on an RM Client, with high privileges, by starting a rogue RM Server that connects to the RM Client and executes the malicious script/payload that is placed in an SMB share, by the attacker, that is accessible to the RM Client. Affected include EMC Replication Manager versions prior to 5.5.3 on all supported OS, EMC Network Module for Microsoft version 3.x, and EMC Networker Module for Microsoft version 8.2.x.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2016-0913
SHA-256 | 8059f29d7b62d602762d9929ab5df11e813ed3be3cd31bfb824fd17aef285ae2
Action Pack DoS / SQL Injection / Code Execution
Posted Jan 8, 2013
Authored by Jonathan Rudenberg, Ben Murphy, Bryan Helmkamp, Magnus Holm, Charlie Somerville, Aaron Patterson, Darcy Laycock, Benoist Claassen, Felix Wilhelm

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a denial of service attack on a Rails application.

tags | advisory, denial of service, arbitrary, sql injection, ruby
advisories | CVE-2013-0156
SHA-256 | e6b7d9e5b6b28e3c08ebdbbf557326661b4a8bf5291d91b70d108f5ac0ec4be1
CakePHP 1.3.5 / 1.2.8 Cache Corruption Exploit
Posted Nov 20, 2010
Authored by tdz, Felix Wilhelm | Site metasploit.com

CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver. Versions less than and equal to 1.3.5 and 1.2.8 are affected.

tags | exploit, web, arbitrary, php
advisories | OSVDB-69352
SHA-256 | dea34a0c2801eeab996b4917a68c1df259d3d1d8e08d971dace6ac256f486273
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close