exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from Joost Pol

Email addressjoost at pine.nl
First Active2002-03-07
Last Active2004-11-12
squirrelXSS.txt
Posted Nov 12, 2004
Authored by Joost Pol | Site squirrelmail.org

SquirrelMail versions 1.4.3a and below suffer from a cross site scripting issue in the decoding of encoded text in certain headers. It correctly decodes the specially crafted header, but does not sanitize the decoded strings.

tags | advisory, xss
SHA-256 | 7e8ba7c0955736c617724cfb48418a3e21a671ca561f31c735c783a6d3f15e45
pine-cert-20040201.txt
Posted Feb 4, 2004
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20040201 - The shmat(2) function has a flaw that allows local users to achieve escalated privileges. Vulnerable systems: FreeBSD versions 2.2.0 and greater, NetBSD versions 1.3 and greater, and OpenBSD versions 2.6 and greater.

tags | advisory, local
systems | netbsd, freebsd, openbsd
SHA-256 | a574248c2ca40bfc4b92b9ac9a645d17d7ca2b2477dbce0dd28b3dd3e9b6ce84
FreeBSD Security Advisory 2003.17
Posted Oct 3, 2003
Authored by The FreeBSD Project, Joost Pol | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:17.procfs - A malicious local user could arrange to use a negative or extremely large offset when reading from a procfs "file", causing a system crash, or causing the kernel to return a large portion of kernel memory.

tags | advisory, kernel, local
systems | freebsd
SHA-256 | 95e6035f8a0720cdbb5f1dc7e6f3eaec332fcab7abca4a91304f917dc8a2abd8
pine-cert-20030902.txt
Posted Oct 3, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030902 - An integer overflow condition in all versions of FreeBSD could lead to disclosure of kernel memory.

tags | advisory, overflow, kernel
systems | freebsd
SHA-256 | 19e199ebba5f002b2f5b355c5a5d6960f5ecfe97e20fc885c026a346d1f05c8f
pine-cert-20030901.txt
Posted Oct 3, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030901 - An integer overflow condition that is exploitable under FreeBSD versions 4.3 to present allows for a denial of service and/or privilege escalation.

tags | advisory, denial of service, overflow
systems | freebsd
SHA-256 | f754c8aed03b7474ca466d0f22cdec167687afafce591d4700b55c4268ac9b84
FreeBSD Security Advisory 2003.16
Posted Oct 2, 2003
Authored by The FreeBSD Project, Joost Pol | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-03:16.filedesc - A programming error in the readv system call can result in the given file descriptor's reference count being erroneously incremented. A local attacker may cause the operating system to crash by repeatedly calling readv on a file descriptor until the reference count wraps to a negative value, and then calling close on that file descriptor. Similarly, it may be possible to cause a file descriptor to reference unallocated kernel memory, but remain valid. If a new file is later opened and the kernel allocates the new file structure at the same memory location, then an attacker may be able to gain read or write access to that file. This may in turn lead to privilege escalation. This affects releases 4.3-RELEASE through 4.8 RELEASE.

tags | advisory, kernel, local
systems | freebsd
SHA-256 | d77bc848ba499127eb6972feeba3dbe40a919dde740117b4638758fd937de5da
pine-cert-20030101.txt.asc
Posted Jan 6, 2003
Authored by Joost Pol | Site pine.nl

Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.

tags | advisory, denial of service, kernel, local
systems | freebsd
SHA-256 | 6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
pine-cert-20020301.txt
Posted Mar 7, 2002
Authored by Joost Pol | Site pine.nl

An off by one overflow has been discovered in the channel code of OpenSSH versions 2.0 - 3.0.2. Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client. Fix available here.

tags | overflow, root
SHA-256 | f862fbf462b1a8965de529058ff2c189f2e7ad5ad9d1c0dde44d02b7424b0163
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close