what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files from Frank Denis

Email addressj at pureftpd.org
First Active2002-07-03
Last Active2014-10-02
Pure-FTPd External Authentication Bash Environment Variable Code Injection
Posted Oct 2, 2014
Authored by Frank Denis, Spencer McIntyre, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ec
kitchenaid.txt
Posted Oct 13, 2004
Authored by Frank Denis

This one is serious.. smoothie makers beware. There's a race condition in KitchenAid blenders that can trigger a denial of service. The device will require a physical shutdown in order to work again. Full details of exploitation provided.

tags | advisory, denial of service
SHA-256 | 99035039e64067b952af58f3209809e892647771d9123ba06bedf99a51bf960c
BrocadeDoS.txt
Posted Sep 9, 2004
Authored by Frank Denis

Brocase switches can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and remote administration becomes impossible. This attack does not require any authentication and there is no trace in any log file. Versions affected: All Brocade fiber channel switches running pre-3.2 code including Silkworm 3800, Silkworm 3200 and Silkworm 2800.

tags | advisory, remote, tcp
SHA-256 | fd5b1fd96268eb5f48f6af03f5007c9d70d0e73120ab7db2b96f8616abeb1a8e
engenioLSI.txt
Posted Sep 9, 2004
Authored by Frank Denis

Storagetek and IBM FastT controllers can be frozen with a few specially crafted TCP packets. The IP stack becomes unresponsive and administration through Santricity/IBM Storage Manager becomes impossible. Under some circumstances, unrecoverable corruption of the stored data will happen. This attack doesn't require any authentication and there is no trace in any log file. The controllers are vulnerable even at installation-time.

tags | advisory, tcp
SHA-256 | 9f0a33dcfdb49b6eae3cc05e488bd9881a47508833daf81f508815df58c6fc70
mnoGoSearch0215.txt
Posted Feb 16, 2004
Authored by Frank Denis

mnoGoSearch versions 3.2.13-15 are vulnerable to a buffer overflow attack when a large document is indexed.

tags | advisory, overflow
SHA-256 | b81572f8e5896c50b3258ba30d2a396e68c049ce518ef8b86832bea9d0ef61b5
webjavablam.txt
Posted Oct 3, 2003
Authored by Frank Denis

Multiple web-based mail systems, when browsed through Internet Explorer, may allow for arbitrary Javascript execution.

tags | advisory, web, arbitrary, javascript
SHA-256 | a34a778bae5158f0d6f80286e755627144609ff52df498c4a83f33efc899ac8d
mysqlpriv.txt
Posted Sep 13, 2003
Authored by Frank Denis | Site secunia.com

Secunia Research Advisory - A vulnerability in MySQL version 4.0.14 and below, due to a boundary error when checking passwords before hashing and storing them in the User table, can be exploited by malicious users to escalate their privileges via supplying a value longer than 16 characters using set password.

tags | advisory
SHA-256 | b38050cc8622e8b30bee6fe74ad079fbb83abe828e36d3b629f1c530345f520d
mod_ssl_off_by_one.txt
Posted Jul 3, 2002
Authored by Frank Denis

An off-by-one overflow in Apache mod_ssl v2.4.9 and below can be used to by local users to execute code with the privileges of the web server.

tags | web, overflow, local
SHA-256 | bc874d50af7de42b9e7892022426567f87b4cec80e88a6470ac08c1097e61b27
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close