exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Ariel Berkman

First Active2004-12-30
Last Active2013-06-14
Android Debug Bridge Traversal
Posted Jun 14, 2013
Authored by Ariel Berkman

adb (Android Debug Bridge) backup and restore suffers from a traversal vulnerability where a file with a malicious name can overwrite files outside of the appropriate directory.

tags | exploit, file inclusion
SHA-256 | eb3ffd09ecd5ca06060be0c442a3edcedfc027d3e35c7c125ecb2c9c47604770
Hiding Data In Hard-Drive's Service Areas
Posted Feb 19, 2013
Authored by Ariel Berkman | Site recover.co.il

In this paper the author demonstrates how spinning hard-drives' service areas can be used to hide data from the operating-system (or any software using the standard OS's API or the standard ATA commands to access the hard-drive). These reserved areas are used by hard-drive vendors to store modules that in turn operate the drive, and in a sense, together with the ROM, serve as the hard-drive’s internal storage and OS. By sending Vendor Specific Commands (VSCs) directly to the hard-drive, one can manipulate these areas to read and write data that are otherwise inaccessible. This should not be confused with DCO or HPA which can be easily detected, removed and accessed via standard ATA commands.

tags | paper
SHA-256 | 56c7d0d4187efd4b11c8476ff27ccc113b0205c32f936a78c17c88cafa947b3d
xloadFlaws.tgz
Posted Oct 7, 2005
Authored by Ariel Berkman

Three buffer overflows have been discovered in xloadimage during the handling of the image title name. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it. At that point, it will also copy the title from the old image to the newly created image. The 'zoom', 'reduce', and 'rotate' functions are using a fixed length buffer to construct the new title name when an image processing is done. Since the title name in a NIFF format is of varying length, and there are insufficient buffer size validations, the buffer can be overflowed. Proof of concept files included.

tags | exploit, overflow, proof of concept
SHA-256 | d6405d0250103efa153a79199d053e8ec209db2107cbb6bbed5155b986e00757
yanf.txt
Posted Dec 31, 2004
Authored by Ariel Berkman

A buffer overflow vulnerability exists in the Yanf news fetcher utility version 0.4.

tags | advisory, overflow
SHA-256 | 877eee2f42cbd1fbc93e5f7b498d7e966f2d625fc7823cb2e7dcd7ce37052da0
vilistextum.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

Vilistextum version 2.6.6 is susceptible to a buffer overflow in the get_attr() function.

tags | advisory, overflow
SHA-256 | 3647ccca69811067c47b4f3ca914498ff7ba6d96d57aa902ef52f5d4d65c7f20
elm-bolthole-filter.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

Bolthole Filter 2.6.1 is susceptible to a buffer overflow in the save_embedded_address() function.

tags | advisory, overflow
SHA-256 | e81216105c9e6872a277520889e10eb6ed145339886c78f8534bc7ae33ead91a
dxfscope.txt
Posted Dec 30, 2004
Authored by Ariel Berkman

DXFscope version 0.2 is susceptible to a buffer overflow in the dxfin() function.

tags | advisory, overflow
SHA-256 | 34369099fb355879ef5d0da41977d60a2e86ad54487c2f236eb122ab38a89caf
changepassword.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

changepassword version 0.8 fails to use a trusted path when calling make.

tags | advisory
SHA-256 | da1061e9de0ae066f6c2d658e82865131a2705010fda490fa62cb52b0630431f
convex3d.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

Convex 3D version 0.8pre1 is susceptible to a boundary error condition in the readObjectChunk() function that can result in arbitrary code execution.

tags | advisory, arbitrary, code execution
SHA-256 | c0be34234c7b7ee264a7e65fbf8b54ae365a38cebd00de455fee697c1b176833
cups.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error in the ParseCommand() function of CUPS version 1.x allows for a buffer overflow attack.

tags | advisory, overflow
SHA-256 | 9ccc61dd6cf89fb1b7ef2aaa8f5dfe79a4ba5c2dd48a1000eff91a3631981c4c
xine-lib.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error condition in xine-lib versions 1-rc5 and 1-rc7 allows for arbitrary code execution.

tags | advisory, arbitrary, code execution
SHA-256 | 16d1652200dbbf84c39bd07bfd776f45e532758e649d978d1e7bc23cbbbd270f
2fax-djb.txt
Posted Dec 30, 2004
Authored by Ariel Berkman | Site tigger.uic.edu

A boundary error condition in ArBas 2fax allow for arbitrary code execution. Version 3.04 was found susceptible.

tags | advisory, arbitrary, code execution
SHA-256 | 356e87e258b9ac8d5fb03c4ec8826e44b8b471af4e4c8bba86981353f2aa2447
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close