what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 33 of 33 RSS Feed

Files from Jon Oberheide

Email addressjon at oberheide.org
First Active2005-03-17
Last Active2012-09-14
Linux Kernel Denial Of Service Exploit
Posted Dec 10, 2008
Authored by Jon Oberheide

Linux kernel versions 2.6.27.8 and below ATMSVC local denial of service exploit.net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.

tags | exploit, denial of service, kernel, local
systems | linux
advisories | CVE-2008-5079
SHA-256 | 1ac5511bb7124a05d8d0461db2da89076c5d7276da1e422a0eed18b95223456a
Download | Favorite | View
cosign-vuln-2007-002.txt
Posted Apr 12, 2007
Authored by Jon Oberheide

A remotely exploitable vulnerability has been discovered that allows attackers who are already authenticated via cosign to assume the identity of an arbitrary user on a cosign-protected service. Organizations that run their own central cosign weblogin server should upgrade their weblogin server to cosign 2.0.2a, cosign 1.9.4b, or back-port the patch available at http://weblogin.org/download.html to the version of cosign they are running.

tags | advisory, web, arbitrary
SHA-256 | 9d3384ebd5ec682d699cff4c928f3b744c5e0e5409c6ed578391f6575dfe6c90
Download | Favorite | View
cosign-vuln-2007-001.txt
Posted Apr 12, 2007
Authored by Jon Oberheide

A remotely exploitable vulnerability has been discovered that allows attackers to bypass cosign weblogin server authentication and assume the identity of an arbitrary user on a cosign-protected service. Organizations that run their own central cosign weblogin server should upgrade their weblogin server to cosign 2.0.2a, cosign 1.9.4b, or back-port the patch available at http://weblogin.org/download.html to the version of cosign they are running.

tags | advisory, web, arbitrary
SHA-256 | 2a8d0ff9981290825587f63a0115fe1f88cd7ec7295e11fe261a0bc411f517c9
Download | Favorite | View
libevent-dos.txt
Posted Feb 20, 2007
Authored by Jon Oberheide

A denial of service flaw exists in the parsing of DNS responses in libevent, specifically in the handling of label pointers. Versions 1.2 and 1.2a are affected.

tags | advisory, denial of service
SHA-256 | 40a8b76e6d7840ac57ab547f3c89cb6fd0c7f4d3aff4b6329e75d7ecbdad80a0
Download | Favorite | View
aimject-1.0.tar.gz
Posted Nov 29, 2006
Authored by Jon Oberheide | Site jon.oberheide.org

Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.

Changes: Build support and instructions for win32, win32 binaries/installers using NSIS, icmp redirection disabling, loads of fixes.
tags | tool, sniffer, protocol
SHA-256 | 48101949b13bb6ba02b0cc6cbe6f9c377d39e802481cf75c631befc73ee96b4c
Download | Favorite | View
aimject-0.8.tar.gz
Posted Oct 21, 2006
Authored by Jon Oberheide | Site jon.oberheide.org

Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.

Changes: integrated ARP/DNS spoofing, IP forwarding command execution (linux/*bsd), max screenname length bumped to account for extended names, screenname formatting issue fixed to avoid detection during local message injection
tags | tool, sniffer, protocol
SHA-256 | 8975e8f16ac28ee7b9331a2b37d25c54c13dab742ee263dc198ad8e73e93e6bd
Download | Favorite | View
aimject-0.6.tar.gz
Posted Oct 4, 2006
Authored by Jon Oberheide | Site jon.oberheide.org

Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.

tags | tool, sniffer, protocol
SHA-256 | 5e23f13f4df0e76d70be2e7172cebdbc3306215726fa47e539dcfe6080b57cc0
Download | Favorite | View
phorum5014.txt
Posted Mar 17, 2005
Authored by Jon Oberheide

Phorum versions 5.0.14 and below are susceptible to multiple cross site scripting bugs.

tags | advisory, xss
SHA-256 | 27877b750246ca31ff8d8fb14fd92cf6f6b17f67dd2d3a26b69a7ccc5040b9cc
Download | Favorite | View
Page 2 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close