exploit the possibilities
Showing 1 - 25 of 157 RSS Feed

Files from Tavis Ormandy

Email addresstaviso at google.com
First Active2006-10-09
Last Active2020-06-01
Avast Array.prototype.toString Out-Of-Bounds Copy
Posted Jun 1, 2020
Authored by Tavis Ormandy, Google Security Research

Avast suffers from an out-of-bounds copy vulnerability in Array.prototype.toString.

tags | exploit
MD5 | 59b15e0413a1cb080644249586af9699
SecureCRT Memory Corruption
Posted May 15, 2020
Authored by Tavis Ormandy, Google Security Research

SecureCRT suffers from a memory corruption vulnerability in CSI functions.

tags | exploit
advisories | CVE-2020-12651
MD5 | e90a6d22c2cdbe99b5796b3c3e382581
systemd-machined Incorrect Reference Decrement
Posted Feb 7, 2020
Authored by Tavis Ormandy, Google Security Research

systemd has an issue in systemd-machined where it decrements the reference count when references are still held.

tags | exploit
MD5 | 892461d03b79e21e6c1303c5d998422e
Grub2 grub2-set-bootflag Environment Corruption
Posted Nov 27, 2019
Authored by Tavis Ormandy, Google Security Research

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

tags | exploit
systems | linux, fedora
MD5 | 521fcef9f7dbf428929332a5f1ece053
Visual Studio Code Remote Debugger Enabled
Posted Oct 11, 2019
Authored by Tavis Ormandy, Google Security Research

Visual Studio Code enables its remote debugger by default when installed.

tags | exploit, remote
MD5 | e2bed7919efd579b180ac1c498c16541
LastPass Credential Leak From Previous Site
Posted Sep 16, 2019
Authored by Tavis Ormandy, Google Security Research

LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.

tags | exploit
MD5 | 868ccacf1a79234f0073d4e84c526158
msctf Text Services Framework Design Flaws
Posted Aug 13, 2019
Authored by Tavis Ormandy, Google Security Research

msctf in the Text Services Framework suffers from multiple design flaws that can lead to things like UIPI bypass and interfering with processes.

tags | exploit
MD5 | 189c76e3be251b75e5537879968164e9
SymCrypt Infinite Loop
Posted Jun 12, 2019
Authored by Tavis Ormandy, Google Security Research

There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.

tags | exploit
MD5 | 90963ad9f841cc0101c717a81a229464
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Posted Apr 19, 2019
Authored by Tavis Ormandy, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitrary command execution with root privileges. This module has been tested successfully on: systemtap 1.2-1.fc13-i686 on Fedora 13 (i686); and systemtap 1.1-3.el5 on RHEL 5.5 (x64).

tags | exploit, arbitrary, root
systems | linux, fedora
advisories | CVE-2010-4170
MD5 | b8d10e29a77409ce1871a790dad33d49
GnuTLS verify_crt() Use-After-Free
Posted Mar 27, 2019
Authored by Tavis Ormandy, Google Security Research

This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines in GnuTLS.

tags | exploit
MD5 | ccebe291a8ca3ffea320b528513b5f23
NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash
Posted Mar 21, 2019
Authored by Tavis Ormandy, Google Security Research

NSS suffers from a NULL dereference issue when parsing Netscape Certificate Sequences in CERT_DecodeCertPackage().

tags | exploit
MD5 | 35138609aae47bba66dfd5eb881a1aa8
MatrixSSL x.509 Certificate Verification Stack Buffer Overflow
Posted Feb 21, 2019
Authored by Tavis Ormandy, Google Security Research

MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.

tags | exploit, overflow
MD5 | af74f61a0e0930cd9ea350d669953baf
Ghostscript Pseudo-Operator Remote Code Execution
Posted Jan 23, 2019
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.

tags | exploit, remote, code execution
advisories | CVE-2019-6116
MD5 | e54b142d6e973b2eeff15f79436c06e9
Razer Cortex Debugger Remote Command Execution
Posted Dec 17, 2018
Authored by Tavis Ormandy, Google Security Research

Razer Cortex has a CEF debugger stub enabled by default allowing arbitrary remote command execution.

tags | exploit, remote, arbitrary
MD5 | 1d2152a1c114ec3e8cfb933b419a219c
Logitech Options Craft WebSocket Server Missing Authentication
Posted Dec 12, 2018
Authored by Tavis Ormandy, Google Security Research

The Logitech "Options" craft websocket server has no authentication.

tags | advisory
MD5 | 351cebf77410e506f6772f6e57f6204e
Ubuntu Ghostscript Failed Fix
Posted Nov 30, 2018
Authored by Tavis Ormandy, Google Security Research

The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2018-16510
MD5 | bf60fb38f298c008133783e5223c3485
Ghostscript 1Policy Dangerous Access To Operator
Posted Oct 18, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.

tags | advisory
advisories | CVE-2018-18284
MD5 | f6013aa13df201f50c343927fca57dcd
Ghostscript .loadfontloop Exposed System Operators
Posted Oct 15, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.

tags | advisory
MD5 | 8ee6daa56e7b3cbcf912ca5433934a03
Ghostscript executeonly Bypass
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an executeonly bypass with errorhandler setup.

tags | exploit
advisories | CVE-2018-17961
MD5 | de8be7c4957ab4b3c8a37259c65b3c84
gsview -dSAFER Not Used
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

gsview does not run -dSAFER, allowing for the execution of arbitrary code.

tags | advisory, arbitrary
MD5 | bc269c0811f9b687fc29e4ed1a486a78
Ghostscript Exposed System Operators
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issue where an error object can expose system operators in the saved execution stack.

tags | advisory
advisories | CVE-2018-18073
MD5 | f076ce456ca16868992ed63958eaa396
Ghostscript Failed Restore Command Execution
Posted Sep 6, 2018
Authored by Tavis Ormandy, wvu | Site metasploit.com

This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore (grestore) in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the latest vector for Ghostscript.

tags | exploit, arbitrary
advisories | CVE-2018-16509
MD5 | e1336336af62bb506d362910f0cca41f
Ghostscript Command Execution / File Disclosure / Memory Corruption
Posted Aug 23, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from file disclosure, shell command execution, memory corruption, and type confusion bugs.

tags | exploit, shell
MD5 | 1bbaaab44336f199ff5bab7ea5351935
FromDocToPdf Browser History Disclosure
Posted Apr 17, 2018
Authored by Tavis Ormandy, Google Security Research

FromDocToPdf exposes browsing history to all websites.

tags | advisory
MD5 | a8432820a6f1a3e3079881f89fa100f9
Video Downloader Universal Cross Site Scripting
Posted Apr 6, 2018
Authored by Tavis Ormandy, Google Security Research

The Video Downloader Chrome extension suffers from a universal cross site scripting vulnerability.

tags | exploit, xss
MD5 | 7773a2a48a1659869a5f513b21355dfb
Page 1 of 7
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close