exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files from Pietro Oliva

Email addresspietroliva at gmail.com
First Active2010-01-07
Last Active2020-11-13
ReadyTalk Avian JVM FileOutputStream.write() Integer Overflow
Posted Nov 13, 2020
Authored by Pietro Oliva

ReadyTalk Avian JVM versions 1.2.0 before 27th October 2020 suffer from a FileOutputStream.write() integer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 6900d0810f32c7a4085388df479ec9c677eafb362f0ace4123fc2d63eacfd040
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
Posted Sep 18, 2020
Authored by Pietro Oliva | Site metasploit.com

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root. NC210 devices cannot be exploited directly via /setsysname.cgi due to proper input validation. NC210 devices are still vulnerable since swBonjourStartHTTP did not perform any validation when reading the alias name from the configuration file. The configuration file can be written, and code execution can be achieved by combining this issue with CVE-2020-12110.

tags | exploit, arbitrary, shell, cgi, root, code execution
advisories | CVE-2020-12109
SHA-256 | 820ebca1a60727c3c7198c5f8d186f030d053aca8aaa88544be3fdcb57017f5e
Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks
Posted Sep 4, 2020
Authored by Pietro Oliva

Noise-Java suffers from an issue located in the AESGCMOnCtrCipherState.encryptWithAd() method defined in AESGCMOnCtrCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.

tags | exploit, java
advisories | CVE-2020-25023
SHA-256 | a99df3ee9f5acff0704d48e5d7c762aa97aa9cf1ebaf6936dab504c89c499e99
Noise-Java ChaChaPolyCipherState.encryptWithAd() Insufficient Boundary Checks
Posted Sep 3, 2020
Authored by Pietro Oliva

Noise-Java suffers from an issue located in the ChaChaPolyCipherState.encryptWithAd() method defined in ChaChaPolyCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.

tags | exploit, java
advisories | CVE-2020-25021
SHA-256 | f3994b64ff5442dca9b210aa3ea273c585602af6661380803b314457b75427d5
Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks
Posted Sep 3, 2020
Authored by Pietro Oliva

Noise-Java suffers from an issue located in the AESGCMFallbackCipherState.encryptWithAd() method defined in AESGCMFallbackCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.

tags | exploit, java
advisories | CVE-2020-25022
SHA-256 | 4e410b9fd9e7aa4bb4aa52ef1b488bee68cddf57081ac0029713f8e54a1eba53
Avian JVM 1.2.0 Silent Return
Posted Aug 12, 2020
Authored by Pietro Oliva

Avian JVM version 1.2.0 suffers from a silent return issue in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks are performed to prevent out-of-bounds memory read/write. One of these boundary checks makes the code return silently when a negative length is provided instead of throwing an exception.

tags | exploit
advisories | CVE-2020-17361
SHA-256 | 53ead956cdf9e9e2c075fcdfff1ae5c760e139f9927afb026cac0d5b93cd5921
Avian JVM 1.2.0 Integer Overflow
Posted Aug 12, 2020
Authored by Pietro Oliva

Avian JVM version 1.2.0 suffers from multiple vm::arrayCopy() integer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2020-17360
SHA-256 | f95c4205b8ecd4cf340fed2f7ac5947cbf815565adc1c0184abd2d90668c51dc
TP-LINK Cloud Cameras NCXXX Stack Overflow
Posted Jun 16, 2020
Authored by Pietro Oliva

TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2020-13224
SHA-256 | 8ceea48329dd3d48af63a7ccdec830b47ac2bcf4bf77d8735c577b80b70e19b4
TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection
Posted May 1, 2020
Authored by Pietro Oliva

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

tags | exploit, root
advisories | CVE-2020-12111
SHA-256 | 7c6daeba86b10ee66abb00c8b005635251b71f86700d9246cd9f53c346cb9ee0
TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key
Posted May 1, 2020
Authored by Pietro Oliva

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from having a hardcoded encryption key. The issue is located in the methods swSystemBackup and sym.swSystemRestoreFile, where a hardcoded encryption key is used in order to encrypt/decrypt a config backup file. The algorithm in use is DES ECB with modified s-boxes and permutation tables.

tags | exploit
advisories | CVE-2020-12110
SHA-256 | 8a9bf019904b9da201926fdb2f4eca44ec5bb26ff30a3e12709465ed196958ca
TP-LINK Cloud Cameras NCXXX Bonjour Command Injection
Posted May 1, 2020
Authored by Pietro Oliva

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary (Called when setting a new alias for the device via /setsysname.fcgi), where despite a check on the name length, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root.

tags | exploit, arbitrary, shell, root
advisories | CVE-2020-12109
SHA-256 | 51f53a1e5bba2a9ada63d195865ebededf26762f4a245d45d4e986eb40f62c20
TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference
Posted Apr 1, 2020
Authored by Pietro Oliva

TP-LINK cloud cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a remote null pointer dereference vulnerability.

tags | advisory, remote
advisories | CVE-2020-10231
SHA-256 | 9f1d7280c6b43c3460d7edc998309cea3240cebfc388e46f582ecf935c7deb71
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
Posted Jan 12, 2015
Authored by Pietro Oliva

WordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-7956, CVE-2014-7957
SHA-256 | 0d05523785cc3c3d6afe4c0cd58b19ca76dd69c34245e15bfa829cfa9677b80d
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF
Posted Nov 5, 2014
Authored by Pietro Oliva

WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-7958, CVE-2014-7959, CVE-2014-8749
SHA-256 | f48eb2e59a5e952f39b016be11e5ff6296d87aa734b6ee5886bc652f1e3ef960
WordPress Buddypress 1.9.1 Privilege Escalation
Posted Feb 14, 2014
Authored by Pietro Oliva

WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-1889
SHA-256 | fa0ee4897fffef374ba31d9600f656b4b67d282b9dee8e74e5f06db89ccd0ac0
WordPress Buddypress 1.9.1 Cross Site Scripting
Posted Feb 14, 2014
Authored by Pietro Oliva

WordPress Buddypress plugin versions 1.9.1 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1888
SHA-256 | cb6e6a7f1e53ac871ca5f03ab6a3fb79940b35b8a9e403602f1639a1c1c52a7b
Mplayer 4.4.1 NULL Pointer Dereference
Posted Mar 18, 2010
Authored by Pietro Oliva

mplayer versions 4.4.1 and below NULL pointer dereference exploit.

tags | exploit
SHA-256 | 376e5f60a06701cdee772cf805e9548c3f3f6f36aca1a4e40871d91d04d2af41
Gnome Panel 2.28.0 Denial Of Service
Posted Jan 7, 2010
Authored by Pietro Oliva

Gnome Panel versions 2.28.0 and below denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | e29183e7a8b1eb5a52dcb852b6fcd168a4575c018ec59fb9bfc89dd06299d339
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close