what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from Dmitriy Pletnev

First Active2010-09-14
Last Active2013-01-18
Oracle Outside In Buffer Oveflow
Posted Jan 18, 2013
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the Paradox database stream filter (vspdx.dll) when processing the field names and can be exploited to cause a heap-based buffer overflow via a specially crafted "number of fields" value in the table header. Oracle Outside In SDK version 8.3.7 (w/ patch 14153713) is affected.

tags | advisory, overflow
advisories | CVE-2013-0418
SHA-256 | 56fa0dec02fefe39d056fd79fe61eb9e26cdf4acaa109e6e081b8297ad7a6901
Oracle Outside In Denial Of Service
Posted Jan 18, 2013
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Paradox database stream filter (vspdx.dll) when processing the field type within a field description array and can be exploited to reference unallocated memory via an unsupported type value (e.g. 14). Oracle Outside In SDK version 8.3.7 (w/ patch 14153713) is affected.

tags | advisory, denial of service
advisories | CVE-2013-0393
SHA-256 | 64eb02f84a8c1969ec2858048292fa533a3119e377c598fc40cfe05b33a023ce
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
Posted Dec 19, 2012
Authored by James Fitts, Dmitriy Pletnev, Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00 SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long string argument for the InternationalSeparator() method of the ISSymbol control. This Metasploit modules uses the msvcr71.dll form the Java JRE6 to bypass ASLR.

tags | exploit, java, web, overflow
advisories | CVE-2011-0340, OSVDB-72865
SHA-256 | f99bd99b5b541326375a269f30ae36cdabc7a1c18a150d0b60fb51908c7a78c6
Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
Posted Dec 18, 2012
Authored by Dr_IDE, Dmitriy Pletnev, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2010-2590, OSVDB-69917
SHA-256 | e2e444f4f608cf2a5267e52972251a3f6dc63fb45578a2ac18f6eb5ad4684ec0
Citrix Access Gateway Plug-in For Windows nsepacom Buffer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. Successful exploitation allows execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2592
SHA-256 | 88190841a21f5703514230e00d059f52693aa6867752ab05cf5658926bb7ec55
Citrix Access Gateway Plug-in For Windows nsepacom Integer Overflow
Posted Aug 1, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.

tags | advisory, web, overflow, arbitrary, activex
systems | windows
advisories | CVE-2011-2593
SHA-256 | e3fca65bdb01a3b7b24ef54cae23d5e08cd0034667d410d5364cab845d4fe8a7
Network Instruments Observer SNMP Processing Buffer Overflows
Posted Jun 8, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered two vulnerabilities in Network Instruments Observer, which can be exploited by malicious people to compromise a vulnerable system. A boundary error in the "CSnmp::DecodePacket()" method (NISNMP.DLL) when processing the community string can be exploited to cause a heap-based buffer overflow via a specially crafted SNMP datagram. An error in the "CSnmp::DecodePacket()" method (NISNMP.DLL) when processing an Object Identifier (OID) can be exploited to cause a heap-based buffer overflow via a specially crafted Trap PDU (0xA4) SNMP datagram sent to UDP port 162. Successful exploitation of the vulnerabilities allows execution of arbitrary code, but may require the attacker to enumerate or guess the SNMP port. Observer version 15.1 Build 0007.0000 is affected.

tags | advisory, overflow, arbitrary, udp, vulnerability
SHA-256 | 47406405f7fbbaf3904168e2444043931477814738fb138699f2f1cd927dab1d
Network Instruments Observer SNMP OID Processing Denial Of Service
Posted Jun 8, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Network Instruments Observer, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "CSnmp::ASN1_ReadObjIDValue()" method (NISNMP.DLL) when processing an Object Identifier (OID) within a variable binding list. This can be exploited to cause a limited stack-based buffer overflow and cause a crash only via e.g. a specially crafted SetRequest SNMP datagram. Observer version 15.1 Build 0007.0000 is affected.

tags | advisory, denial of service, overflow
advisories | CVE-2012-0274
SHA-256 | 4b19996f632b90588e6f9fdda2fe95919af4b0bd7fa7dcf8b09165f3ad0b36c0
RealNetworks Helix Server SNMP Master Agent Denial Of Service
Posted Apr 10, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered two vulnerabilities in RealNetworks Helix Server, which can be exploited by malicious people to cause a denial of service. RealNetworks Helix Server version 14.2.0.212 is affected.

tags | advisory, denial of service, vulnerability
SHA-256 | 5b1e1fa0cc0eed87f6da68ffae687141005db917dec8e254c0a6d683331a14a7
RealNetworks Helix Server Credentials Disclosure
Posted Apr 10, 2012
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a security issue in RealNetworks Helix Server, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the user and administrative credentials being insecurely stored in the flat file database (\Program Files\Real\Helix Server\adm_b_db\users\). This can be exploited by local users to disclose the clear text passwords. RealNetworks Helix Server version 14.2.0.212 is affected.

tags | advisory, local, info disclosure
advisories | CVE-2012-1923
SHA-256 | aca90a6e399548c638f4a6941e59231976b3ab8e08ca00038b88e7f290140d47
Sterling Trader Data Processing Buffer Overflow
Posted Dec 13, 2011
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in Sterling Trader, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in Base.exe when processing network requests (code 176). This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to a certain TCP port. Successful exploitation allows execution of arbitrary code, but requires guessing the TCP port, which is dynamically assigned. Version 7.0.2 is affected.

tags | advisory, overflow, arbitrary, tcp
advisories | CVE-2011-3842
SHA-256 | 4bba5165e1e1a29e14507788d3f4a83164273e1104b6b0be79ccc37695952d76
Winamp AVI Processing Two Integer Overflows
Posted Dec 12, 2011
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered two vulnerabilities in Winamp version 5.622, which can be exploited by malicious people to compromise a user's system. An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file.

tags | advisory, overflow, vulnerability
advisories | CVE-2011-3834
SHA-256 | 86c5793878c1f8e344414a71231e48221830efa8d32e47599710d676f1c3ff5d
InduSoft ISSymbol ActiveX Control Buffer Overflows
Posted Sep 1, 2011
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, overflow, vulnerability, activex
advisories | CVE-2011-0342
SHA-256 | aacb553a1f2dad3eeea2c320ebae5a1a08f238fd12635b3a53e42a3b137a366e
SAP Crystal Reports Print ActiveX Control Buffer Overflow
Posted Dec 20, 2010
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in SAP Crystal Reports, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control (PrintControl.dll) when processing the "ServerResourceVersion" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. Affected is Crystal Reports 2008 SP3 Fix Pack 3.2 Print ActiveX (12.3.2.753).

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2010-2590
SHA-256 | d28710dbbdb6a4e04bbf0b31230732e1f2ccbb1c884c4ad65e99fc484a3db74d
SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
Posted Oct 29, 2010
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2010-2583
SHA-256 | bda7d9a6037b717f828fe03148093d6578e44697389fab80cebbcb196eeacc52
MailEnable SMTP Service Denial Of Service
Posted Sep 14, 2010
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered two vulnerabilities in MailEnable, which can be exploited by malicious people to cause a DoS (Denial of Service). An insufficient length check when appending data to a predefined log message into a buffer using strcat_s() may result in an unhandled invalid parameter error. This can be exploited to crash the SMTP service (MESMTPC.exe) via an overly long email address in the "MAIL FROM" command. An insufficient length check when copying data with a predefined log message into a buffer using strcpy_s() may result in an unhandled invalid parameter error. This can be exploited to crash the SMTP service (MESMTPC.exe) via an overly long domain name in the "RCPT TO" command.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-2580
SHA-256 | b390e4462d7181ab22d988e0eaeb3fed9186ac4bba863901c1fa5b907f6d21bb
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close