exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 55 RSS Feed

Files

Packet Storm Advisory 2013-0819-1 - Oracle Java BytePackedRaster.verify()
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | 1b8625579128a6aa2eebdfe1d14a2d3ff5e447dbf25cd29275461b7cd5791be8

Related Files

Packet Storm Advisory 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.

tags | advisory, bug bounty, packet storm
systems | linux
SHA-256 | 57833cb6d2c4d2d145ba4e56f348f6182a247930713b65de664031a38287a959
Packet Storm Exploit 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux
Posted Dec 5, 2014
Authored by Hector Marco, Ismael Ripoll | Site packetstormsecurity.com

Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.

tags | exploit, proof of concept, bug bounty, packet storm
systems | linux
SHA-256 | af29e970411b02a4faa3410f217a6f31cf2be6b21d710ee65c2ff859aa9a0426
Packet Storm Advisory 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

Microsoft Silverlight 5 suffers from invalid typecast and memory disclosure vulnerabilities that, when leveraged together, allow for arbitrary code execution. A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method. BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property. Exploitation details related to these findings were purchased through the Packet Storm Bug Bounty program.

tags | advisory, arbitrary, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
SHA-256 | 3bb4d92511f689e34dee499a420b6463240d5b229dbaa5033abb953fb0ba3421
Packet Storm Exploit 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

This exploit leverages both invalid typecast and memory disclosure vulnerabilities in Microsoft Silverlight 5 in order to achieve code execution. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".

tags | exploit, remote, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
SHA-256 | 52cb4ddd1cdf46517f03dc3f821a50041e929ed003d1d7575ad883ef43571280
Packet Storm Advisory 2013-0917-1 - Oracle Java ShortComponentRaster.verify()
Posted Sep 17, 2013
Site packetstormsecurity.com

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | windows
SHA-256 | 9b46afd762236e62d711f0fada9c9de29c69547da21046abe1e2ed3b09781fcc
Packet Storm Exploit 2013-0917-1 - Oracle Java ShortComponentRaster.verify() Memory Corruption
Posted Sep 17, 2013
Site packetstormsecurity.com

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | windows
SHA-256 | b69d9577ff19470b3048d950dd9549dc3b2aa75f7581440fc3a967b43221d8d6
Packet Storm Advisory 2013-0903-1 - Apple Safari Heap Buffer Overflow
Posted Sep 4, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, overflow, arbitrary, javascript, code execution, bug bounty, packet storm
systems | apple, osx, iphone, ios
advisories | CVE-2012-3748
SHA-256 | 84bd76ba4dce1e485a3431a2c7bbd07c262e86f184ca05e0931fac224f9ab746
Packet Storm Exploit 2013-0903-1 - Apple Safari Heap Buffer Overflow
Posted Sep 4, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, overflow, arbitrary, javascript, code execution, bug bounty, packet storm
systems | apple, osx, iphone, ios
advisories | CVE-2012-3748
SHA-256 | 14c94c8c5cb510aa3236b42b9618aa54726915b4e116afea229961e936fb158d
Packet Storm Advisory 2013-0827-1 - Oracle Java ByteComponentRaster.verify()
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | 9fd26d41fd22e4129c77a4d73ea91dc162b341382d20abaf8a4da3c11006e787
Packet Storm Exploit 2013-0827-1 - Oracle Java ByteComponentRaster.verify() Memory Corruption
Posted Aug 27, 2013
Site packetstormsecurity.com

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | b839d5970482f3cd66e3ee8e41489d0f6ff55dcbb61c65d376fe88669b834be3
Packet Storm Exploit 2013-0819-1 - Oracle Java BytePackedRaster.verify() Signed Integer Overflow
Posted Aug 19, 2013
Site packetstormsecurity.com

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | 5646d8519790eceedb69ee095dc2f1fc17b73ac3ec0fd514b7fa68ad513dd937
Packet Storm Advisory 2013-0819-2 - Adobe ColdFusion 9 Administrative Login Bypass
Posted Aug 19, 2013
Authored by Scott Buckel | Site packetstormsecurity.com

Adobe ColdFusion versions 9.0, 9.0.1, and 9.0.2 do not properly check the "rdsPasswordAllowed" field when accessing the Administrator API CFC that is used for logging in. The login function never checks if RDS is enabled when rdsPasswordAllowed="true". This means that if RDS was not configured, the RDS user does not have a password associated with their username. This means by setting rdsPasswordAllowed to "true", we can bypass the admin login to use the rdsPassword, which in most cases, is blank. These details were purchased through the Packet Storm Bug Bounty program and are being released to the community.

tags | exploit, remote, bug bounty, packet storm
advisories | CVE-2013-0632
SHA-256 | 8267635397115a7b25f386e8ba0802efb22e55b7e7adf3d4e3cdb5c91b1eb2f6
Packet Storm Advisory 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify()
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | c91966468587a351ac5a5ab7a6a5efec2d287d47df6ed6e6126cbf0ebccbe4b2
Packet Storm Exploit 2013-0813-1 - Oracle Java IntegerInterleavedRaster.verify() Signed Integer Overflow
Posted Aug 14, 2013
Site packetstormsecurity.com

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, overflow, code execution, bug bounty, packet storm
systems | linux, windows, apple
SHA-256 | f02354c5057ad3ef8f665611f60e6520a4278402c6472e75be9045ca31f8566e
Packet Storm Advisory 2013-0811-1 - Oracle Java storeImageArray()
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.

tags | advisory, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
advisories | CVE-2013-2465, OSVDB-96269
SHA-256 | 08adb1b876765479572292aa1527fb22f2fcaf677de1dde38930f0ef325407cb
Packet Storm Exploit 2013-0811-1 - Oracle Java storeImageArray() Invalid Array Indexing Code Execution
Posted Aug 12, 2013
Site packetstormsecurity.com

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

tags | exploit, java, remote, code execution, bug bounty, packet storm
systems | linux, windows, apple
advisories | CVE-2013-2465, OSVDB-96269
SHA-256 | 4bf1140afc7eb451ce1428add296d72b7d28232fc859db141fba065ebfc18d26
Packet Storm Advisory 2013-0621 - Facebook Information Disclosure
Posted Jun 21, 2013
Authored by Todd J. | Site packetstormsecurity.com

Facebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.

tags | exploit, info disclosure, packet storm
SHA-256 | 07268c0e796ea6d21e794a4db3101dd9e38d23de66ebb9b581bb627fba66c532
Parallels System Automation (PSA) Local File Inclusion
Posted Jun 12, 2010
Authored by Pouya Daneshmand

Parallels System Automation (PSA) suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 8ca04fbae8b6fd7fb878107d46cdd66d1d9dabba4bedbef6a4974083a60e33d1
PSArt 1.2 SQL Injection
Posted Oct 30, 2009
Authored by Securitylab Security Research | Site securitylab.ir

PSArt version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f5e470d911a53606b9c19dd111f0c2e33b3fda1208a9cfbceb1b8083201b8c09
PSA08-010.txt
Posted Nov 14, 2008
Authored by Bernardo Damele | Site portcullis-security.com

Portcullis Security Advisory - An information disclosure vulnerability exists in the manner that Microsoft LDAP server responds when binding to the LDAP server. In the case when an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided.

tags | advisory, info disclosure
SHA-256 | 10233417213d8d65b5b5a8767722479605da8d41d2277ed5635cd913f03bc3e7
PSA08-009.txt
Posted Nov 14, 2008
Authored by Tim Brown, Mark Lowe | Site portcullis-security.com

Portcullis Security Advisory - By sending crafted packets to ports on the Checkpoint VPN-1 which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets.

tags | advisory
SHA-256 | 51a82eb1b4c5f4d3532a75bb76489bb144459f7cdb950cf9b248f0ab003575f5
PSA3.zip
Posted Jul 28, 2007
Authored by Ironfist

PHP Source Auditor III (or PSA3) was created in order to quickly find vulnerabilities in PHP source code. Written in Perl.

tags | perl, php, vulnerability, fuzzer
SHA-256 | 787110a34b85754752472a108a0e65147bfdd6deda7c812bfd88705c49a5740a
psad-2.0.5.tar.gz
Posted Mar 4, 2007
Site cipherdyne.org

Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.

Changes: Bug fixes and some cool new features.
tags | remote, kernel, udp, perl, tcp
systems | linux
SHA-256 | ec3dca8cf70f0e310a22325a33557bd2bf197b958d18dce5c3e73f7bd5ab0e25
psad-1.4.8.tar.gz
Posted Nov 30, 2006
Site cipherdyne.org

Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.

Changes: Bug fixes and some cool new features.
tags | remote, kernel, udp, perl, tcp
systems | linux
SHA-256 | d7a51a9b37459d1e7b9266ee1171778d3a2e269bf9de66ba2599737bdca8985f
psad-1.4.4.tar.gz
Posted Dec 1, 2005
Site cipherdyne.org

Port Scan Attack Detector (psad) is a collection of four lightweight daemons written in Perl and C that are designed to work with Linux firewalling code (iptables and ipchains) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP, UDP, and ICMP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP window sizes to passively fingerprint the remote operating system from which scans originate. Changelog available here.

Changes: Bug fixes and some cool new features.
tags | remote, kernel, udp, perl, tcp
systems | linux
SHA-256 | 623d26c4ef62dca439222272bc448db49a7551150f3fbb17951e9163d7ddbbd0
Page 1 of 3
Back123Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close