what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files from Wolfgang Ettlinger

First Active2013-04-03
Last Active2024-08-31
OpenSSL TLS 1.1 and 1.2 AES-NI Denial of Service
Posted Aug 31, 2024
Authored by Wolfgang Ettlinger | Site metasploit.com

The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the length of an encrypted message when used with a TLS version 1.1 or above. This leads to an integer underflow which can cause a DoS. The vulnerable function aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL. This Metasploit module has been tested successfully on Ubuntu 12.04 (64-bit) with the default OpenSSL 1.0.1c package.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2012-2686
SHA-256 | 5871459b613b45d42f0cb13e4a97c4441fd3ed0c424828a3919d63334c1585b7
Apache MyFaces 2.x Cross Site Request Forgery
Posted Feb 20, 2021
Authored by Wolfgang Ettlinger

Apache MyFaces versions 2.2.13 and below, 2.3.7 and below, 2.3-next-M4 and below, and 2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2021-26296
SHA-256 | 9496fb42b8d7b245393af79c43e00c9737bf7e2ce2f045cabe480e1ebae73876
Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
Posted Dec 17, 2020
Authored by Wolfgang Ettlinger | Site sec-consult.com

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command execution, cross site request forgery, cross site scripting, and server-side request forgery vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
advisories | CVE-2020-8461, CVE-2020-8462, CVE-2020-8463, CVE-2020-8464, CVE-2020-8465, CVE-2020-8466
SHA-256 | 54396ecfd1b66aed9f010f421531333fb6ee5cf355c17da0019935bb3b4af762
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
Posted Nov 5, 2020
Authored by Wolfgang Ettlinger, T. Serafin | Site sec-consult.com

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versions prior to 9.1.0 Critical Patch Build 2025 suffer from XML injection, over-privileged access, cross site request forgery, file disclosure, server-side request forgery, information leakage, and various other vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2020-27016, CVE-2020-27017, CVE-2020-27018, CVE-2020-27019, CVE-2020-27693, CVE-2020-27694
SHA-256 | c7d236bdf962dfa9de93321b3fab630caa7f7676cb4839021d3b0a10b7122b7b
eIDAS-Node 2.3 Authentication Bypass
Posted Nov 1, 2019
Authored by Wolfgang Ettlinger | Site sec-consult.com

eIDAS-Node versions 2.3 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | abcaa58e91fe819fa9249825cfac8238f70910ce571dbd8fc6495d4a244f7d5e
OpenPGP.js 4.2.0 Signature Bypass / Invalid Curve Attack
Posted Aug 22, 2019
Authored by Wolfgang Ettlinger | Site sec-consult.com

OpenPGP.js versions 4.2.0 suffer from invalid curve attack, message signature bypass, and information trust vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2019-9153, CVE-2019-9154, CVE-2019-9155
SHA-256 | 0a9d2e92a3d6a166b6fe0aec192bf81aef0d99ec80673eae0c779bd7f3ebc97c
OSCI-Transport Library 1.2 1.8.1 Insecure Crypto / Signature Bypass
Posted Feb 5, 2019
Authored by Wolfgang Ettlinger | Site sec-consult.com

OSCI-Transport Library 1.2 for German e-Government versions 1.8.1 and below suffer from an insecure cryptographic implementation and signature bypass vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 8a86e1c888e889e80fd729c0b736244eff54c47bdb299aa960e521037448b570
Kerio Control VPN Protocol 9.2.7 Inadequate Cryptography Implementation
Posted Dec 6, 2018
Authored by Wolfgang Ettlinger | Site sec-consult.com

Kerio Control VPN Protocol versions 9.2.7 and below have an issue where the cryptographic protocol employed exhibits severe design issues.

tags | advisory, protocol
SHA-256 | d1ff2228600cdc41f9fafb6da994e535fdaaaeb884e11bd2dcc0f93c0c6265d2
Governikus Autent SDK 3.8.1 Signature Bypass
Posted Nov 21, 2018
Authored by Wolfgang Ettlinger | Site sec-consult.com

Governikus Autent SDK versions 3.8.1 and below suffer from a signature bypass vulnerability. This vulnerability could allow an attacker to impersonate any German citizen on a vulnerable web application.

tags | exploit, web, bypass
SHA-256 | bc598f9668599f1a40ae05cb09cf65c1e231a9837407f48b0b4f2818d6cc5f45
Citrix StorageZones Controller Improper Access Restrictions / Traversal
Posted Sep 27, 2018
Authored by Wolfgang Ettlinger | Site sec-consult.com

Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-16968, CVE-2018-16969
SHA-256 | ae39dfe4bfaaa26cd2361836889bfa69e570b2f0a6679a9b71736478c8294df6
Oracle Access Manager 11.1.2.3.0 / 12.2.1.3.0 Authentication Bypass
Posted May 4, 2018
Authored by Wolfgang Ettlinger | Site sec-consult.com

Oracle Access Manager versions 11.1.2.3.0 and 12.2.1.3.0 suffer from an authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2018-2879
SHA-256 | 3ff8e4e5227e1b994da2325be7ed9d86085196020a85edbd2fa518450b3a1236
SecurEnvoy SecurMail 9.1.501 XSS / CSRF / Traversal
Posted Mar 12, 2018
Authored by Wolfgang Ettlinger | Site sec-consult.com

SecurEnvoy SecurMail version 9.1.501 suffers from cross site request forgery, cross site scripting, insecure direct object reference, missing authentication and authorization, and path traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2018-7701, CVE-2018-7702, CVE-2018-7703, CVE-2018-7704, CVE-2018-7705, CVE-2018-7706, CVE-2018-7707
SHA-256 | 368d7ef3e94a6aa7cbbc75ae1e4f895612f63f355dabd25558996ca782b735f6
Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption
Posted Oct 16, 2017
Authored by Wolfgang Ettlinger | Site sec-consult.com

Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
SHA-256 | 20d06be514a3c5e7552eac8487a7e2ef90f88d1a1ad22ca6b61679bef1d32ed1
OSCI-Transport Library 1.2 Padding Oracle / Signature Wrapping / XXE Injection
Posted Jun 30, 2017
Authored by Wolfgang Ettlinger, Marc Nimmerrichter | Site sec-consult.com

OSCI-Transport library version 1.2 for German e-Government suffers from padding oracle, signature wrapping, and XML external entity injection vulnerabilities.

tags | advisory, vulnerability, xxe
advisories | CVE-2017-10668, CVE-2017-10669, CVE-2017-10670
SHA-256 | e836d90008122100e3bb9c8d79986aeef8cdb8cc46a5f5f505ce7a6396d60f8e
EnCase Forensic Imager 7.10 Buffer Overflow
Posted May 12, 2017
Authored by Wolfgang Ettlinger | Site sec-consult.com

Guidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | dde2e54320f7ae0c6125565d33c61a502a0e8d4158b92889665a3941c021109b
EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow
Posted Nov 29, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability
SHA-256 | 7843ed94a73178cbbad1a3abd757df71b39cbeea28ef32b9271d33b5a8956fe1
Micro Focus GroupWise Cross Site Scripting / Overflows
Posted Aug 25, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

Micro Focus GroupWise version 2014 R2 SP1 and below suffer from buffer overflow, cross site scripting, and integer overflow vulnerabilities.

tags | exploit, overflow, vulnerability, xss
advisories | CVE-2016-5760, CVE-2016-5761, CVE-2016-5762
SHA-256 | 259e1178ca32777e61016eaf9c26499e22db2bed9b9f9028eb31c3fc116900c6
Micro Focus Filr CSRF / XSS / Code Execution
Posted Jul 25, 2016
Authored by Wolfgang Ettlinger | Site sec-consult.com

Multiple Micro Focus Filr appliances suffer from cross site request forgery, cross site scripting, command injection, insecure design, missing cookie flag, authentication bypass, poor permission, and path traversal vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2016-1607, CVE-2016-1608, CVE-2016-1609, CVE-2016-1610, CVE-2016-1611
SHA-256 | 75683bf10479970e059d4148415a4d6ba28a3aaad459288029dd624f6ebfab5d
WSO2 Identity Server 5.0.0 XSS / CSRF / XXE Injection
Posted May 13, 2015
Authored by Wolfgang Ettlinger | Site sec-consult.com

WSO2 Identity Server version 5.0.0 suffers from XML external entity injection, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf, xxe
SHA-256 | b23a062266269d325f887cf960d7eb910446d8f0167a0b3dbb117e633cc72a23
Kodi/XBMC 14 Cross Site Request Forgery
Posted Jan 14, 2015
Authored by Wolfgang Ettlinger | Site sec-consult.com

Kodi/XBMC versions 14 and below suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | cecacfa36504e9b71f724b2954aff24637057840d82bcf91a6137809b422a665
NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
Posted Dec 20, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5212, CVE-2014-5213
SHA-256 | 42f12d914fa5417e9b3009fd6a0222ff5662fe88ac1c59cf41efc6d5318502e6
NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure
Posted Dec 19, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2014-5214, CVE-2014-5215, CVE-2014-5216, CVE-2014-5217
SHA-256 | 320f0bd45b1d76c447e2f9652fd8ee7c2db0f94b4c3c1ff00b05f978a6cc03b0
G-Parted 0.14.1 Command Execution
Posted Dec 19, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

G-Parted versions 0.14.1 and below suffer from a root privilege escalation command execution vulnerability.

tags | exploit, root
advisories | CVE-2014-7208
SHA-256 | 22d59ee6ab3ecbc032151958235d46b8b87c383d2fc085ccae3a73125bc45eb5
ADF Faces 12.1.2.0 Cross Site Scripting
Posted Oct 15, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

ADF Faces version 12.1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1133f9915da8a3cc4eb0ab104e7646e7507625c906b4f85e176f18b9f5a8961c
Rhythm Software File Manager [HD] Disclosure / Escalation / Injection
Posted Apr 2, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

Rhythm Software File Manager version 1.16.6 and Rhythm Software File Manager HD version 1.11.5 suffer from local file disclosure, privilege escalation, and unauthenticated remote command injection vulnerabilities.

tags | advisory, remote, local, vulnerability
SHA-256 | d2c9981bbbf77d707cbae26f950c18a38e350aeb4c84dd1f06e79d90a6679677
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close