what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files from Hanno Boeck

Email addressmail at hboeck.de
First Active2007-03-14
Last Active2019-08-16
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
Posted Aug 16, 2019
Authored by Hanno Boeck, Juraj Somorovsky, Martin Heiland, Jorg Schwenk, Sebastian Schinzel, Damian Poddebniak, Jens Muller, Marcus Brinkmann

Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.

tags | exploit, xss
advisories | CVE-2018-9997, CVE-2019-11521
SHA-256 | ea4821effec5ebd51f45bdf732d362fc22eb10a99a7363c2441cceeedc97dfae
GStreamer gst-plugins-bad NULL Pointer Dereference
Posted Jun 13, 2017
Authored by Hanno Boeck

GStreamer suffers from a null pointer dereference vulnerability in the gst-plugins-bad plugin.

tags | exploit
advisories | CVE-2016-9813
SHA-256 | 3468810ab7e2ea28debe4af3d9f8a21108429b03b6accf08511c15139b700b06
Courier Heap Overflow / Out Of Bounds Read Access
Posted Jun 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Courier mail server versions before 0.75 suffer from out of bounds read access and heap overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 425cff4ddf61bbeaf9670a04c641dac78fd64b617955be6dc1d7dbc7d51f3a76
Wireshark Heap Overflow
Posted May 14, 2015
Authored by Hanno Boeck | Site hboeck.de

Wireshark versions prior to 1.12.5 suffer from a heap overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2015-3815
SHA-256 | 1ae5af42f7ef14100630d0010d301d92234b3bf167a0e4c7fedd8095c080e3c8
SQLite 3.89 Heap Overflow
Posted May 12, 2015
Authored by Hanno Boeck | Site hboeck.de

SQLite version 3.8.9 suffers from two read heap overflow errors.

tags | advisory, overflow
SHA-256 | 6d38b29159cb2a72081129ea22c70ddea6a6ec86333d10d263a11edc4d1c9794
libtasn1 Heap Overflow
Posted May 1, 2015
Authored by Hanno Boeck | Site hboeck.de

Fuzzing GnuTLS, it was discovered that a malformed certificate input sample would cause a heap overflow read of 99 bytes in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().

tags | advisory, overflow
SHA-256 | 3b4b298d51f795e837fdad045082d8d21888b30a3c72b0d84495cbda9339fe16
libtasn1 Stack Write Overflow
Posted Mar 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Fuzzing libtasn1 led to the discovery of a stack write overflow in the function _asn1_ltostr (file parser_aux.c). It overflows a temporary buffer variable on certain inputs.

tags | advisory, overflow
SHA-256 | 6564e0941811d6f26c35eb0f2deeda26a4f79f67cc76157b329dea8a102e4fd7
less Out Of Bounds Read Access
Posted Dec 2, 2014
Authored by Hanno Boeck | Site hboeck.de

An out of bounds read access in the UTF-8 decoding can be triggered with a malformed file in the tool less.

tags | advisory
SHA-256 | 347f4926038ecad2d6a29f7ea51b42576cbdba32e0a8492bd6c7800ee394189c
ImageMagick Out-Of-Bounds Read / Heap Overflow
Posted Nov 4, 2014
Authored by Hanno Boeck | Site hboeck.de

ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.

tags | advisory, overflow
advisories | CVE-2014-8354, CVE-2014-8355, CVE-2014-8561, CVE-2014-8562
SHA-256 | f7f73acba950fe2fcdd7e2d0fba2650f734595e55003788431688a9c2e9377d9
PowerArchiver Insecure PKZIP Encryption
Posted Mar 13, 2014
Authored by Hanno Boeck | Site hboeck.de

PowerArchiver version 14.02.03 creates files with an insecure encryption method even if the user selects a (secure) AES encryption in the GUI. If a user clicks on the "Encrypt Files" and selects "AES 256-bit" for encryption, the outcoming file will not be AES-encrypted. It will instead use the legacy PKZIP encryption, which uses a broken encryption algorithm.

tags | advisory
advisories | CVE-2014-2319
SHA-256 | a48e078a1bd32e704a5fbf11c4d4b61c8d037f81b323e1195c53539b587ab28b
PHPList 2.10.12 Cross Site Request Forgery
Posted Apr 7, 2011
Authored by Hanno Boeck | Site hboeck.de

PHPList versions 2.10.12 and below suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2011-0748
SHA-256 | b5bb4955da0a735dfa018ccf451ebac4b437a2335d31fee95b7fb4a779d849e1
O2 Classic Router Cross Site Request Forgery / Cross Site Scripting
Posted Apr 7, 2011
Authored by Hanno Boeck | Site hboeck.de

O2 Classic Router suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2010-1482, CVE-2011-0746
SHA-256 | 94d6ca9d702ec4f5fdb7414e8e935b6e8e12b2ba4c775e2b2fd39a04eff4c71f
CMS Made Simple Cross Site Scripting
Posted May 8, 2010
Authored by Hanno Boeck | Site hboeck.de

CMS Made Simple versions 1.7.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-1482
SHA-256 | c234bcd08fbe8dd9ae72b6a0ca19941afe45cdaa2d5374ec53ee5e0ce5834ad3
Pmwiki Cross Site Scripting
Posted May 8, 2010
Authored by Hanno Boeck | Site hboeck.de

Pmwiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-1481
SHA-256 | 8135712c4e30ac2b866fe68a60d138de462502df7db3a5bbf3f31a0eda3bcf3c
Joomla Session Hijacking
Posted Dec 16, 2008
Authored by Hanno Boeck | Site hboeck.de

Joomla fails to set the secure flag in the session cookie allowing the possibility of a session getting hijacked.

tags | advisory
advisories | CVE-2008-4122
SHA-256 | a0f0b11a97d38cd11e6da4f7b89ff1d72b8153bcd12e0b35bdbafea736cee8af
drupal-hijack.txt
Posted Sep 20, 2008
Authored by Hanno Boeck | Site hboeck.de

Drupal CMS fails to set the secure flag in the session cookie allowing for session hijacking.

tags | advisory
advisories | CVE-2008-3661
SHA-256 | 6d5d4657228cd6039e3ccbfbac2cd8adc8cdb25a11f076f03f379e89ca0016db
menalto-hijack.txt
Posted Sep 18, 2008
Authored by Hanno Boeck | Site hboeck.de

Menalto Gallery versions prior to 2.2.6 failed to set the secure flag in the session cookie allowing for session hijacking.

tags | advisory
advisories | CVE-2008-3662
SHA-256 | abff3ad67ab14ebf55f9da0c0e8959080407847a2106e0bb1f87d45c942811ac
clamav-chm.txt
Posted Sep 4, 2008
Authored by Hanno Boeck | Site hboeck.de

A fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited.

tags | advisory
advisories | CVE-2008-1389
SHA-256 | e250a5f0d10ff7b3553d66f2c5e2679545b01252c627bd11aee974decdecce50
s9y-xss.txt
Posted Apr 23, 2008
Authored by Hanno Boeck | Site hboeck.de

Serendipity version 1.3 suffers from cross site scripting vulnerabilities in the referrer plugin and installer.

tags | exploit, vulnerability, xss
advisories | CVE-2008-1385, CVE-2008-1386
SHA-256 | 25a716caa89c016ca24d532a7d1b04d94cf20e36557d232ea4afb38aacaa2e77
CVE-2008-1387-clamav.txt
Posted Apr 15, 2008
Authored by Hanno Boeck | Site hboeck.de

Clam-AV versions below 0.93 suffer from an endless loop vulnerability when handling specially crafted ARJ files.

tags | advisory
advisories | CVE-2008-1387
SHA-256 | f975acf9d28711c1ba81f2592579ef7b9338976b9b3020f121d957117570ee4d
phpstats0.1-xss.txt
Posted Mar 18, 2008
Authored by Hanno Boeck | Site hboeck.de

PHP-Stats version 0.1_alpha appears to suffer from a cross site scripting vulnerability in phpstats.php.

tags | exploit, php, xss
advisories | CVE-2008-0125
SHA-256 | 3618c612ee4162d17f9fc290f06a253a6d5732d738df7c77d8298e2dab348a76
CVE-2008-0124-s9y.txt
Posted Feb 26, 2008
Authored by Hanno Boeck | Site hboeck.de

Serendipity (S9Y) is vulnerable to cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2008-0124
SHA-256 | dd63fb188152a551ba836b956d929e9d741646329f28f1ee2f401f93732ec998
moodleinstall-xss.txt
Posted Jan 12, 2008
Authored by Hanno Boeck | Site hboeck.de

Moodle versions below 1.8.4 suffer from a cross site scripting vulnerability in the installer code.

tags | exploit, xss
advisories | CVE-2008-0123
SHA-256 | 22b5d751e513045185f5825a9ebcf9539597b2972bdcf26c37f38e5dcbf5eeab
serendipity-xss.txt
Posted Dec 11, 2007
Authored by Hanno Boeck | Site hboeck.de

The Serendipity blog system contains a plugin to display the content of feeds in the sidebar (serendipity_plugin_remoterss). If an attacker can modify the RSS feed, it is possible to inject javascript code in the link part, because it is not correctly escaped. Versions below 1.2.1 are affected.

tags | exploit, javascript, xss
advisories | CVE-2007-6205
SHA-256 | 532a5907669cbc68a7275efbcc42fe90f3ef0ef37fef8ab43b25ea77019e9b13
freewvs-0.1.tar.bz2
Posted Nov 15, 2007
Authored by Hanno Boeck | Site source.schokokeks.org

Freewvs is a tool to search web roots for known vulnerable versions of web applications.

tags | tool, web, root, scanner
systems | unix
SHA-256 | 2e9c27f6e626fef7aa38d3e7b98a01a05a47689c85c5f26e63d231fdc715a024
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close