exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files from Greg MacManus

Email addressgmacmanus.edu at gmail.com
First Active2004-04-05
Last Active2013-05-23
Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow
Posted May 23, 2013
Authored by Greg MacManus, hal, saelo | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.

tags | exploit, overflow
advisories | CVE-2013-2028, OSVDB-93037
SHA-256 | 5caa8725f0b0e52002e2804749d851584f474a1d0b411c2a827865afd2da031c
Nginx 1.3.9 / 1.4.0 Stack Buffer Overflow
Posted May 8, 2013
Authored by Greg MacManus, Maxim Dounin | Site nginx.org

Nginx versions 1.3.9 through 1.4.0 suffer from a stack-based buffer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2013-2028
SHA-256 | 7bc6c11ece1fcb0d26e264613945a82fd3064bb3d2a74e91677e963e3b0ad5b3
Whitepaper Called English Shellcode
Posted Nov 24, 2009
Authored by Greg MacManus, Fabian Monrose, Joshua Mason, Sam Small

Whitepaper called English Shellcode. In this paper, they challenge the assumption that shellcode must conform to superficial and discernible representations. Specifically, they demonstrate a technique for automatically producing English Shellcode, transforming arbitrary shell-code into a representation that is superficially similar to English prose.

tags | paper, arbitrary, shell, shellcode
SHA-256 | 520adbcbc20b5b74ff45288dfb818039f329155c76d5816f3314408df708f644
iDEFENSE Security Advisory 2008-11-04.2
Posted Nov 5, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 11.04.08 - Remote exploitation of an out of bounds array access vulnerability in Adobe System Inc.'s Adobe Reader could allow an attacker to execute arbitrary code as the current user. The vulnerability specifically exists in code responsible for parsing Type 1 fonts. After allocating an area of memory, no bounds checking is performed. Subsequent access of this memory may result in modification of arbitrary memory, which in turn may result in arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Adobe Reader version 8.1.1. Previous versions may also be affected.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2008-4812
SHA-256 | 535bcfb45222fcef1677636e3eccd5f01b7f0d1beaf872ff09641d7d8e2c9406
iDEFENSE Security Advisory 2008-09-09.1
Posted Sep 10, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 09.09.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user. The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution. iDefense Labs confirmed this vulnerability affects Internet Explorer 7 and Internet Explorer 6 on the Microsoft Windows XP SP2 platform.

tags | advisory, remote, overflow, arbitrary, local, code execution
systems | windows
advisories | CVE-2007-5348
SHA-256 | 2e0532d3c8039af7d9bf1009a1f7bb604a510e3e30eb42cd198c7f69f961ba91
iDEFENSE Security Advisory 2008-03-11.3
Posted Mar 13, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 03.11.08 - Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow arbitrary code execution. It is possible to construct a "mailto" URI which causes the web browser to pass extra command line switches to Outlook. These switches can modify Outlook's account configuration. iDefense has confirmed the existence of this vulnerability in Microsoft Outlook 2007 on Windows XP SP2. Previous versions may also be affected.

tags | advisory, remote, web, arbitrary, code execution
systems | windows
advisories | CVE-2008-0110
SHA-256 | 7156ee06ae2b1666a162d1ef60b7458511c3b4ab23d425ed51aebc8ea63bd76b
iDEFENSE Security Advisory 2008-03-11.1
Posted Mar 13, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 03.11.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Excel spreadsheet application allows attackers to execute arbitrary code in the context of the user who started Excel. The vulnerability exists in the handling of DVAL records in BIFF8 format spreadsheet files. When certain fields are set to invalid values, heap corruption occurs. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 and Excel 2007. Previous versions may also be affected.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0111
SHA-256 | c4d8db378bfdeb338b825ddadf8c149435713e8ce88adf268a9eaac242ee4335
iDEFENSE Security Advisory 2008-02-08.3
Posted Feb 11, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 02.08.08 - Remote exploitation of multiple stack-based buffer overflows in JavaScript methods in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. iDefense has confirmed these vulnerabilities exist in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.

tags | advisory, remote, overflow, arbitrary, javascript, vulnerability
systems | windows
advisories | CVE-2007-5659
SHA-256 | 82745cf5c6c8c6e687ae2cfa0e63f534a092b268615b9f95eb4a1895cce48b92
iDEFENSE Security Advisory 2008-02-08.2
Posted Feb 11, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 02.08.08 - Remote exploitation of an unsafe library path vulnerability in Adobe Systems Inc.'s Adobe Reader may allow attackers to execute arbitrary code as the current user. This vulnerability is due to Adobe Reader using a path for "Security Provider" libraries that contains the directory the application was started in. Security Provider libraries provide encryption and signature verification routines to applications. If the current directory contains a file with the same name as a Security Provider library, the file will be loaded into the application, potentially allowing code execution. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 installed on Windows XP and Windows Vista. Previous versions, as well as those for other platforms, may also be affected.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2007-5666
SHA-256 | d4fa880a29e7e14ddec6cb6cc8521a592d10b2b7b07c917d7f97f961261d764d
iDEFENSE Security Advisory 2008-02-08.1
Posted Feb 11, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 02.08.08 - Remote exploitation of an insecure method exposed by the JavaScript library in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.

tags | advisory, remote, arbitrary, javascript
systems | windows
advisories | CVE-2007-5663
SHA-256 | dbaad2878fa40c352148186c8e60fdaec85df78c429b573508d0ec0a58af0de5
iDEFENSE Security Advisory 2007-10-09.1
Posted Oct 10, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 10.09.07 - Remote exploitation of a heap overflow in Microsoft Corp.'s Windows Mail and Outlook Express NNTP clients may allow an attacker to execute code with the privileges of the logged on user.

tags | advisory, remote, overflow
systems | windows
advisories | CVE-2007-3897
SHA-256 | 8b33b8798d8b760973d1bdb3e31f6e4db4c8ed300300f9438a91fdcb87c7ca17
iDEFENSE Security Advisory 2007-07-19.2
Posted Jul 20, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 07.19.07 - Remote exploitation of an input handling vulnerability within multiple browsers on the Microsoft Windows platform allows code execution as the local user. This vulnerability is due to interaction between programs. The most commonly used Microsoft Windows URL protocol handling code doesn't provide a way for the URI handling application to distinguish the end of one argument from the start of another. The problem is caused by the fact that browsers do not pct-encode certain characters in some URIs, which does not comply with the behavior that RFC3986 (also known as IETF STD 66) requires. As a result, a specially constructed link could be interpreted as multiple arguments by a URI protocol handler.

tags | advisory, remote, local, code execution, protocol
systems | windows
advisories | CVE-2007-3670
SHA-256 | 9b05f19043a6d8514b2073fb08476be0bcc0a957cc17806d1640358b4e31e615
iDEFENSE Security Advisory 2007-05-08.2
Posted May 10, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 05.08.07 - Remote exploitation of an input validation error in the handling of AutoFilter records in Excel BIFF8 format spreadsheet files by Microsoft Corp.'s Excel 2003 could allow an attacker to execute arbitrary code in the context of the current user. The AutoFilter feature of Excel allows data not matching a specified criteria to be filtered out. By creating a document containing a specially crafted filter record, an attacker is able to cause an invalid memory access leading to arbitrary code execution. iDefense has confirmed Microsoft Excel 2003 is vulnerable. Previous versions are also likely to be affected. Excel 2007 does not appear to be vulnerable.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2007-1214
SHA-256 | 75710def3d9c5022a17b416ac6a211ffd7e4f5fb82a2f997d69c714db1c01853
iDEFENSE Security Advisory 2007-04-27.1
Posted May 3, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.27.07 - Remote exploitation of a design error in the "Shared Folders" feature of VMware Inc.'s VMware Workstation could allow an attacker to write arbitrary content from a guest system to arbitrary locations on the host system. The "Shared Folders" feature of VMware Workstation allows folders on the physical "host" system to be shared with virtual "guest" systems. Due to a flaw in the code which validates that the filename is safe, an attacker or malicious code within the guest system can read or write files on the host system in the context of the user running Workstation. iDefense confirmed this vulnerability to exist in VMware Workstation 5.5.3 build 34685 on a Windows XPSP2 host. Other versions may also be affected.

tags | advisory, remote, arbitrary
systems | windows
advisories | CVE-2007-1744
SHA-256 | 986af36d0e411257079a904b37ea915ac0bfde0376b6767e4ab2099b201704a1
iDEFENSE Security Advisory 2007-04-10.1
Posted Apr 11, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.10.07 - Remote exploitation of a buffer overflow vulnerability in the Universal Plug-and-Play (UPnP) component of Microsoft Windows could allow an attacker to execute code in the context of the vulnerable service. The vulnerability specifically exists in the handling of HTTP headers sent to the UPnP control point as part of a request or notification. Because it processes certain fields without checking if there is enough storage space, a malicious request may cause a stack-based buffer overflow, potentially resulting in code execution.

tags | advisory, remote, web, overflow, code execution
systems | windows
advisories | CVE-2007-1204
SHA-256 | ab4897dd132f3ada926ed5cc95e25ce1257277131f313e19bec3542fc3a1c865
iDEFENSE Security Advisory 2007-04-03.4
Posted Apr 5, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System font information file parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of the "fonts.dir" font information file. When the element count on the first line of the file specifies it contains more than 1,073,741,824 (2 to the power of 30) elements, a potentially exploitable heap overflow condition occurs. iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. Older versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2007-1352
SHA-256 | d95f5eb5f4a2fafa2a559d05262d2b4aad07530980018d5f6c4989c5110b0426
iDEFENSE Security Advisory 2007-04-03.3
Posted Apr 5, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System server BDF font parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of BDF fonts. When the X server encounters a specially crafted BDF font, an integer overflow occurs leading to a potentially exploitable heap overflow condition. iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. Older versions are suspected to be vulnerable. Additionally, it is reported that the freetype library is also vulnerable.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2007-1351
SHA-256 | 5b3a3d520e2e2d171cccc8c7b16c74563a20141daff91279318106380bdda62d
iDEFENSE Security Advisory 2007-04-03.1
Posted Apr 4, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Remote exploitation of a design error in certain kernel GDI functions in multiple versions of Microsoft Corp.'s Windows operating system may allow an attacker to cause a denial of service condition. During testing of the MS06-001 WMF (Windows Metafile) vulnerability, a flaw was found in the handling of WMF files. This flaw can cause the kernel to perform a bug check, also known as a "blue screen" or system crash, when it tries to parse the file. The cause of this bug check is an attempt by a function in a kernel system call to read a value obtained by dereferencing an offset into a kernel structure. This value had been previously created and then reset by previous system calls, and at the point it is accessed it does not contain a valid memory reference. This results in an access violation error, which in turn triggers the bug check. This vulnerability is different from both the Microsoft MS06-001 WMF vulnerability and the MS05-053 WMF vulnerability and is not fixed by either of these patches.

tags | advisory, remote, denial of service, kernel
systems | windows
advisories | CVE-2007-1211
SHA-256 | fdb46849d9f76d152ab6e6cebaabd4b8f591b50d77c6a09dfcafae4521d8a637
iDEFENSE Security Advisory 2007-02-13.t
Posted Feb 14, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 02.13.07 - Remote exploitation of a design error in Microsoft Corp.'s 'wininet.dll' FTP client code could allow an attacker to execute arbitrary code. The vulnerability specifically exists in the parsing of reply lines from remote FTP servers. During an FTP session, the client makes requests for the server to perform some operation and the server responds with a numeric code, a human readable message and possibly some other information. As there can be multiple lines in a reply, code in the client breaks the reply up into lines, putting a null byte (character 0x00) after any end of line character. In the case where a line ends exactly on the last character of the reply buffer, the terminating null byte is written outside of the allocated space, overwriting a byte of the heap management structure. By sending a specially crafted series of replys to the client, the heap may be corrupted in a controlled way to cause the execution of arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2007-0217
SHA-256 | d22eb45fb37255371e9e850913d16605ad17aba88ae9adde20de88175b31549f
iDEFENSE Security Advisory 2007-01-09.3
Posted Jan 13, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory - Remote exploitation of an heap-based buffer overflow vulnerability in Microsoft Corp.'s Excel spreadsheet application format could allow an attacker to execute arbitrary code in the context of the user who started Excel. The vulnerability specifically exists in the handling of the PALETTE record in BIFF8 format spreadsheet files. By supplying a record with too many entries, an exploitable buffer overflow condition can occur. iDefense Labs have confirmed the existence of this vulnerability in Microsoft Excel 2003 with all service packs and security updates. Previous versions of Excel are also likely to be affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2007-0031
SHA-256 | a09a1ef31e33e601c11365cacff19544e438ce5ef63265fb1c76e2d91aca7528
iDEFENSE Security Advisory 2007-01-09.2
Posted Jan 13, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory - Remote exploitation of an input validation error in Microsoft Corp.'s Excel spreadsheet application may allow the execution of arbitrary code. The vulnerability specifically exists in the handling of out of range values in the column field in several BIFF8 record types. By supplying an invalid Column field to one of these records, it is possible to cause the system to reference arbitrary memory. This can be exploited to gain control of the application. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 with all available service packs and security patches. Previous versions of Excel are also likely to be affected.

tags | advisory, remote, arbitrary
advisories | CVE-2007-0030
SHA-256 | 82665cc27896742407009fe948438d3f8776c22bbff1550937b6e70dd8a38eac
iDEFENSE Security Advisory 2005-09-13.5
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a buffer overflow vulnerability in multiple versions of the firmware for Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated execution of arbitrary commands as the root user. The vulnerability specifically exists in the 'apply.cgi' handler of the httpd running on the internal interfaces, including the by default the wireless interface. This handler is used by the many of the configuration pages to perform the configuration management of the router. If an unauthenticated remote attacker sends a POST request to the apply.cgi page on the router with a content length longer than 10000 bytes, an exploitable buffer overflow may occur. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G, and has identified the same code is present in version 3.03.6. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, overflow, arbitrary, cgi, root
systems | cisco
advisories | CVE-2005-2799
SHA-256 | 0d2ff860dea860de42a45c16cc7d95f21cc2575bf4ed334cd26ddb2fcccb6756
iDEFENSE Security Advisory 2005-09-13.4
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the upgrade.cgi component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router firmware. The vulnerability specifically exists in the POST method of the upgrade.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The upgrade.cgi handler allows a user to upload new firmware, which contains the operating system and applications, into the non-volatile memory of the router. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, cgi
systems | cisco
SHA-256 | 579720bc1784ef15c6e2733f48c794db8088d0e54246933e0848b20b06762808
iDEFENSE Security Advisory 2005-09-13.3
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of an input validation error within the web management httpd component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated users to cause a denial of service (DoS). The vulnerability exists in several of the POST method handlers of the httpd running on the router's internal interfaces, including by default the wireless interface. In addition to not checking if authentication has failed until after data supplied by an external user has been processed, there are several places where the Content-Length is assumed to be valid. In some of those cases, data is read in without error checking while decrementing the length value. If the Content Length is set to a negative number, these checks will take an extremely long time, during which the httpd will become unresponsive. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.3 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 1cbd9bb6174d8c8f9764edffe4432d893a71dd3dae113f34c72685dea78b5fa6
iDEFENSE Security Advisory 2005-09-13.2
Posted Sep 14, 2005
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the 'restore.cgi' component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'POST' method of restore.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The restore.cgi handler allows a user to upload a new configuration into the non-volatile memory of the router. If the user is authenticated, the router will then restart, and the new configuration will be loaded. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.

tags | advisory, remote, cgi
systems | cisco
SHA-256 | b2ccc83517cfa13503d821a0d345d4c9efc278517875dc3388bbde7b3000125d
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close