what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Deral Heiland

Email addressdh at layereddefense.com
First Active2006-06-29
Last Active2014-10-31
Xerox Multifunction Printers (MFP) "Patch" DLM Escalation
Posted Oct 31, 2014
Authored by Deral Heiland, Pete Bokojan Arzamendi | Site metasploit.com

This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.

tags | exploit, arbitrary, root
SHA-256 | f0660a3d09fcdb1e977b7a2ed03e9bcc85467482907cf22be2c2ec5a6986def7
Attacking Xerox's Multifunction Printers Patch Process
Posted Feb 28, 2013
Authored by Deral Heiland | Site foofus.net

Whitepaper called From Patched to Pwned - Attacking Xerox's Multifunction Printers Patch Process. In this paper the author discusses the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.

tags | paper, root
SHA-256 | 3688be93b27c1a23060fa014deca9150f7f3ac8484e3acd5427b36fec7c66906
Lexmark X656de Printer Information Leakage
Posted Nov 8, 2011
Authored by Deral Heiland | Site foofus.net

The Lexmark X656de multifunction printer suffers from a remote password disclosure vulnerability.

tags | exploit, remote
SHA-256 | 6f0b0ae716eef7a6fc0485b242d176d9a146bd109f1d952e0a3ecc8b624fb444
Anatomy Of A Pass Back Attack
Posted Nov 1, 2011
Authored by Deral Heiland, Michael Belton | Site foofus.net

Brief whitepaper discussing how to trick a printer into passing LDAP or SMB credentials back to an attacker in plain text.

tags | paper
SHA-256 | 4c1967b52b737e8378e0591046c4fbeb02462547b019cb3d9e260b1c5939d804
Toshiba eStudio Printer Information Leakage
Posted Oct 27, 2011
Authored by Deral Heiland | Site foofus.net

The Toshiba eStudio multifunction printer suffers from an information leakage vulnerability as passwords can be extracted in plaintext from the html source code of various configuration pages.

tags | exploit
SHA-256 | 5734383d4ee705db601bc8d3d5e3c2dd43c7d59704ae77a50bf1ce5366dd57bc
Toshiba EStudio Multifunction Printer Authentication Bypass
Posted Oct 17, 2011
Authored by Deral Heiland | Site foofus.net

Toshiba e-Studio devices suffer from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 8d34ec59051a89a05afdeee8fa150523f3ddb25662352023a4f80265d709bec7
FortiClient Format String
Posted Apr 2, 2009
Authored by Deral Heiland | Site layereddefense.com

Layered Defense Research Advisory - FortiClient version 3.0.614 suffers from a format string vulnerability.

tags | advisory
SHA-256 | 03c7157f2662b4ea6613ac679d2324fc6483c5a47915efcd34f14575cddd1f83
Symantec PcAnywhere 10 Format String
Posted Mar 19, 2009
Authored by Deral Heiland | Site layereddefense.com

Layered Defense Research Advisory - A local format string vulnerability was discovered within Symantec PcAnywhere version 10 thru 12.5. The vulnerability is due to improper processing of format strings within (.CHF) remote control file names or associated file path. When special crafted format strings are entered as the file name (%s%s%s%s%s.chf) or within the path of the CHF file the format string vulnerability is triggered. Making it possible to read/write arbitrary memory and at a minimum cause a denial of service condition.

tags | advisory, remote, denial of service, arbitrary, local
advisories | CVE-2009-0538
SHA-256 | a574bab9b99dda07703b1bfb56b0731c44ceff88c536d3484eab091eb2e196a5
juniper-xss.txt
Posted Oct 2, 2008
Authored by Deral Heiland | Site layereddefense.com

Layered Defense Research Advisory - The Juniper Netscreen firewall NetOS version 5.4.0r9.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss
systems | juniper
SHA-256 | 9344e671e676c1c4e250d0863d105544249c0894b443ce3abbcaf6abdedf65a2
alcatel-overflow.txt
Posted Aug 13, 2008
Authored by Deral Heiland | Site layereddefense.com

Layered Defense Research Advisory - A stack based buffer overflow was discovered within Alcatel OmniSwitch product line.

tags | advisory, overflow
SHA-256 | 7990682cd4bcbd2b3f2495a6713625e60c4b87f4bffbdfcb203ecad33dac8594
fsecure-format.txt
Posted Mar 20, 2007
Authored by Deral Heiland | Site layereddefense.com

A format string vulnerability was discovered within F-Secure Anti-Virus Client Security version 6.02. The vulnerability is due to improper processing of format strings when processing the Management Server name field.

tags | advisory, virus
SHA-256 | 7646621dbd70f86b3c91325b6ea6075097df767bc9d54eeb041687a2c3528983
lds-18.txt
Posted Jan 20, 2007
Authored by Deral Heiland | Site LayeredDefense.com

A format string vulnerability has been discovered within BitDefender Client Professional Plus build 8.02.

tags | advisory
SHA-256 | aae2a9aab9a8ac2ada062219db23d7fb06500ea56412d9d71b0e791d9299b51b
lda-1-novell.txt
Posted Dec 6, 2006
Authored by Deral Heiland | Site layereddefense.com

Layered Defense Advisory - A format string vulnerability was discovered within Novell client 4.91 . The vulnerability is due to improper processing of format strings within NMAS (Novell Modular Authentication Services) Information message window. An attacker who enters special crafted format strings in the Username field at the Novell logon and selects Sequences under the NMAS tab can read data from the winlogon process stack or read from arbitrary memory, and at a minimum cause a denial of service.

tags | advisory, denial of service, arbitrary
SHA-256 | 16000cd5b2e4b7f104dd288b51b65a2f794e2c097e823e6489eb20d40d32e75f
OfficesScan-Corp.txt
Posted Oct 4, 2006
Authored by Deral Heiland | Site layereddefense.com

Layered Defense Advisory: TrendMicro OfficesScan Corporate is vulnerable to execution of arbitrary code, potential remote exploit, and denial of service.

tags | advisory, remote, denial of service, arbitrary
SHA-256 | d46d632af7507a699b201db1a7e5a3a5c7485df1d3c8ec670aa194187ccb1299
lda-13.txt
Posted Sep 16, 2006
Authored by Deral Heiland | Site LayeredDefense.com

A format string vulnerability was discovered within Symantec AntiVirus Corporate Edition versions 10.0, 9.0, and 8.1. The vulnerability is due to improper processing of format strings within the Tamper Protection and Virus Alert Notification message fields.

tags | advisory, virus
advisories | CVE-2006-3454
SHA-256 | b88bed47963cead7cdf7ea06aa496167b920a7643fa9974268839386da323811
LD-13.txt
Posted Sep 14, 2006
Authored by Deral Heiland | Site LayeredDefense.com

Layered Defense Advisory 13 September 2006 - multiple versions of Symantec AntiVirus Corporate Edition and Symantec Client Security suffer from a format string vulnerability that can allow a local user to execute arbitrary code with elevated privileges.

tags | advisory, arbitrary, local
SHA-256 | 638ff7c2543279c25e07521456fb79452722ffd7d210c291df46f328afdfecee
LD-CAeTrust.txt
Posted Jun 29, 2006
Authored by Deral Heiland | Site LayeredDefense.com

A format string vulnerability was discovered within etrust Antivirus 8.0. The vulnerability is due to improper processing of format strings within the scan job description field. An attacker could create a scan job containing special crafted format strings that could potential lead to execution of arbitrary code, rights escalation and at a minimum denial of service.

tags | advisory, denial of service, arbitrary
SHA-256 | 904184d605233967c52fd67cc3154342d54a0fa06cabd165e584e86fee6cb3b3
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close