exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Pierre Ernst

Email addresspierre.ernst at ca.ibm.com
First Active2011-07-03
Last Active2017-04-18
Apache XML Graphics FOP 2.1 Information Disclosure
Posted Apr 18, 2017
Authored by Pierre Ernst

Apache XML Graphics FOP versions 1.0 through 2.1 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2017-5661
SHA-256 | 520b76c48d1f6cbd37e2e175fd011bb41c0570075c09d431c9d8d3a998a53a8a
Apache Ignite 1.8 XXE Injection
Posted Apr 7, 2017
Authored by Pierre Ernst

Apache Ignite versions 1.0.0-RC3 through 1.8 suffer from an arbitrary file read that can be leveraged due to an eXternal Xml Entity vulnerability.

tags | advisory, arbitrary, xxe
advisories | CVE-2016-6805
SHA-256 | 087495b3f9da905fb1b199761aceab54aedc4dac4fd57ad1a8752e7faefe80e4
Apache Tika 1.13 Code Execution
Posted Nov 10, 2016
Authored by Pierre Ernst

Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.

tags | advisory, java, arbitrary
advisories | CVE-2016-6809
SHA-256 | 226a436c7b3ab43566f0b5d55d84ab755d746a38d7b3256777c317a174b2d47e
Apache Tomcat 7.0.39 Remote Code Execution
Posted Sep 10, 2014
Authored by Mark Thomas, Pierre Ernst | Site tomcat.apache.org

In very limited circumstances, it was possible for an attacker to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP. While Remote Code Execution would normally be viewed as a critical vulnerability, the circumstances under which this is possible are, in the view of the Tomcat security team, sufficiently limited that this vulnerability is viewed as important. Apache Tomcat versions 7.0.0 through 7.0.39 are affected.

tags | advisory, remote, code execution
advisories | CVE-2013-4444
SHA-256 | b2ea73c8b10cd079ee3352350d5c7fa19457771401cedd12bbf9a02e13493849
Apache Geronimo 3 RMI Classloader Exposure
Posted Jul 1, 2013
Authored by Pierre Ernst

A misconfigured RMI classloader in Apache Geronimo version 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.

tags | advisory
advisories | CVE-2013-1777
SHA-256 | 86669e472c9cf821a0760e19d102a87138e31d290ff34eba5d75915bcc9ca407
Apache OpenJPA 1.x / 2.x Code Execution
Posted Jun 13, 2013
Authored by Pierre Ernst

Deserialization of a maliciously crafted Apache OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit the vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability.

tags | advisory
advisories | CVE-2013-1768
SHA-256 | 32303c32cb83248176a31128df26e37e6c705dd40e339118c8a2a427536a4fa1
Spring Source OXM 3.0.4 Command Injection
Posted Jul 3, 2011
Authored by Pierre Ernst

Spring Source OXM when XStream and IBM JRE are used suffers from a remote OS command injection vulnerability. The author wants Packet Storm to note publicly that he did not submit this to the site but only to Bugtraq, where Packet Storm picked it up in the public domain.

tags | exploit, remote
SHA-256 | 87ba9e7c1faa828a7bd5261fd40148a23f7e54568077dfddef334890891f0765
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close