Google Chrome version 109.0.5414.74 on Ubuntu attempts to load libnssckbi.so from a user-writable location and if missing, a replacement piece of malware can be used by an attacker to achieve code execution. Although privilege escalation is not likely as an attacker would already need access to the user's privilege level to place the malware, it could be a target for other malicious software leaving backdoors for persistence.
f717eb6fe35e231271a4dd4e77bba5c4985b8a2f9c10d2fb10a342b7a8064b5aDuckDuckGo version 7.64.4 suffers from an address bar spoofing vulnerability.
efdcb758ade79facf3f10510cb498316be314f1e2b14b262a9abfbe486f35f4cParallels Plesk Panel version 9.5 suffers from a cross site scripting vulnerability.
f479f494df9b2a23a64dc1f5f4af1968885c089c5bc642df0528b82a09b48557Whitepaper called Poking a Hold in Whitelist for Bypassing Firewall.
79d27322d7343cce530650c961b0ec621d40db22977741a043bcd9f6a0729587In this paper, the authors present their research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy". They present several bypasses that were found in various mobile browsers. In addition, they also uncover other interesting security flaws found during their research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass etc. as found in Android Browsers. This is from a talk given at BlackHat ASIA 2016.
5a69b239b2474e58b1ae71b86cf3b0aeb2d70db3a14e35ae2083a8a6439e312bMicrosoft Internet Explorer 11 suffers from a cross site scripting filter bypass vulnerability.
fa9a25ccb1840d327a7b15c7d2bf4c2f73c91940a80f05817225078bd17d4011Drupal version 8.0.x-dev suffers from a cross site scripting vulnerability on IE8 and older versions.
6033651a038afbdd206da94672f053201eacaf29cd9cdb3888fc615957ea8087This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.
394a7921e89370c9d46b7105136fa1e127f06fefe2c6d6a4c8bb66f41b592170Maxthon Browser suffers from an address bar spoofing vulnerability.
c47f0080021348ecb3774a79ab8175c0d570a04c31241c9fa2c9e4a652e64275The CM browser suffers from a same-origin bypass vulnerability.
cb90f770b05e8da7d463a807bfd4d9059503a0f35122054dd9d80e1817d37c57Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an untrusted input to prevent DOM XSS as well.
1726b972e5f7b81516b54d146c54fb1608b841f8ba39f275b51934e65215d5cdA SOP bypass occurs when a sitea.com is some how able to access the properties of siteb.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, this is very rarely found in modern browsers. However, they are found once in a while.
b5c1e22000f4ed24662d0911996baf893391c569633c0cd44a70ed8a1525e169Whitepaper called HTML5 Modern Day Attack and Defence Vectors. This paper analyzes most of the features introduced in HTML5 along with the vulnerabilities each feature introduces.
8513f4316667a90362b7aad6528db9107c77904abf213c45d1e612037dd3eaf3This is a python script that scans a webserver for timthumb.php.
c5de670c6b138663f9aa17471dccac1ef63011cac2b9b79114f492b672ae8720Lavarel-Security cross site scripting filter suffers from a bypass vulnerability.
74a3d9484d7c2708d5444ae78215745101425b380c8a4b50a833eee46fd07a68WordPress Infocus Theme suffers from a cross site scripting vulnerability.
72175cc3a0ba10815ddba1acc6812efb9bf950f993641bc2dc35d2e2ee6ad9bdphpMyRecipes version 1.x.x suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
717dd33446428aed6b6a79a2fadd94fc507d0138e82b80c3ab389ab431f81f92This whitepaper is called Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters.
65acaee3edb30787203ec67ebd4b8e85f2ced5170a1f786efb797a9df09856b3Joomla Flexicontent component suffers from a code execution vulnerability due to the inclusion of phpthumb.
c420d44bcbccfa07f1cc718d8e71b7f4694db8ff878f20b384431b23ab5c659bphpThumb version 1.7.12 allows for arbitrary request forgery server-side that can be used maliciously.
e913a843b81d9d2b74184a8e642eab8b19aa74dddc1489ee2c4b3c63fb7f54b4Joomla JMultimedia component remote shell upload exploit.
60512e22d6ce24750d26196501efc9831992d71d5a81d6681e45d2ad7ddfc47fWordPress Pretty Photo plugin suffers from a cross site scripting vulnerability.
ad0e6a2ec0cba32a53f8cd31ffa972175ab2ab31289e66a75ebdb86aeda53924Eclipse.org suffers from a remote error-based SQL injection vulnerability.
4891c1a9e0a985be36498559d7f6aef0c86b7914a7631895c81deb87f34be354OWASP Java Encoder suffers from a cross site scripting bypass vulnerability when it comes to the use of backticks.
e201eb39628f1a3e446bebe36150d242b93041dab9381b0f61668518f32cf0d3Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.
ba730e1d9e5dba89adb7eb72d4c901489959c46cdbb4688cc1c4ada164dbfbf6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed