Exploit the possiblities
Showing 1 - 14 of 14 RSS Feed

Files from Jakob Balle

Email addressjb at secunia.com
First Active2003-05-13
Last Active2010-08-13
Opera Download Dialog File Execution Security Issue
Posted Aug 13, 2010
Authored by Jakob Balle, Sven Krewitt | Site secunia.com

Secunia Research has discovered a security issue in Opera, which can be exploited by malicious people to compromise a vulnerable system. The "Download" dialog provides the option to run a downloadable executable at a predictable location in the browser window. This can be exploited to trick a user into clicking on the "Run" button by positioning a new window on top of the "Download" dialog that is closed e.g. via a timeout shortly before the user clicks on a link within this window. Versions 10.53, 10.54, and 10.60 are affected.

tags | advisory
advisories | CVE-2010-2576
MD5 | 9a886e1e858bc3c7bef171f182f9e9a2
Google Chrome Pop-Up Block Menu Handling
Posted Jan 27, 2010
Authored by Carsten Eiram, Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a use-after-free error when trying to display a blocked pop-up window while navigating away from the current site. Successful exploitation may allow execution of arbitrary code. Version 3.0.195.38 is affected.

tags | advisory, arbitrary
MD5 | b74d29bda38070c3c8a0cb1cb1a18127
Mozilla Firefox Java Applet Loading Vulnerability
Posted Jun 12, 2009
Authored by Carsten Eiram, Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Firefox, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a race condition when accessing the private data of an NPObject JS wrapper class object if navigating away from a web page while loading a Java applet. This can be exploited via a specially crafted web page to use already freed memory. Successful exploitation may allow execution of arbitrary code. Firefox versions 3.0.7, 3.0.8, and 3.0.9 for Windows with JRE 6 Update 13 are affected.

tags | advisory, java, web, arbitrary
systems | windows
advisories | CVE-2009-1837
MD5 | 86583e692885ba5d5de81c21c268bcc3
secunia-ie7.txt
Posted Feb 24, 2007
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice. The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.

tags | advisory, spoof
systems | windows, xp
MD5 | cac34bbafb574adea82cc7cf772428a8
secunia-iescript.txt
Posted Dec 15, 2006
Authored by Carsten Eiram, Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the exception handling of script errors. This can be exploited to corrupt memory via an HTML document containing specially crafted JavaScript that triggers certain errors simultaneously. Microsoft Internet Explorer 6.0 is affected.

tags | advisory, javascript
advisories | CVE-2006-5579
MD5 | 0d1a5d8fed13912ddba36e83cd8697d5
secunia-LotusDomino.txt
Posted Feb 13, 2006
Authored by Jakob Balle, Tan Chew Keong | Site secunia.com

Secunia Research has discovered some vulnerabilities in Lotus Domino iNotes Client, which can be exploited by malicious people to conduct script insertion attacks. Affected versions include IBM Lotus Domino Web Access 7.x, IBM Lotus Domino Web Access (iNotes) 6.x, IBM Lotus Domino 6.x, and IBM Lotus Domino 7.x.

tags | advisory, web, vulnerability
MD5 | f2c60fa5995b0dbee60e181aabb794b1
secunia-IE2.txt
Posted Dec 14, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to trick users into downloading and executing arbitrary programs on a user's system. A design error in the processing of mouse clicks in new browser windows and the predictability of the position of the File Download dialog box can be exploited to trick the user into clicking on the Run button of the dialog box.

tags | advisory, arbitrary
systems | windows
MD5 | 4deb6f1ff04696a98d0b46a51e0d492b
secunia-OperaCLU.txt
Posted Nov 30, 2005
Authored by Jakob Balle, Peter Zelezny | Site secunia.com

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Opera parsing shell commands that are enclosed within backticks in the URL provided via the command line. Versions below 8.51 are susceptible.

tags | advisory, shell
MD5 | c649ae4aec80910a1346a197721ee8e2
secunia-opera.txt
Posted Sep 23, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered two vulnerabilities in the Opera Mail client, which can be exploited by a malicious person to conduct script insertion attacks and to spoof the name of attached files. Version 8.02 is affected.

tags | advisory, spoof, vulnerability
MD5 | 2f24c63085efe7eb95e6b9450b285927
SqWebMail.txt
Posted Aug 31, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.

tags | exploit, arbitrary
MD5 | 57470dc10cef0798ea3aec873b6095dd
secres04012005.txt
Posted Jan 5, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths are not displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux and Mozilla Firefox 1.0.

tags | advisory, spoof
systems | linux
MD5 | 3693d378d99b3ed884ca8b5b80855e59
saMultiple.txt
Posted Oct 27, 2004
Authored by Jakob Balle | Site secunia.com

Secunia Research Advisory - Multiple browsers suffer from multiple vulnerabilities. It is possible for a inactive tab to spawn dialog boxes e.g. the JavaScript Prompt box or the Download dialog box, even if the user is browsing/viewing a completely different web site in another tab. It is also possible for an inactive tab to always gain focus on a form field in the inactive tab, even if the user is browsing/viewing a completely different web site in another tab.

tags | advisory, web, javascript, vulnerability
MD5 | 5d9bcf2b56ac00a434ce9b989b602923
Secunia Security Advisory 11532
Posted May 13, 2004
Authored by Jakob Balle, Secunia | Site secunia.com

Secunia Advisory SA11532 - Secunia has discovered a vulnerability in the Opera browser, which can be exploited by malicious people to fake (spoof) information displayed in the address bar. The vulnerability has been confirmed in version 7.23 for Windows and Linux. Prior versions may also be affected.

tags | advisory, spoof
systems | linux, windows
MD5 | e1d02241499399bc0dffa07448f5451a
secuniaOpera.txt
Posted May 13, 2003
Authored by Jakob Balle | Site secunia.com

Secunia Research Advisory - Opera browser versions 7.10 and 7.03 suffer from denial of service and possible remote code execution vulnerabilities due to incorrect handling of long filename extensions.

tags | advisory, remote, denial of service, vulnerability, code execution
MD5 | 9325932165bd7f56c958043eae54822e
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close