This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.
5f9aa1e1147648a40479bc5b43a72f60f8b6d73aedadd62e3613fc7f5288b2b5Signal Desktop suffers from an HTML injection vulnerability.
7342445a2a81bafeda692b4072a1691a6690f325366e6a19c447cb00b1ecd5e3Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.
8526928f509f97d7e0834f717c78107205e579fe4ff0afe98df28f0c90da1ecaThese are slides from the Practical Padding Oracle Attack presentation given at BlackHat Europe 2010.
44d6bd6f34982348a4af9f4bd0fe7a99db3855f3ff6cb55230636fab6a2bbf7bFlickr's API suffered from an API signature forgery vulnerability.
5ccd31c5ca0a4a2de399439bd373a24fdf78b60509f8b7a1c5a3ea0ac654b463Core Security Technologies Advisory ID: CORE-2004-0819 - A vulnerability found in the parsing of PNG images could allow an attacker to execute arbitrary code in the chat partner's machine and gain access to the system with the privileges of the user running the MSN Messenger client program.
250f272fbc92a965e425c8cd048b613553ff4b6c3eb39c848ca79f39aace37feCore Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.
7b01fd77323cb00294467c5222071074dff2361a56225c284762a06529f677e0White paper analysis of the SSL PCT vulnerability. Gives full details on how exploitation has been performed and what it took for working exploits to be created.
3116bb87613b5d9fab025e65808aed7e01cc4c13cc628bb9d6dbce65d65108d3Core Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.
44529d93a00bb88bb168c0c51d37842dbc5cf391d901a6518dd8e0c2baf882eeCore Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.
4cec04e283e741382af7d9e0df4bd761c6f1056aebdaed02bb1f8e78709d07fe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed