exploit the possibilities
Showing 1 - 10 of 10 RSS Feed

Files from Juliano Rizzo

First Active2003-05-28
Last Active2018-05-16
Signal Desktop HTML Tag Injection Variant 2
Posted May 16, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro, Matt Bryant

This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

tags | exploit, proof of concept
advisories | CVE-2018-11101
SHA-256 | 5f9aa1e1147648a40479bc5b43a72f60f8b6d73aedadd62e3613fc7f5288b2b5
Signal Desktop HTML Injection
Posted May 15, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro

Signal Desktop suffers from an HTML injection vulnerability.

tags | exploit
advisories | CVE-2018-10994
SHA-256 | 7342445a2a81bafeda692b4072a1691a6690f325366e6a19c447cb00b1ecd5e3
Browser Exploit Against SSL/TLS
Posted Oct 3, 2011
Authored by Juliano Rizzo, Thai Duong

Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

tags | exploit, protocol, proof of concept
SHA-256 | 8526928f509f97d7e0834f717c78107205e579fe4ff0afe98df28f0c90da1eca
Practical Padding Oracle Attacks
Posted Sep 29, 2010
Authored by Juliano Rizzo, Thai Duong

These are slides from the Practical Padding Oracle Attack presentation given at BlackHat Europe 2010.

tags | paper
SHA-256 | 44d6bd6f34982348a4af9f4bd0fe7a99db3855f3ff6cb55230636fab6a2bbf7b
Flickr API Signature Forgery
Posted Sep 30, 2009
Authored by Juliano Rizzo, Thai Duong | Site netifera.com

Flickr's API suffered from an API signature forgery vulnerability.

tags | advisory
SHA-256 | 5ccd31c5ca0a4a2de399439bd373a24fdf78b60509f8b7a1c5a3ea0ac654b463
Core Security Technologies Advisory 2004.0819
Posted Feb 23, 2005
Authored by Core Security Technologies, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0819 - A vulnerability found in the parsing of PNG images could allow an attacker to execute arbitrary code in the chat partner's machine and gain access to the system with the privileges of the user running the MSN Messenger client program.

tags | advisory, arbitrary
advisories | CVE-2004-0597
SHA-256 | 250f272fbc92a965e425c8cd048b613553ff4b6c3eb39c848ca79f39aace37fe
Core Security Technologies Advisory 2004.0802
Posted Oct 13, 2004
Authored by Core Security Technologies, Lucas Lavarello, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.

tags | advisory, arbitrary, tcp, vulnerability, protocol
advisories | CVE-2004-0574
SHA-256 | 7b01fd77323cb00294467c5222071074dff2361a56225c284762a06529f677e0
Posted May 3, 2004
Authored by Juliano Rizzo

White paper analysis of the SSL PCT vulnerability. Gives full details on how exploitation has been performed and what it took for working exploits to be created.

tags | paper
SHA-256 | 3116bb87613b5d9fab025e65808aed7e01cc4c13cc628bb9d6dbce65d65108d3
Posted Dec 15, 2003
Authored by Juliano Rizzo, Javier Kohen | Site coresecurity.com

Core Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.

tags | advisory, udp, spoof, vulnerability
SHA-256 | 44529d93a00bb88bb168c0c51d37842dbc5cf391d901a6518dd8e0c2baf882ee
Posted May 28, 2003
Authored by Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.

tags | exploit, remote, web, root
SHA-256 | 4cec04e283e741382af7d9e0df4bd761c6f1056aebdaed02bb1f8e78709d07fe
Page 1 of 1

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By