Twenty Year Anniversary
Showing 1 - 10 of 10 RSS Feed

Files from Juliano Rizzo

First Active2003-05-28
Last Active2018-05-16
Signal Desktop HTML Tag Injection Variant 2
Posted May 16, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro, Matt Bryant

This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

tags | exploit, proof of concept
advisories | CVE-2018-11101
MD5 | 660bd6347ef764f0453a90d36941066a
Signal Desktop HTML Injection
Posted May 15, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro

Signal Desktop suffers from an HTML injection vulnerability.

tags | exploit
advisories | CVE-2018-10994
MD5 | 6ba6cba9579d623f07767c74079873cb
Browser Exploit Against SSL/TLS
Posted Oct 3, 2011
Authored by Juliano Rizzo, Thai Duong

Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

tags | exploit, protocol, proof of concept
MD5 | c0d832089612de08c6935977f7c401f5
Practical Padding Oracle Attacks
Posted Sep 29, 2010
Authored by Juliano Rizzo, Thai Duong

These are slides from the Practical Padding Oracle Attack presentation given at BlackHat Europe 2010.

tags | paper
MD5 | bc4c5b4525f49da4823ddbd4f03e8f7d
Flickr API Signature Forgery
Posted Sep 30, 2009
Authored by Juliano Rizzo, Thai Duong | Site netifera.com

Flickr's API suffered from an API signature forgery vulnerability.

tags | advisory
MD5 | 13678bce7a271ddbc27327b741a26789
Core Security Technologies Advisory 2004.0819
Posted Feb 23, 2005
Authored by Core Security Technologies, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0819 - A vulnerability found in the parsing of PNG images could allow an attacker to execute arbitrary code in the chat partner's machine and gain access to the system with the privileges of the user running the MSN Messenger client program.

tags | advisory, arbitrary
advisories | CVE-2004-0597
MD5 | bc48df336fba899194d10932943ff825
Core Security Technologies Advisory 2004.0802
Posted Oct 13, 2004
Authored by Core Security Technologies, Lucas Lavarello, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.

tags | advisory, arbitrary, tcp, vulnerability, protocol
advisories | CVE-2004-0574
MD5 | 3767536a66a321173703c6796a2a86c7
SSLPCT.txt
Posted May 3, 2004
Authored by Juliano Rizzo

White paper analysis of the SSL PCT vulnerability. Gives full details on how exploitation has been performed and what it took for working exploits to be created.

tags | paper
MD5 | aae6021952f7f660540073da5b8d4fdf
core.dce-rpc.txt
Posted Dec 15, 2003
Authored by Juliano Rizzo, Javier Kohen | Site coresecurity.com

Core Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.

tags | advisory, udp, spoof, vulnerability
MD5 | 9c7743f34e19d9d5df652ce24486acd8
core.axis.txt
Posted May 28, 2003
Authored by Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.

tags | exploit, remote, web, root
MD5 | a5e3469f753ba4068c41d8a4e0396b5b
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    4 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close