exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files from Jakob Balle

Email addressjb at secunia.com
First Active2003-05-13
Last Active2010-08-13
Opera Download Dialog File Execution Security Issue
Posted Aug 13, 2010
Authored by Jakob Balle, Sven Krewitt | Site secunia.com

Secunia Research has discovered a security issue in Opera, which can be exploited by malicious people to compromise a vulnerable system. The "Download" dialog provides the option to run a downloadable executable at a predictable location in the browser window. This can be exploited to trick a user into clicking on the "Run" button by positioning a new window on top of the "Download" dialog that is closed e.g. via a timeout shortly before the user clicks on a link within this window. Versions 10.53, 10.54, and 10.60 are affected.

tags | advisory
advisories | CVE-2010-2576
SHA-256 | 6d6d66e9a32fff988d108b6aacf6aafbb0e751bab35b122c3740cd1095ab2b33
Google Chrome Pop-Up Block Menu Handling
Posted Jan 27, 2010
Authored by Carsten Eiram, Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a use-after-free error when trying to display a blocked pop-up window while navigating away from the current site. Successful exploitation may allow execution of arbitrary code. Version 3.0.195.38 is affected.

tags | advisory, arbitrary
SHA-256 | ca51a53be3e2be60a135aef75af0e1b2b44ab80b91e0ccfa337b8c33ef7be350
Mozilla Firefox Java Applet Loading Vulnerability
Posted Jun 12, 2009
Authored by Carsten Eiram, Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Firefox, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a race condition when accessing the private data of an NPObject JS wrapper class object if navigating away from a web page while loading a Java applet. This can be exploited via a specially crafted web page to use already freed memory. Successful exploitation may allow execution of arbitrary code. Firefox versions 3.0.7, 3.0.8, and 3.0.9 for Windows with JRE 6 Update 13 are affected.

tags | advisory, java, web, arbitrary
systems | windows
advisories | CVE-2009-1837
SHA-256 | 59a414dd2e58d6c33945c4e0a4203f55a583994a9ddb89946f7965278edcebe0
secunia-ie7.txt
Posted Feb 24, 2007
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice. The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.

tags | advisory, spoof
systems | windows
SHA-256 | 092e93a632b4f71f1943c00dcb9e6057e53974a29bc4c51666ffe12ca8e5216b
secunia-iescript.txt
Posted Dec 15, 2006
Authored by Carsten Eiram, Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the exception handling of script errors. This can be exploited to corrupt memory via an HTML document containing specially crafted JavaScript that triggers certain errors simultaneously. Microsoft Internet Explorer 6.0 is affected.

tags | advisory, javascript
advisories | CVE-2006-5579
SHA-256 | dd22c9ed6d25b103da6b72c0e33253fcf2f55360ddb41df5df49a8f3b264a4d9
secunia-LotusDomino.txt
Posted Feb 13, 2006
Authored by Jakob Balle, Tan Chew Keong | Site secunia.com

Secunia Research has discovered some vulnerabilities in Lotus Domino iNotes Client, which can be exploited by malicious people to conduct script insertion attacks. Affected versions include IBM Lotus Domino Web Access 7.x, IBM Lotus Domino Web Access (iNotes) 6.x, IBM Lotus Domino 6.x, and IBM Lotus Domino 7.x.

tags | advisory, web, vulnerability
SHA-256 | b55a4f37f4611abd8cbe649bb902701992e861abc861f2023115d74fa75039f7
secunia-IE2.txt
Posted Dec 14, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to trick users into downloading and executing arbitrary programs on a user's system. A design error in the processing of mouse clicks in new browser windows and the predictability of the position of the File Download dialog box can be exploited to trick the user into clicking on the Run button of the dialog box.

tags | advisory, arbitrary
systems | windows
SHA-256 | add1b79fbba766c7c37cc6c8189b9162030b5a7c8c030db19bb507a324aed2cb
secunia-OperaCLU.txt
Posted Nov 30, 2005
Authored by Jakob Balle, Peter Zelezny | Site secunia.com

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Opera parsing shell commands that are enclosed within backticks in the URL provided via the command line. Versions below 8.51 are susceptible.

tags | advisory, shell
SHA-256 | 7f5c14bdc2019e06d48256414bf2ea131c5f04ec0912f9ea8a1ed800db6da6a1
secunia-opera.txt
Posted Sep 23, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered two vulnerabilities in the Opera Mail client, which can be exploited by a malicious person to conduct script insertion attacks and to spoof the name of attached files. Version 8.02 is affected.

tags | advisory, spoof, vulnerability
SHA-256 | aca5e53fd676ad9100ad9b6862edc517cceb04b62c8877cc5f3f751332155c93
SqWebMail.txt
Posted Aug 31, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to SqWebMail failing to properly sanitize HTML emails. This can be exploited to include arbitrary script code in HTML emails, which will be executed in context of the SqWebMail server, as soon as the user views a received email. Version 5.0.4 is affected.

tags | exploit, arbitrary
SHA-256 | 9f8815d1479722e3a79864780a1f90bda89aae671d21b3d259241bad31b87763
secres04012005.txt
Posted Jan 5, 2005
Authored by Jakob Balle | Site secunia.com

Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths are not displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box. The vulnerability has been confirmed in Mozilla 1.7.3 for Linux and Mozilla Firefox 1.0.

tags | advisory, spoof
systems | linux
SHA-256 | a34b640f70ddc606dfd05747def65a8fcb3787cf889e9e3a01a9b0f7515e55b9
saMultiple.txt
Posted Oct 27, 2004
Authored by Jakob Balle | Site secunia.com

Secunia Research Advisory - Multiple browsers suffer from multiple vulnerabilities. It is possible for a inactive tab to spawn dialog boxes e.g. the JavaScript Prompt box or the Download dialog box, even if the user is browsing/viewing a completely different web site in another tab. It is also possible for an inactive tab to always gain focus on a form field in the inactive tab, even if the user is browsing/viewing a completely different web site in another tab.

tags | advisory, web, javascript, vulnerability
SHA-256 | 256a9cf72b138de62766e62d9cf3c869c5b78f2856b27be8a21cff2091527c98
Secunia Security Advisory 11532
Posted May 13, 2004
Authored by Jakob Balle, Secunia | Site secunia.com

Secunia Advisory SA11532 - Secunia has discovered a vulnerability in the Opera browser, which can be exploited by malicious people to fake (spoof) information displayed in the address bar. The vulnerability has been confirmed in version 7.23 for Windows and Linux. Prior versions may also be affected.

tags | advisory, spoof
systems | linux, windows
SHA-256 | dc53e66630e90a2121277a9e645a4eb3320a8d21a55b9a23af104ae4d9089546
secuniaOpera.txt
Posted May 13, 2003
Authored by Jakob Balle | Site secunia.com

Secunia Research Advisory - Opera browser versions 7.10 and 7.03 suffer from denial of service and possible remote code execution vulnerabilities due to incorrect handling of long filename extensions.

tags | advisory, remote, denial of service, vulnerability, code execution
SHA-256 | 6813e2fb04422a621b2923b0573f448627a664e0e64d5de3ab7ba2ce8d64ae00
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close