what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Juliano Rizzo

First Active2003-05-28
Last Active2018-05-16
Signal Desktop HTML Tag Injection Variant 2
Posted May 16, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro, Matt Bryant

This advisory documents proof of concept flows for manipulation the HTML tag injection vulnerability discovered in Signal Desktop. Versions affected include 1.7.1, 1.8.0, 1.9.0, 1.10.0, and 1.10.1.

tags | exploit, proof of concept
advisories | CVE-2018-11101
SHA-256 | 5f9aa1e1147648a40479bc5b43a72f60f8b6d73aedadd62e3613fc7f5288b2b5
Signal Desktop HTML Injection
Posted May 15, 2018
Authored by Juliano Rizzo, Alfredo Ortega, Javier Lorenzo Carlos Smaldone, Ivan Ariel Barrera Oro

Signal Desktop suffers from an HTML injection vulnerability.

tags | exploit
advisories | CVE-2018-10994
SHA-256 | 7342445a2a81bafeda692b4072a1691a6690f325366e6a19c447cb00b1ecd5e3
Browser Exploit Against SSL/TLS
Posted Oct 3, 2011
Authored by Juliano Rizzo, Thai Duong

Browser Exploit Against SSL/TLS, or BEAST, is a proof of concept tool that demonstrates a weakness in the SSL protocol. It allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

tags | exploit, protocol, proof of concept
SHA-256 | 8526928f509f97d7e0834f717c78107205e579fe4ff0afe98df28f0c90da1eca
Practical Padding Oracle Attacks
Posted Sep 29, 2010
Authored by Juliano Rizzo, Thai Duong

These are slides from the Practical Padding Oracle Attack presentation given at BlackHat Europe 2010.

tags | paper
SHA-256 | 44d6bd6f34982348a4af9f4bd0fe7a99db3855f3ff6cb55230636fab6a2bbf7b
Flickr API Signature Forgery
Posted Sep 30, 2009
Authored by Juliano Rizzo, Thai Duong | Site netifera.com

Flickr's API suffered from an API signature forgery vulnerability.

tags | advisory
SHA-256 | 5ccd31c5ca0a4a2de399439bd373a24fdf78b60509f8b7a1c5a3ea0ac654b463
Core Security Technologies Advisory 2004.0819
Posted Feb 23, 2005
Authored by Core Security Technologies, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0819 - A vulnerability found in the parsing of PNG images could allow an attacker to execute arbitrary code in the chat partner's machine and gain access to the system with the privileges of the user running the MSN Messenger client program.

tags | advisory, arbitrary
advisories | CVE-2004-0597
SHA-256 | 250f272fbc92a965e425c8cd048b613553ff4b6c3eb39c848ca79f39aace37fe
Core Security Technologies Advisory 2004.0802
Posted Oct 13, 2004
Authored by Core Security Technologies, Lucas Lavarello, Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2004-0802 - Microsoft IIS provides organizations using it with the ability to service and route news using the Network News Transfer Protocol (NNTP) with the Microsoft NNTP service listening on port 119/tcp, and optionally on port 563/tcp for SSL encrypted connections. Multiple vulnerabilities were found in Microsoft IIS that could allow an attacker to execute arbitrary commands on vulnerable systems running the Microsoft IIS NNTP service.

tags | advisory, arbitrary, tcp, vulnerability, protocol
advisories | CVE-2004-0574
SHA-256 | 7b01fd77323cb00294467c5222071074dff2361a56225c284762a06529f677e0
SSLPCT.txt
Posted May 3, 2004
Authored by Juliano Rizzo

White paper analysis of the SSL PCT vulnerability. Gives full details on how exploitation has been performed and what it took for working exploits to be created.

tags | paper
SHA-256 | 3116bb87613b5d9fab025e65808aed7e01cc4c13cc628bb9d6dbce65d65108d3
core.dce-rpc.txt
Posted Dec 15, 2003
Authored by Juliano Rizzo, Javier Kohen | Site coresecurity.com

Core Security Technologies Advisory CORE-2003-12-05 - New attack vectors were found for the Workstation Service vulnerability discussed in MS03-049 and the Messenger service vulnerabilities in MS03-001, MS03-026 and MS03-043. It was found that the attacks can be directed at UDP ports from spoofed source IP's, at the UDP broadcast addresses, or to ports above 1024, bypassing many firewalls by setting the source port to 53 and spoofing the packet from a trusted DNS server.

tags | advisory, udp, spoof, vulnerability
SHA-256 | 44529d93a00bb88bb168c0c51d37842dbc5cf391d901a6518dd8e0c2baf882ee
core.axis.txt
Posted May 28, 2003
Authored by Juliano Rizzo | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0403 - The Axis Network Camera HTTP server is vulnerable to an authentication bypass when a double slash is put in front of the admin directory in the URL. This allows a remote attacker to modify the configuration as they see fit and allows the root password to be reset. Doing this in conjunction with enabling the telnet server allows for a complete server compromise.

tags | exploit, remote, web, root
SHA-256 | 4cec04e283e741382af7d9e0df4bd761c6f1056aebdaed02bb1f8e78709d07fe
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close