Showing 1 - 6 of 6

Files from Yair Amit

DNS Poisoning Via Port Exhaustion: Posted Oct 19, 2011; Authored by Yair Amit, Roee Hay; Whitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.; tags | advisory, paper, java, remote, arbitrary, local, vulnerability; systems | windows; advisories | CVE-2011-3552, CVE-2010-4448; SHA-256 | 59aae9b502f6267802e5e03c5acbbc8cc5b2055211508a758f0223c1089883be; Download | Favorite | View

Dolphin Browser HD Cross Application Scripting: Posted Sep 21, 2011; Authored by Yair Amit, Roee Hay; Dolphin Browser HD versions prior to 6.1.0 suffer from a cross applications scripting vulnerability.; tags | exploit; advisories | CVE-2011-2357; SHA-256 | fec0542347d11dcaba40a36e576a9a2728f140dc57e324d0e46a4289ce1ef603; Download | Favorite | View

Android Browser Cross Application Scripting: Posted Aug 2, 2011; Authored by Yair Amit, Roee Hay; A 3rd party application may exploit Android's Browser URL loading process in order to inject JavaScript code into an arbitrary domain thus break Android's sandboxing. Versions 2.3.4 and 3.1 have been found vulnerable.; tags | exploit, arbitrary, javascript; advisories | CVE-2011-2357; SHA-256 | e69e53a920a455ea417e80477c2fab5c49deede7cf7c53b2cbeaf6c9493d8670; Download | Favorite | View

Babylon Cross-Application Scripting Code Execution: Posted Nov 11, 2010; Authored by Yair Amit, Roee Hay; The Babylon online dictionary and translation software fails to sanitize user input before rendering it on the Trident control, effectively leading to a cross-application scripting vulnerability. The Trident control runs in Local Machine Zone (LMZ) which is not Locked down and due to this the vulnerability can allow for code execution.; tags | advisory, local, code execution; SHA-256 | 521bd04a9d93d3243cb54ea1da35796ea3e0170a38c45bee3986db191b659c09; Download | Favorite | View

Google Gears Cross Origin Communication Model: Posted Dec 9, 2008; Authored by Yair Amit; Write up discussing the breaking of Google Gears' cross origin communication model.; tags | advisory; SHA-256 | 42c449424322d157ce506a8ff66a83abe0194f2dc1ba8d911cb1133691c3df2a; Download | Favorite | View

Overtaking-Google-Desktop.pdf: Posted Feb 24, 2007; Authored by Yair Amit | Site watchfire.com; Whitepaper discussing a serious vulnerability in Google Desktop. The attack is composed of web-application security flaws found in Google Desktop along with exploitation of Google Desktop's tight integration with the Google.com website.; tags | paper, web; SHA-256 | 0d0fe93a2dd71d7872267488cb64152eb357a94750078e6b22fbba7faac2a033; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days