Email address | private |
---|---|
First Active | 2007-02-24 |
Last Active | 2011-10-19 |
Whitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.
59aae9b502f6267802e5e03c5acbbc8cc5b2055211508a758f0223c1089883be
Dolphin Browser HD versions prior to 6.1.0 suffer from a cross applications scripting vulnerability.
fec0542347d11dcaba40a36e576a9a2728f140dc57e324d0e46a4289ce1ef603
A 3rd party application may exploit Android's Browser URL loading process in order to inject JavaScript code into an arbitrary domain thus break Android's sandboxing. Versions 2.3.4 and 3.1 have been found vulnerable.
e69e53a920a455ea417e80477c2fab5c49deede7cf7c53b2cbeaf6c9493d8670
The Babylon online dictionary and translation software fails to sanitize user input before rendering it on the Trident control, effectively leading to a cross-application scripting vulnerability. The Trident control runs in Local Machine Zone (LMZ) which is not Locked down and due to this the vulnerability can allow for code execution.
521bd04a9d93d3243cb54ea1da35796ea3e0170a38c45bee3986db191b659c09
Write up discussing the breaking of Google Gears' cross origin communication model.
42c449424322d157ce506a8ff66a83abe0194f2dc1ba8d911cb1133691c3df2a
Whitepaper discussing a serious vulnerability in Google Desktop. The attack is composed of web-application security flaws found in Google Desktop along with exploitation of Google Desktop's tight integration with the Google.com website.
0d0fe93a2dd71d7872267488cb64152eb357a94750078e6b22fbba7faac2a033