This paper reviews fuzzing and its context within the field of information security research. We firstly examine how vulnerabilities come to exist in software and how security researchers find them. After a brief overview of common vulnerability types and methods of static analysis, we look in more depth at the field of fuzzing. Competing approaches to fuzzing are examined, from simple random inputs all the way to using genetic algorithms and taint analysis. The importance of measuring code coverage to evaluate the completeness of a fuzzing campaign is examined. Finally, previous work on fuzz testing of web browsers is reviewed.
847622b4537e1334fad9504003ab57fb51baf3575e0822fba4b6117eb8be63d2This NSE script for Nmap exploits a directory traversal vulnerability in dnaTools dnaLIMS version 4-2015s13.
14000eb7e96ae44276fb5bd1d81181a295942cd488c90f9058e76d64598d4a63This NSE script for Nmap exploits a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.
453e63883fdaffb5ec618ef53ef8f9b005dad44b6e71f23b25a260104dacbeaaThe WordPress Spider Event Calendar Plugin, prior to 1.5.51 suffers from a blind SQL injection vulnerability due to improper sanitization of an order_by parameter.
4454658986b01df7747b115a7789ea51bbfcd5b69c667b6f78c6f281074c4d75All Foscam cameras and network devices use the same SSL private key that is hard coded into the downloadable firmware. The keys were extracted using the utility 'binwalk' and allow an attacker to MITM any Foscam device.
afdbd095e899a1acc3e162aed80c4958227c92fb79a9da16b9252697405451c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed