This paper reviews fuzzing and its context within the field of information security research. We firstly examine how vulnerabilities come to exist in software and how security researchers find them. After a brief overview of common vulnerability types and methods of static analysis, we look in more depth at the field of fuzzing. Competing approaches to fuzzing are examined, from simple random inputs all the way to using genetic algorithms and taint analysis. The importance of measuring code coverage to evaluate the completeness of a fuzzing campaign is examined. Finally, previous work on fuzz testing of web browsers is reviewed.
847622b4537e1334fad9504003ab57fb51baf3575e0822fba4b6117eb8be63d2
This NSE script for Nmap exploits a directory traversal vulnerability in dnaTools dnaLIMS version 4-2015s13.
14000eb7e96ae44276fb5bd1d81181a295942cd488c90f9058e76d64598d4a63
This NSE script for Nmap exploits a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2.
453e63883fdaffb5ec618ef53ef8f9b005dad44b6e71f23b25a260104dacbeaa
The WordPress Spider Event Calendar Plugin, prior to 1.5.51 suffers from a blind SQL injection vulnerability due to improper sanitization of an order_by parameter.
4454658986b01df7747b115a7789ea51bbfcd5b69c667b6f78c6f281074c4d75
All Foscam cameras and network devices use the same SSL private key that is hard coded into the downloadable firmware. The keys were extracted using the utility 'binwalk' and allow an attacker to MITM any Foscam device.
afdbd095e899a1acc3e162aed80c4958227c92fb79a9da16b9252697405451c6