Skipfish Web Application Scanner 1.03b
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
View ArticleSkipfish Web Application Scanner 1.11b
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
View ArticleSafari SOP Bypass / Firefox Address Bar Spoofing
Michal Zalewski has noted some interested security bugs with Safari, Firefox and WebKit-based browsers.
View ArticleSkipfish Web Application Scanner 1.52b
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
View ArticleJuniper SSL VPN Bypass / Cross Site Scripting
This is a list of older cross site scripting and bypass vulnerabilities associated with older Juniper IVE releases.
View ArticleSkipfish Web Application Scanner 1.78b
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
View ArticleFirefox 3.6.13 pseudo-URL SOP Check Bug
Firefox version 3.6.13 fixes an interesting bug in their same-origin policy logic for pseudo-URLs that do not have any inherent origin associated with them.
View ArticleFirefox CSS :visited Proof Of Concept
This code is a proof of concept that demonstrates history extraction in Firefox through non-destructive cache timing.
View ArticleJavaScript Switcharoo Proof Of Concept
It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual...
View ArticleJavaScript Switcharoo Proof Of Concept 2
Firefox and Opera allow you to omit MIME type in data: URLs, possibly put random garbage into that section, and still get a valid HTML document. This is a natural extension of how the Content-Type...
View ArticleClickIt Proof Of Concept
JavaScript allows you to exploit human cognitive abilities to a remarkable extent; tools such as window positioning, history.forward() and history.back(), open some scary possibilities that we are...
View ArticleP0f 3.0.0 Release Candidate 1
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single...
View ArticleP0f 3.0.0b
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single...
View Articlep0f 3.03b Windows Port
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single...
View ArticleBrowser Navigation Download Trick
It is an important and little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate...
View ArticleSkipfish Web Application Scanner 2.09b
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
View ArticleJavascript Page Interaction History Leak
Michal Zalewski put together a really amusing asteroids proof of concept to demonstrate how a modified version of the javascript ":visited" attack can be leveraged based on visibility. Proof of concept...
View ArticleIJG jpeg6b / libjpeg-turbo Uninitialized Memory
jpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data...
View Articlep0f 3.07b Windows Port
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single...
View ArticleMozilla Firefox Secret Leak
The recent release of Firefox 32 fixes another interesting image parsing issue found by afl. Following a refactoring of memory management code, the past few versions of the browser ended up using...
View ArticleBash Me Some More
This is information regarding more bash vulnerabilities and how the original bash patches are ineffective.
View ArticleFirefox / MSIE Memory Disclosure Bugs
Firefox versions prior to 33 leak bits of uninitialized memory when rendering certain types of truncated images onto canvas tags. Secondly, MSRC case #19611cz is a seemingly similar issue with Internet...
View Articlelibbfd Out Of Bounds
Zalewski has noted that binaries which have dependencies on libbfd may be leveraged for attacks due to libbfd having a large range of possibly exploitable out-of-bounds crashes.
View ArticleCUPS Filter Bash Environment Variable Code Injection
This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION...
View ArticleSQLite 22 Bugs
SQLite has had 22 security bugs reported including stack buffer overflow and uninitialized memory vulnerabilities. Version 3.8.9 addresses these issues.
View Article