«
Expand/Collapse
47 items tagged "class"
Related tags:
metasploit [+],
video [+],
hacks [+],
flash [+],
memory corruption [+],
display [+],
adobe flash player [+],
zero [+],
xwork [+],
windows [+],
upload [+],
slides [+],
server authentication [+],
parameterinterceptor [+],
malicious files [+],
handling [+],
drupal [+],
demonstration code [+],
cross site scripting [+],
configuration interface [+],
class names [+],
block [+],
arbitrary code execution [+],
steve dispensa [+],
sslv3 [+],
shell [+],
ruby [+],
request headers [+],
ognl [+],
network names [+],
network [+],
marsh ray [+],
integer [+],
httpurlconnection [+],
express tags [+],
exploits [+],
code execution [+],
class integer [+],
bigdecimal [+],
Wireless [+],
vulnerability [+],
zynga [+],
x client [+],
x applicationserver [+],
wyvern [+],
work [+],
william etter [+],
usb [+],
usa [+],
tuxsystem [+],
transmission [+],
tool [+],
thehostingtool [+],
telescope [+],
talk [+],
stanford [+],
sql injection [+],
spring framework [+],
spring [+],
social engineering [+],
security class [+],
security [+],
sebastian thrun [+],
scanning [+],
robotic car [+],
richard rushing [+],
rich internet [+],
ria [+],
rdp [+],
quadcopter [+],
pwb [+],
protection mechanism [+],
privacy breach [+],
predefined functions [+],
php [+],
peter norvig [+],
neat projects [+],
mit opencourseware [+],
meterpreter [+],
manchester encoding [+],
manchester [+],
jerry [+],
james [+],
interface design [+],
intelligence [+],
infrared transmission [+],
home [+],
hid [+],
gripper [+],
framework [+],
file upload [+],
felix [+],
fasttrack [+],
entertainment [+],
development [+],
design authors [+],
demo [+],
day [+],
daily basis [+],
control mechanism [+],
college [+],
codeigniter [+],
clientsystem [+],
clean filter [+],
classmates [+],
classic [+],
class classloader [+],
class action suit [+],
chessboard [+],
chess set [+],
chess [+],
chaos communication congress [+],
car [+],
build [+],
brian j hoskins [+],
brian [+],
blade propellers [+],
automated [+],
astronomy [+],
artificial intelligence [+],
artificial [+],
applications flash [+],
alright [+],
activex [+],
action [+],
Software [+],
General [+],
Discussion [+]
-
-
15:31
»
Packet Storm Security Advisories
The Drupal block class module allows users to add classes to any block through the block's configuration interface The class names in a block were not properly filtered. Someone with the ability to modify or create blocks could inject java script that would be rendered when viewing the block. Blockclass versions prior to 7.x-1.0 are affected.
-
15:31
»
Packet Storm Security Recent Files
The Drupal block class module allows users to add classes to any block through the block's configuration interface The class names in a block were not properly filtered. Someone with the ability to modify or create blocks could inject java script that would be rendered when viewing the block. Blockclass versions prior to 7.x-1.0 are affected.
-
15:31
»
Packet Storm Security Misc. Files
The Drupal block class module allows users to add classes to any block through the block's configuration interface The class names in a block were not properly filtered. Someone with the ability to modify or create blocks could inject java script that would be rendered when viewing the block. Blockclass versions prior to 7.x-1.0 are affected.
-
-
7:00
»
Hack a Day
If you’ve ever wanted your own self-driving car, this is your chance. [Sebastian Thrun], co-lecturer (along with the great [Peter Norvig]) of the Stanford AI class is opening up a new class that will teach everyone who enrolls how to program a self-driving car in seven weeks. The robotic car class is being taught alongside a [...]
-
-
5:01
»
Hack a Day
Despite being a college class everyone regarded as an easy ‘A,’ astronomy is very hard work. Not only do many hours go into capturing a single image, the equipment itself must be constantly monitored well into the freezing cold of night. [Jerry] sent in a few neat projects that have made his nights much more [...]
-
-
13:14
»
SecDocs
Authors:
Richard Rushing Tags:
USB Event:
Black Hat USA 2010 Abstract: The USB HID class describes devices used with nearly every modern computer. Many predefined functions exist in the USB HID class. These functions allow hardware manufacturers to design a product to USB HID class specifications and expect it to work with any software that also meets these specifications. The (HID) Hacker Interface Design is due to the fact that the benefits of a well-defined specification like the USB HID class is the abundance of device drivers available in most modern operating systems. So this hardware attack is cross platform. And ultra simple to carry out.
-
-
15:01
»
Hack a Day
In a little more than a month, tens of thousands of people around the world will attend a class on Artificial Intelligence at Stanford. Registration for this class is still open for both class ‘tracks’. The “basic” track is simply watching lectures and answering quizzes, or a slightly more advanced version of MIT OpenCourseware or [...]
-
-
15:01
»
Hack a Day
You can get class credit for the coolest things these days. Take for instance, this Automatic Chessboard that [Brian] and [James] built for the final project in one of their classes this spring. We just looked at a robotic chess setup on Monday that used a gripper mounted on a gantry to move the pieces. [...]
-
-
16:25
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidden account present within the com.trinagy.security.XMLUserManager Java class. Using this account a malicious user can access the com.trinagy.servlet.HelpManagerServlet class. This is defined within the piweb.jar file installed with Performance Insight. This class exposes a doPost() method which an attacker can use to upload malicious files to the server. Accessing these files can then lead to arbitrary code execution under the context of the SYSTEM user.
-
16:25
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidden account present within the com.trinagy.security.XMLUserManager Java class. Using this account a malicious user can access the com.trinagy.servlet.HelpManagerServlet class. This is defined within the piweb.jar file installed with Performance Insight. This class exposes a doPost() method which an attacker can use to upload malicious files to the server. Accessing these files can then lead to arbitrary code execution under the context of the SYSTEM user.
-
16:25
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidden account present within the com.trinagy.security.XMLUserManager Java class. Using this account a malicious user can access the com.trinagy.servlet.HelpManagerServlet class. This is defined within the piweb.jar file installed with Performance Insight. This class exposes a doPost() method which an attacker can use to upload malicious files to the server. Accessing these files can then lead to arbitrary code execution under the context of the SYSTEM user.
-
-
10:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the chunked transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network connect permissions for local network addresses. Various other issues were discovered and addressed.
-
10:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1010-1 - Various openjdk issues have been addressed. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. It was discovered that HttpURLConnection improperly handled the chunked transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. It was discovered that the NetworkInterface class improperly checked the network connect permissions for local network addresses. Various other issues were discovered and addressed.
-
-
8:13
»
Hack a Day
[William Etter] and his classmates built a quadcopter as a class project. We love the details of these builds and they came through with some thorough documentation. Some highlights that we enjoyed were reading about ABS body design and construction, their analysis of two versus three blade propellers, and their breadboarded control mechanism. You can [...]
-
-
7:01
»
Hack a Day
Alright class, quiet down and open your books to the chapter on Manchester Encoding. [Brian J Hoskins] did just that when building this RC5 decoder. This protocol is commonly used in television remote controls. You use them on a daily basis, don’t you think it’s time you understood what’s going on? Check out his writeup [...]
-
-
21:04
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Rich Internet Applications Flash Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The talk will discuss a class of in-the-wild malware and exploits, reasons for it's success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released. The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content before using it. Focusing on Adobe Flash content, the security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world.
-
-
9:45
»
remote-exploit & backtrack
well, i just recommended pwb class to an info sec friend at work :) if all works he will get to sign for this soon :).
now to convince my wife that it would make a great b-day present for me (as programming line hard to figure out how to make work pay) :)
sin-cerely,
Trol
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution