«
Expand/Collapse
811 items tagged "application"
Related tags:
platform [+],
image [+],
external entities [+],
chaos communication congress [+],
web application [+],
vulnerabilities [+],
raptor [+],
memory corruption [+],
manager [+],
enterprise web server [+],
web [+],
openjpeg [+],
office productivity suite [+],
malicious content [+],
libxml [+],
k desktop [+],
jboss enterprise application platform [+],
image tile [+],
iauto [+],
flaw [+],
arbitrary code execution [+],
red hat security [+],
web application security [+],
root context [+],
linux security [+],
forgery [+],
code execution [+],
web applications [+],
xss [+],
security vulnerabilities [+],
manageengine [+],
java sandbox [+],
java runtime environment [+],
java [+],
disclosure [+],
cross [+],
apple quicktime player [+],
apple quicktime [+],
xml standards [+],
xml entities [+],
xml [+],
x window system [+],
x window [+],
word user [+],
wildcard character [+],
wildcard [+],
web programming languages [+],
web application servers [+],
vulnerability scanner [+],
vbulletin [+],
tiff images [+],
tiff file [+],
tiff [+],
termination [+],
target [+],
system [+],
string [+],
steffen meschkat [+],
sql injection [+],
source [+],
skipfish [+],
simulator [+],
sequelink [+],
security [+],
role based access control [+],
realplayer user [+],
quicktime player [+],
png format [+],
perl applications [+],
perl [+],
pdf report [+],
org [+],
openoffice [+],
open source library [+],
open source community [+],
null terminator [+],
multiple [+],
microsoft office word [+],
memory operation [+],
linux components [+],
libwpd [+],
libvorbis [+],
libtiff [+],
libreoffice [+],
libexif [+],
language expressions [+],
kolkata [+],
julian wa [+],
jpeg [+],
interactive quality [+],
integer overflow [+],
inclusion [+],
graphical user interfaces [+],
gnu linux [+],
format library [+],
exchangeable image file format [+],
development toolbox [+],
dbd pg [+],
database [+],
csrf [+],
corel wordperfect office [+],
chaos communication camp [+],
atrac codec [+],
atom type [+],
array [+],
arbitrary code [+],
application scanner [+],
application programming interface [+],
application attempts [+],
apple security [+],
alexander klink [+],
ajax [+],
advisory [+],
active web [+],
access road [+],
xsl transformation [+],
whitepaper [+],
sql [+],
source code analysis [+],
smart card chips [+],
slides [+],
security vulnerability [+],
security authors [+],
ruby [+],
resource description framework [+],
replay [+],
red hat enterprise [+],
oracle webcenter [+],
oracle [+],
linux kernel [+],
libxslt [+],
laboratory research team [+],
jonathan wilkins [+],
hat [+],
hacks [+],
exploit [+],
enterprise [+],
content server [+],
cisco [+],
card [+],
authentication tokens [+],
application source code [+],
application server [+],
analysis [+],
access security [+],
based buffer overflow [+],
zero [+],
red [+],
mandriva linux [+],
day [+],
zero day [+],
mandriva [+],
wilkins [+],
white label [+],
web content management system [+],
web content management [+],
vpn client [+],
video [+],
user [+],
type 1 fonts [+],
translator [+],
tp link [+],
tokens [+],
td w [+],
target web [+],
subrion [+],
streaming server [+],
sqli [+],
spider [+],
solution [+],
smart [+],
simple 1 [+],
shopp [+],
shields [+],
shell command [+],
security pitfalls [+],
secure [+],
scarlet [+],
rvmrc [+],
rvm [+],
ruby version [+],
rendicion [+],
remote shell [+],
remote exploit [+],
raspi [+],
raspberry [+],
quiz [+],
proxmon [+],
privilege escalation vulnerability [+],
postscript type [+],
phptax [+],
php poll [+],
php code [+],
pfilez [+],
peru [+],
penetration [+],
osclass [+],
omni [+],
nvidia [+],
novel techniques [+],
note [+],
nintendo [+],
nicolas cannasse [+],
nicolas [+],
network application [+],
network [+],
nes [+],
mybb [+],
mutiple [+],
multi [+],
money [+],
model view controller [+],
memory [+],
maxforum [+],
marcia hofmann [+],
manager view [+],
manager multiple [+],
mac osx [+],
lotus notes [+],
link [+],
law [+],
jnews [+],
iphone [+],
install [+],
ink [+],
information disclosure [+],
hofmann [+],
haxe [+],
games [+],
function buffer overflow [+],
friendsinwar [+],
freetype [+],
fpds [+],
font [+],
firewalls [+],
file upload [+],
file permissions [+],
fantastico [+],
externalivr [+],
execution [+],
exec [+],
enterprise application [+],
effective [+],
ecommerce [+],
dustin evans [+],
directory permission [+],
development [+],
ddb [+],
daisy web [+],
corruption [+],
control panel [+],
computing platform [+],
command execution [+],
code [+],
cms [+],
client [+],
cktricky [+],
cisco vpn [+],
censura [+],
buffer overflow vulnerability [+],
bticino [+],
brute force [+],
brad woodberg [+],
bluetooth [+],
banana [+],
audio [+],
asterisk [+],
artur janc [+],
arduino [+],
application firewall [+],
application crash [+],
application authors [+],
apple itunes [+],
android [+],
access sql [+],
access control [+],
server [+],
mod [+],
apache http server [+],
vulnerability [+],
websphere application server [+],
websphere [+],
jboss [+],
ibm websphere application server [+],
ibm [+],
buffer overflow [+],
security advisory [+],
rdf files [+],
linux [+],
mobile application [+],
mobile [+],
cross site scripting [+],
com [+],
application platform [+],
application manager [+],
zikula,
ziepod,
zdi,
xul,
xslt transformation,
xml soap,
xml document,
x. making,
x freetype,
workaround,
wordpress,
windows security,
windows computers,
window message,
window handle,
win32,
wesley miaw,
websphere application,
webraider,
webos,
webkit,
web page versions,
web hacking,
web hackers,
web developer community,
web application development,
watobo,
waf,
vulnerable version,
vulnerability assessment,
vtable,
vorbis,
volksbank,
visual formatting model,
video web,
video application,
vicnum,
variable flow,
utm,
usn,
usernames and passwords,
use,
usa,
uninitialized pointer,
uninitialized data,
unexpected manner,
ubuntu,
txt,
tvshowchat,
tree,
transformation,
touch,
tor,
tool,
tonematrix,
tomcat,
text element,
testing,
test tool,
test,
tero rontti,
tembria,
technique,
tcp port,
target server,
system languages,
synthesizer,
svg documents,
svg document,
sun microsystems,
sun directory,
stopping,
stefano zanero,
static files,
static detection,
static analysis,
static,
ssldiagnos,
ssl ciphers,
ssl,
spamtitan,
sophos,
software toolkit,
software apple,
soap request,
siebel ebusiness,
siebel,
shoestring budget,
shema,
shawn emery,
shape data,
shah tags,
settings,
session management,
session initiation protocol,
session,
service,
server authentication,
server administration,
security web,
security warnings,
security suites,
security skills,
security scanner,
security audits,
security auditors,
security 2002,
security 2001,
secure desktop,
scripting,
sap web application server,
sap netweaver,
sap,
sample,
safer use,
ryan jones thomas mackenzie,
ryan c. barnett,
rv10,
root privileges,
root document,
richard silverman,
resistive touch screen,
repetitive elements,
renegotiation,
remote,
regular expression library,
referenced data,
reference,
record,
read,
rauli,
python programming language,
python,
pua,
protocols,
proprietary patent,
privacy event,
printing methods,
presentation,
powerpoint user,
potential security vulnerability,
position error,
portable,
pointer,
png image format,
plugin archive,
plugin,
platespin,
plaintext passwords,
phone,
penetration test,
payloads,
payload,
paul stone,
patrick thomas tags,
patrick thomas,
password storage,
party applications,
party application,
parent container,
paper,
panoramic images,
pango,
pam,
page,
packet,
owasp,
ostrom,
org uk,
order of magnitude,
oracle siebel,
oracle java application,
oracle application server,
operands,
open source tools,
onion router,
older versions,
ogg,
office art,
office,
occurrences,
number of bytes,
null pointer,
novell zenworks,
novel strategy,
nortel,
node,
network sockets,
netsaro,
net,
navigator plugins,
nathan hamiel,
name,
mozilla,
movie file,
mobile apps,
mimetype,
mike,
microsoft visio,
microsoft office user,
microsoft office powerpoint,
microsoft office 2007,
michael sutton,
michael shema,
messenger server,
memory leak,
media application,
media,
mdvsa,
matrix structure,
math libraries,
massive proliferation,
marc schoenefeld,
mapping tool,
manual web,
manipulations,
manager interface,
manager application,
malware,
malicious website,
magnitude improvements,
logic error,
logic,
linux windows,
lilith,
library security,
library,
lib,
layout operations,
layer,
ladd harris,
laboratory environment,
kevin spett,
kerberos 5,
jsp application,
john viega,
jeremiah grossman,
jboss application server,
javaserver pages technologies,
javascript content,
java event,
java decompilation,
java application server,
jason ostrom,
jarlsberg,
jane,
jailbreak,
ipod,
invalid pointer,
intrusion detection,
intrusion,
internet explorer user,
internet explorer 8,
internet explorer,
international components,
intermediate files,
interception,
interactive sitemap,
intelligence initiative,
instances,
input vectors,
input validation vulnerabilities,
input validation,
input,
information disclosure vulnerability,
incident,
imperva,
icu,
ibm websphere,
ibm filenet,
horde,
hash algorithm,
hari kari,
hacking,
hack in the box,
h 264,
gunter ollmann,
gui objects,
gss api,
groundspeed,
grossman,
gregory fleischer,
greg hoglund,
gray scale image,
graph component,
golismero,
gnutls,
gnu tar,
glibc,
generic mechanism,
game authors,
freetype library,
freebsd security,
free reference,
framework version,
framework level,
framework,
frame element,
format,
forensic web,
force,
font names,
font metrics,
font engine,
font data,
floating point numbers,
fleischer,
flash application,
fingerprinting,
finger printing,
finger,
files names,
filenet,
file,
fifth beta,
fault injection,
fault,
exploits,
expat,
excel user,
evidence,
event,
evasion,
error,
engine,
endpoint security,
endler,
email attachment,
element,
ebusiness application,
e commerce software,
dubai,
drew miller,
dom tree,
dom,
document type definitions,
document object model,
document,
dirbuster,
digital,
detection,
destination buffer,
desktop web,
desktop application,
desktop,
denial of service,
demonstration page,
defense tactics,
decompilation,
ddosim,
david litchfield,
david endler,
david coffey,
david byrne rohini sulatycki,
darknet,
dan kaminsky,
cyclomatic complexity,
cyberoam,
custom compression,
cross application,
core,
control,
container,
contacts,
concept application,
compromise,
compression algorithm,
compound document,
component security,
component manager,
component application,
component,
coldfusion application server,
coldfusion,
codelab,
clickone,
clickonce,
clickjacking,
classmates,
classification,
cisco security advisory,
cisco security,
cisco secure,
cisco appliance,
ciphers,
cid,
chuck willis rohyt,
chris wysopal,
chris eng,
chris clark townsend,
child elements,
cheesy web,
checksum field,
cdda,
cat,
camera application,
camera,
c standard library,
c application,
bugtraq,
buffer overflows,
buffer,
brute,
browser extensions,
browser,
brandon creighton,
boston,
bodgeit,
blindelephant,
black hat,
bit,
billy hoffman,
bill pennington jeremiah grossman,
bill pennington dennis groves,
bill pennington,
beta,
belani,
backdoors,
backdoor,
babylon,
automatically,
automatic decompression,
automated,
authorization mechanism,
authentication,
audit tool,
audit framework,
audio web,
attacking,
attackers,
attacker,
attack tools,
attack,
assorted files,
asp jsp,
asp,
asia,
art,
arjun,
arian evans,
arachni,
application versions,
application version,
application variables,
application testing,
application root,
application programming interfaces,
application program interface,
application profiling,
application logic,
application layer,
application framework,
application execution,
application engine,
application directory,
application development platform,
application control,
application compatibility,
application binaries,
apple webkit,
apple safari,
apple iphone,
apple adds,
apache tomcat,
apache myfaces,
annoying limitations,
andrs pablo riancho,
advanced audio coding,
advance notification,
advance,
adobe acrobat reader,
adobe,
administration interface,
admin panel,
activex plugin,
acrobat reader user,
ace application,
ace,
academic proof,
abu dhabi,
Tools,
Software,
Release,
ExploitsVulnerabilities,
Countermeasures
-
-
16:00
»
SecuriTeam
The Vulnerability Laboratory Research Team discovered multiple cross site vulnerabilities in the iAuto Mobile APP for Android, iOS & Blackberry.
-
16:00
»
SecuriTeam
The Vulnerability Laboratory Research Team discovered multiple Vulnerabilities in Manage Engines Application Manager v10 b10500.
-
-
7:44
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-201 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a PAPX FKP sections. When parsing a PAPX FKP section, the application will store a calculation. However, when repairing a damaged document, the application will explicitly trust this calculation in a loop that is used to index into an array of objects. This will allow for an out-of-bounds access of an object which can lead to code execution under the context of the application.
-
7:44
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-201 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a PAPX FKP sections. When parsing a PAPX FKP section, the application will store a calculation. However, when repairing a damaged document, the application will explicitly trust this calculation in a loop that is used to index into an array of objects. This will allow for an out-of-bounds access of an object which can lead to code execution under the context of the application.
-
7:44
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-201 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a PAPX FKP sections. When parsing a PAPX FKP section, the application will store a calculation. However, when repairing a damaged document, the application will explicitly trust this calculation in a loop that is used to index into an array of objects. This will allow for an out-of-bounds access of an object which can lead to code execution under the context of the application.
-
7:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.
-
7:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.
-
7:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-195 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application.
-
-
16:00
»
SecuriTeam
NVIDIA Install Application is prone to a buffer-overflow vulnerability because it fails to properly bound check user-supplied input.
-
-
21:36
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1594-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:36
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1594-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:36
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1594-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:36
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1591-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:36
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1591-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:36
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1591-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:34
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1590-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.
-
21:34
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1590-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.
-
21:34
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1590-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code.
-
21:34
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1592-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:34
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1592-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
21:34
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1592-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.
-
-
3:55
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - OSClass 3.0.2 CSRF/FPD Vulnerabilities
-
-
3:22
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - MyBB ChangUonDyu Extra File Chatbox Persistent XSS Vulnerability
-
3:17
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - vBulletin 5 Multiple FPDs vulnerabilities
-
-
14:06
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Havalite v1.1.7 Mutiple Vulnerabilities
-
14:05
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Cisco DPC2420 Multiples Vulnerabilities
-
5:09
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Jahia 5.x CSRF Exploit
-
-
16:00
»
SecuriTeam
WebSphere Application Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
-
-
16:00
»
SecuriTeam
IBM WebSphere Application Server is prone to a security-bypass vulnerability.
-
-
18:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-176 - A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
18:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-176 - A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
18:00
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-176 - A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
19:11
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1512-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
-
19:11
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1512-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
-
19:11
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1512-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
-
-
16:00
»
SecuriTeam
IBM WebSphere Application Server is prone to a remote privilege-escalation vulnerability.
-
-
14:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-187 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a particular array contained within a Real Media file and then uses the data. When allocating and reading frame size information, the application will fail to check the bounds of how this array is used. The application will use results in this array as an allocation for the size of a buffer. When initializing this new buffer, the application can then write outside it's bounds which will lead to code execution under the context of the application.
-
14:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-187 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a particular array contained within a Real Media file and then uses the data. When allocating and reading frame size information, the application will fail to check the bounds of how this array is used. The application will use results in this array as an allocation for the size of a buffer. When initializing this new buffer, the application can then write outside it's bounds which will lead to code execution under the context of the application.
-
14:00
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-187 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a particular array contained within a Real Media file and then uses the data. When allocating and reading frame size information, the application will fail to check the bounds of how this array is used. The application will use results in this array as an allocation for the size of a buffer. When initializing this new buffer, the application can then write outside it's bounds which will lead to code execution under the context of the application.
-
-
15:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1416-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
-
15:04
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1416-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
-
15:04
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1416-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
-
15:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1418-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
-
15:04
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1418-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
-
15:04
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1418-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
-
-
17:00
»
SecuriTeam
JBoss Enterprise Application Platform is prone to a security vulnerability because it sets insecure directory permission
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Joomla Component com_commedia SQL Injection Exploit
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Joomla Component com_tag SQL Injection Exploit
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Legrand-003598 / Bticino-F454 Credential Disclosure
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - ManageEngine Support Center Plus
-
11:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
-
11:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - ManageEngine Support Center Plus
-
-
17:00
»
SecuriTeam
This allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
-
-
7:43
»
Carnal0wnage
In this series, I would like to demonstrate some of the basics of building a Ruby on Rails application and how MVC (Model-View-Controller) works. We will discuss some of the security pitfalls as well. Firstly, we need to make sure the tech is understood.
That being said, in this first part of the series, let's discuss some general Ruby "stuff" that makes life a little bit easier when dealing with day to day Ruby tasks.
RVM, RVM Gemsets, and an RVM resource file.
On the surface, Ruby Version Manager (RVM) allows you to host multiple versions of Ruby on your system and easily switch between them. If you go a little deeper, you'll see that RVM also provides the ability to host multiple "Gemsets"
within each version of Ruby. This means you can create a Gemset per application and never worry about conflicting dependency versions.
One last thing to mention, you can do all of this seamlessly leveraging an .rvmrc file. When you change into the application's folder that holds an .rvmrc file, you will automatically switch Ruby versions and gemset based off the values specified in the rvm resource file (.rvmrc).
Firstly, lets choose our Ruby version as well as the name of our Gemset. I'm going to choose Ruby Enterprise Edition (already installed via $ rvm install ree) and name my Gemset after the application, "attackresearch". Shown later.

Now let's install Rails and it's required gems

Let's create the Rails application!

Now let's get the Gemfile and .rvmrc in order. I'm going to add the 'twitter-bootstrap-rails' gem and then perform a "bundle install". Whenever a change is made to your Gems, run 'bundle install' again to update the Gemfile.lock file.
The reason for twitter bootstrap will become clear later in these tutorials. Essentially, it allows us to easily create the visual aspects of the application.


Now for the .rvmrc file

Just to test that the .rvmrc file works, let's leave the directory then navigate back into it. Lastly, perform a 'gem list' to ensure our gems are available.

Now let's start it up!


Okay, that's enough for now. More to come in the next post :-)
~cktricky
-
-
8:00
»
Hack a Day
With hundreds of Arduino shields available for any imaginable application, it’s a shame they can’t be used with the Raspberry Pi. Breaking out the Raspi GPIO pins to Arduino-compatible headers would allow makers and tinkerers to reuse their shields with a far more capable computing platform. The folks over at Cooking Hacks realized a Raspi to Arduino shield [...]
-
-
15:05
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
15:05
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
15:05
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-157 - A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in an application linked against openjpeg would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[Web applications] - TP-LINK TD-W8151N Cross Site Request Forgery
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[Web applications] - Censura XSS/SQLi Vulnerabilities
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[Web applications] - Fantastico Multiple Vulnerabilities
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[Web applications] - Wordpress Plugin spider calendar Multiple Vulnerabilities
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[Web applications] - phptax 0.8
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - Joomla Component com_joomla_flash_uploader Remote File Upload
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - MaxForum 2.0.0 Local File Inclusion
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[web applications] - D-Link DSL-2730U CSRF / Update config
-
0:23
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1288-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
0:23
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1288-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
0:23
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1288-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
18:52
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1265-01 - libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
-
18:52
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1265-01 - libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
-
10:22
»
Packet Storm Security Recent Files
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
10:22
»
Packet Storm Security Tools
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
10:22
»
Packet Storm Security Misc. Files
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
-
13:45
»
SecDocs
Authors:
Steffen Meschkat Tags:
web application AJAX Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Isn't ironic that web applications are now as nice to use as GUI applications were before the web was invented? Well, almost as nice. We review state of the technologies that make this possible, and discuss the ramifications for the architecture of web applications. Only very recently has it been widely noticed that web client technology has matured to a point that supports applications whose visual and interaction qualities are comparable to graphical user interfaces (GUIs) as they were known before the web. Web applications can now offload a considerable part of the interaction and application logic to the client side, and thus reconcile the advantages in deployability, distributedness, and concurrency that the web provides with desirable properties of GUIs such as rich state, immediate feedback, and direct manipulation, which are sadly missing from pure HTML based web applications. The technologies that enable this architecture are JavaScript, asynchronously handled HTTP requests, and XML, which in this combination are nowadays referred to as AJAX, and of which, although probably most well known, XML is the least essential. Besides increasing the interactive quality, AJAX introduces a rather radical segregation of functionality and interaction into the architecture of web applications in that it requires a non trivial part of the application to be implemented in yet another programming language, JavaScript, and in that objects which are communicated between the parts of the application are marshalled through HTTP sessions. These requirements might seem to be burdensome at first but in fact they can considerably reduce the complexity into which purely server based web applications have evolved.
-
13:45
»
SecDocs
Authors:
Steffen Meschkat Tags:
web application AJAX Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Isn't ironic that web applications are now as nice to use as GUI applications were before the web was invented? Well, almost as nice. We review state of the technologies that make this possible, and discuss the ramifications for the architecture of web applications. Only very recently has it been widely noticed that web client technology has matured to a point that supports applications whose visual and interaction qualities are comparable to graphical user interfaces (GUIs) as they were known before the web. Web applications can now offload a considerable part of the interaction and application logic to the client side, and thus reconcile the advantages in deployability, distributedness, and concurrency that the web provides with desirable properties of GUIs such as rich state, immediate feedback, and direct manipulation, which are sadly missing from pure HTML based web applications. The technologies that enable this architecture are JavaScript, asynchronously handled HTTP requests, and XML, which in this combination are nowadays referred to as AJAX, and of which, although probably most well known, XML is the least essential. Besides increasing the interactive quality, AJAX introduces a rather radical segregation of functionality and interaction into the architecture of web applications in that it requires a non trivial part of the application to be implemented in yet another programming language, JavaScript, and in that objects which are communicated between the parts of the application are marshalled through HTTP sessions. These requirements might seem to be burdensome at first but in fact they can considerably reduce the complexity into which purely server based web applications have evolved.
-
13:45
»
SecDocs
Authors:
Steffen Meschkat Tags:
web application AJAX Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Isn't ironic that web applications are now as nice to use as GUI applications were before the web was invented? Well, almost as nice. We review state of the technologies that make this possible, and discuss the ramifications for the architecture of web applications. Only very recently has it been widely noticed that web client technology has matured to a point that supports applications whose visual and interaction qualities are comparable to graphical user interfaces (GUIs) as they were known before the web. Web applications can now offload a considerable part of the interaction and application logic to the client side, and thus reconcile the advantages in deployability, distributedness, and concurrency that the web provides with desirable properties of GUIs such as rich state, immediate feedback, and direct manipulation, which are sadly missing from pure HTML based web applications. The technologies that enable this architecture are JavaScript, asynchronously handled HTTP requests, and XML, which in this combination are nowadays referred to as AJAX, and of which, although probably most well known, XML is the least essential. Besides increasing the interactive quality, AJAX introduces a rather radical segregation of functionality and interaction into the architecture of web applications in that it requires a non trivial part of the application to be implemented in yet another programming language, JavaScript, and in that objects which are communicated between the parts of the application are marshalled through HTTP sessions. These requirements might seem to be burdensome at first but in fact they can considerably reduce the complexity into which purely server based web applications have evolved.
-
-
13:02
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1255-01 - The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
13:02
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1255-01 - The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
13:02
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1255-01 - The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
15:20
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
-
15:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
-
15:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
-
-
17:00
»
SecuriTeam
IBM WebSphere Application Server is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. .
-
-
18:05
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
18:05
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
18:05
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
18:05
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
-
17:00
»
SecuriTeam
JBoss Enterprise Application Platform is prone to a cross-site request-forgery vulnerability.
-
-
15:36
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.
-
15:36
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.
-
15:36
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.
-
-
18:39
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:39
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:39
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:38
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:38
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:38
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
17:00
»
SecuriTeam
IBM Web Application Firewall is prone to a security-bypass vulnerability.
-
-
17:56
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
-
17:56
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
-
17:56
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
-
-
21:45
»
SecDocs
Authors:
Jonathan Wilkins Tags:
Ruby on Rails Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: This talk will focus on the security of the Ruby on Rails Web Framework. Some dos and don’ts will be presented along with security Best Practices for common attacks like session fixation, XSS, SQL injection, and deployment weaknesses. Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker. This talk will cover most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration will be examined and best practices introduced.
-
-
21:56
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
21:56
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
21:56
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-104 - OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG , would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
-
18:26
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:26
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
18:26
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1068-01 - OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
21:44
»
SecDocs
Authors:
Nicolas Cannasse Tags:
web application Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: haXe is a programming language for developing both server AND client side of a website. haXe can do Javascript/AJAX, Database access and even Flash and video streaming. All with one single programming language. Nicolas will introduce the basic concepts of haXe, show how to use haXe to create the different parts of a website or application and how we can tie them together elegantly. He will also introduce some tools that have been developed in haXe, such as the haxeVideo streaming server, the hxASM library for doing Flash9 assembler, and some games. He will finally talk about the possible futures of web development and how haXe is related to them.
-
-
9:28
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
9:28
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
9:28
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
9:28
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1052-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
9:28
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1052-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
-
20:51
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.
-
20:51
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.
-
20:51
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.
-
-
16:45
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1043-01 - libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents. An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect.
-
16:45
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1043-01 - libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents. An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect.
-
16:45
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1043-01 - libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents. An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect.
-
-
7:26
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1009-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
7:26
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1009-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
7:19
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.
-
7:19
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.
-
7:19
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0880-04 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component.
-
-
19:57
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1012-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0036 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
19:57
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1012-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0036 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
19:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1012-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0036 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
19:57
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1011-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
19:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1011-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
19:55
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1010-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
19:55
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1010-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
19:55
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1010-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
-
-
15:55
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0730-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
15:55
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0729-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
-
15:20
»
Packet Storm Security Advisories
Apple Security Advisory 2012-06-11-1 - iTunes 10.6.3 is now available and addresses multiple issues. Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit.
-
15:20
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-06-11-1 - iTunes 10.6.3 is now available and addresses multiple issues. Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit.
-
15:20
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-06-11-1 - iTunes 10.6.3 is now available and addresses multiple issues. Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit.
-
-
17:45
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect's SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP packets. When processing a specific GIOP packet, the application will trust a size field in the packet. The application will use this size in a copy operation into a statically sized buffer which can cause a buffer overflow. This can lead to code execution under the context of the service.
-
17:45
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect's SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP packets. When processing a specific GIOP packet, the application will trust a size field in the packet. The application will use this size in a copy operation into a statically sized buffer which can cause a buffer overflow. This can lead to code execution under the context of the service.
-
17:45
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect's SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP packets. When processing a specific GIOP packet, the application will trust a size field in the packet. The application will use this size in a copy operation into a statically sized buffer which can cause a buffer overflow. This can lead to code execution under the context of the service.
-
16:40
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.
-
-
18:29
»
Packet Storm Security Recent Files
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.
-
18:29
»
Packet Storm Security Tools
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.
-
18:29
»
Packet Storm Security Misc. Files
Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.
-
-
11:01
»
Hack a Day
[Dustin Evans] wanted to used his original NES controllers to play emulated games. The problem is he didn’t want to alter the classic hardware. His solution was to use the connectors and enclosure from a dead NES to build a Bluetooth translator that works with any NES controller. Here he’s showing the gutted half of [...]
-
-
21:32
»
SecDocs
Authors:
Karsten Nohl Tags:
smart card Event:
Chaos Communication Camp 2011 Abstract: Smart cards chips – originally invented as a protection for cryptographic keys – are increasingly used to keep protocols secret. This talk challenges the chips' security measures to unlock the protocols for public analysis. Hardened security chips are protecting secret cryptographic keys throughout the virtual and physical worlds. These smart card chips are found in banking cards, authentication tokens, encryption appliances, and master key vaults. The protection capabilities of the chips is increasingly used to also keep secret application code running on the devices. For example, the protocols of modern EMV credit cards are not publicly known. Such obscurity is hindering analysis, hence letting logic and implementation flaws go unnoticed in widely deployed systems, including credit card systems. We demonstrate a method of extracting application code from smart cards with simple equipment to open the application code for further analysis.
-
21:32
»
SecDocs
Authors:
Karsten Nohl Tags:
smart card Event:
Chaos Communication Camp 2011 Abstract: Smart cards chips – originally invented as a protection for cryptographic keys – are increasingly used to keep protocols secret. This talk challenges the chips' security measures to unlock the protocols for public analysis. Hardened security chips are protecting secret cryptographic keys throughout the virtual and physical worlds. These smart card chips are found in banking cards, authentication tokens, encryption appliances, and master key vaults. The protection capabilities of the chips is increasingly used to also keep secret application code running on the devices. For example, the protocols of modern EMV credit cards are not publicly known. Such obscurity is hindering analysis, hence letting logic and implementation flaws go unnoticed in widely deployed systems, including credit card systems. We demonstrate a method of extracting application code from smart cards with simple equipment to open the application code for further analysis.
-
-
21:34
»
SecDocs
Authors:
Ilja van Sprundel Tags:
secure development iPhone Event:
Chaos Communication Camp 2011 Abstract: Over the last few years there has been a signifant amount of iPhone and iPad application development going on. Although based on Mac OSX, its development APIs are new and very specific to the iPhone and iPad. In this presentation, Ilja van Sprundel, Principal Security Consultant at IOActive, will discuss lessons learned from auditing iPhone and iPad applications over the last year. It will cover the use of specific APIs, why some of them aren't granular enough, and why they might expose way too much attack surface. The talk will cover ssl, xml, url handling, UIWebViews and more. Furthermore, it will also cover what apps are allowed to do when inside their sandbox once an application has been hacked.
-
-
14:54
»
Packet Storm Security Recent Files
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.
-
14:54
»
Packet Storm Security Tools
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.
-
14:54
»
Packet Storm Security Misc. Files
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.
-
-
14:57
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0670-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. When a set user ID application is executed, certain personality flags for controlling the application's behavior are cleared. It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file system capabilities.
-
14:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0670-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. When a set user ID application is executed, certain personality flags for controlling the application's behavior are cleared. It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file system capabilities.
-
-
18:06
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-063 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.
-
18:06
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-063 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.
-
18:06
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-063 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.
-
18:05
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-062 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
18:05
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-062 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
18:05
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-062 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
18:05
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-061 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
-
18:05
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-061 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
-
18:05
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-061 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
-
-
7:20
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0467-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font, Glyph Bitmap Distribution Format, Windows .fnt and .fon, and PostScript Type 1 fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
21:31
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.
-
21:31
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.
-
21:31
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.
-
-
19:10
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-052 - If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
19:10
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-052 - If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.
-
19:01
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-051 - A specially-crafted Ogg Vorbis media format file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
19:01
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-051 - A specially-crafted Ogg Vorbis media format file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
19:01
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-051 - A specially-crafted Ogg Vorbis media format file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.
-
-
20:17
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0410-01 - Raptor provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
-
20:17
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0410-01 - Raptor provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
-
-
13:19
»
SecDocs
Authors:
Artur Janc Tags:
web application XSS Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: XSS bugs are the most widely known and commonly occurring Web vulnerability, but their impact has often been limited to cookie theft and/or simple actions, such as setting malicious email filters, stealing some data, or self-propagation via an XSS worm. In this work, I discuss practical approaches for exploiting XSS and other client-side script injection attacks, and introduce novel techniques for maintaining and escalating access within the victim's browser. In particular, I introduce the concept of resident XSS where attacker-supplied code is running in the context of an affected user's main application window and describe its consequences. I also draw analogies between such persistent Web threats and the traditional rootkit model, including similarities in the areas of embedding malicious code, maintaining access, stealthy communication with a C&C server, and the difficulty of detecting and removing attacker-supplied code. Despite a few high profile cases of XSS worms, most XSS exploitation attempts have so far been limited to cookie-stealing and executing simple malicious actions. However, as a consequence of the same-origin policy and a combination of other browser mechanisms, a single XSS vulnerability can often lead to a long-term compromise all of a user's interactions with an affected webapp in the same browser profile, long after the original bug has been fixed. In particular, an attacker can maintain access across window/browser closures, survive cookie and cache deletions, and compromise other user accounts accessed from the same browser. Yet more troubling is the fact that Web application authors currently have no means to detect or mitigate such threats once an attack has taken place. In the talk I provide an overview of techniques to escalate an XSS into long-term account compromise, and explore the similarities between such persistent Web bugs and traditional rootkits. In particular, I: 1) Introduce the concept of resident XSS, where malicious JavaScript is executed in the context of the victim's main application window/tab. Contrary to the traditional methods of exploiting XSS via a hidden frame or malicious link which are opened in a separate, usually short-lived window, resident XSS gives an attacker full freedom to monitor and alter the user's interaction with the affected application. 2) Describe several techniques to convert various Web bugs into a resident XSS. Such techniques include backdooring client-side persistent storage mechanisms (WebSQL, localStorage, Flash LSOs), opening poisoned application windows with injected malicious scripts, exploiting persistent (self-)XSS and others. 3) Discuss the consequences of resident XSS, which usually allow the attacker to get permanent access to an affected user's account and/or obtain the user's application login credentials. On sensitive domains for which users have enabled access to additional browser or plugin features (geolocation, camera/microphone), it can enable persistent snooping on the exploited user. In a large number of cases it can also enable full compromise of the user's machine by exploiting the application-user trust relationship (e.g. by requiring the user to install attacker-supplied plugins to use the affected webapp, or by hijacking file download links within the vulnerable domain). 4) Analyze the techniques for maintaining access to a once-compromised origin. In addition to backdooring persistent storage APIs, this can be achieved by exploiting self-XSS bugs, spawning same-origin pop-unders with references to the original window, and hiding in frames created by advertising networks on popular websites. In most cases, a combination of those techniques suffices to bypass a variety of the most common "cleanup" actions taken by users, and allows an on-going compromise of the affected origin. 5) Present the difficulties faced by Web application authors when trying to clean up a compromised origin. Short of wiping/re-creating a browser profile, there are currently no fully reliable methods to restore a browser's state to a secure configuration once a malicious script has run in the context of an affected domain. I will present the above with concrete examples of vulnerable applications and a demo.
-
-
22:52
»
SecDocs
Authors:
Alexander Klink Julian Wälde Tags:
web application DoS Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk will show how a common flaw in the implementation of most of the popular web programming languages and platforms (including PHP, ASP.NET, Java, etc.) can be (ab)used to force web application servers to use 99% of CPU for several minutes to hours for a single HTTP request. This attack is mostly independent of the underlying web application and just relies on a common fact of how web application servers typically work.
-
22:52
»
SecDocs
Authors:
Alexander Klink Julian Wälde Tags:
web application DoS Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk will show how a common flaw in the implementation of most of the popular web programming languages and platforms (including PHP, ASP.NET, Java, etc.) can be (ab)used to force web application servers to use 99% of CPU for several minutes to hours for a single HTTP request. This attack is mostly independent of the underlying web application and just relies on a common fact of how web application servers typically work.
-
22:52
»
SecDocs
Authors:
Alexander Klink Julian Wälde Tags:
web application DoS Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk will show how a common flaw in the implementation of most of the popular web programming languages and platforms (including PHP, ASP.NET, Java, etc.) can be (ab)used to force web application servers to use 99% of CPU for several minutes to hours for a single HTTP request. This attack is mostly independent of the underlying web application and just relies on a common fact of how web application servers typically work.