xercesAmit.txt
Xerces-C++ versions below 2.6.0 allow an attacker to craft a malicious XML document using XML attributes in a way that inflicts a denial of service condition on the target machine.
View Articleiis5x60.txt
Microsoft IIS 5.x and 6.0 suffer from a denial of service vulnerability regarding the WebDAV XML parser. An attacker can craft a malicious WebDAV PROPFIND request, which uses XML attributes in a way...
View Article022805.txt
This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users....
View ArticleNTLMhttp.txt
Interesting write up regarding the faulty logic of using NTLM HTTP authentication and how it does not mix well with HTTP proxies.
View Articlehttpsplit.txt
This technical note describes a detection/prevention technique that works in many cases both with HTTP Response Splitting and with HTTP Request Smuggling.
View ArticlexmlhttpRequestpaper.txt
Whitepaper entitled "Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more."
View ArticlehttpResponseSmuggle.txt
Whitepaper entitled "HTTP Response Smuggling". It discusses evasion techniques to bypass anti-HTTP response splitting strategies.
View ArticleflashTheft.txt
By forging HTTP request headers with flash, virtual hosted systems can be susceptible to cookie theft using IE.
View ArticleHeaderFlash.txt
Formal write up discussing how arbitrary HTTP requests can be crafted using Flash 7/8 with Internet Explorer.
View Articlebind9forgery.txt
A new weakness has been discovered in the BIND 9 DNS server that allows for DNS forgery pharming.
View ArticleBIND 8 DNS Cache Poisoning Whitepaper
The paper shows that BIND 8 DNS queries are predictable, allowing for cache poisoning attacks.
View ArticleWindows DNS Cache Poisoning Whitepaper
The paper shows that Microsoft Windows DNS Server outgoing queries are predictable, allowing for cache poisoning attacks.
View ArticleOpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf
The paper describes a weakness in the pseudo random number generator (PRNG) in use by OpenBSD, Mac OS X, Mac OS X Server, Darwin, NetBSD, FreeBSD and DragonFlyBSD to produce random DNS transaction IDs...
View ArticlePowerDNS_recursor_DNS_Cache_Poisoning.pdf
PowerDNS Recursor versions 3.0 through 3.1.4 suffer form a DNS cache poisoning vulnerability.
View ArticleMicrosoft_Windows_resolver_DNS_cache_poisoning.pdf
This paper shows that Windows DNS stub resolver queries are predictable - i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described...
View Articlemsswi-blog.txt
It appears that Microsoft may have incorrectly stated a few things regarding MS08-020 on their blog and are reluctant to fix it.
View Articleaddress-spoof.txt
Address Bar Spoofing Attacks Against Microsoft Internet Explorer 6. Due to formatting issues when sent , additional notes regarding the attacks are appended.
View ArticleTemporary User Tracking
Whitepaper called Temporary user tracking in major browsers and Cross-domain information leakage and attacks.
View ArticleGoogle Chrome 3.0 Beta Math.random Vulnerability
The revised Google Chrome Math.random algorithm (included in version 3.0 of Google Chrome) is predictable. This paper describes how Google Chrome 3.0 Math.random's internal state can be reconstructed,...
View ArticleCross-Domain Information Leakage In Firefox
Firefox versions 3.6.4 through 3.6.8, 3.5.10 through 3.5.11 and 4.0 Beta1 suffer from a cross-domain information leakage vulnerability.
View ArticleCross-Domain Information Leakage / Temporary User Tracking In Safari
Apple Safari versions 4.02 through 4.05 and Windows versions 5.0 through 5.0.2 suffer from cross-domain information leakage and temporary user tracking vulnerabilities.
View ArticleMicrosoft IE9 Math.random Vulnerability
The IE9 (platform preview) Javascript Math.random implementation is vulnerable to seed reconstruction. The seed reveals the computer's boot time (and on Windows 7 - also CPU clock speed). These can be...
View ArticleVM Detection Via Browsers
In three browser families researched (Edge, Internet Explorer and Firefox - all on Windows 7 or above), it is possible to extract the frequency of the Windows performance counter, using standard HTML...
View ArticleNode.js HTTP Response Splitting
Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.
View Article
More Pages to Explore .....