Clik here to view.
algorithmic complexity attacks and libc qsort()
An algorithmic complexity attack is a denial of service attack that triggers worst case behaviour in code that is otherwise expected to perform well. The canonical example would be the widely published...
View ArticleClik here to view.
Core FTP LE 2.2 - Heap Overflow PoC
#-----------------------------------------------------------------------------## Exploit Title: Core FTP LE 2.2 - Heap Overflow PoC ## Date: Jun 11 2014...
View ArticleClik here to view.
The never ending Exploit Kit shift - Bleeding Life
Recently we've been able to observe several shifts in exploit kit techniques, so I thought it would be good to share the IOC information for the exploit kits so that administrators and network...
View ArticleClik here to view.
What's smb_login not telling you? - Part I
I have been putting off writing this post for months now. I originally gave a talk on the subject at a NoVA Hackers meeting back in February. So here is finally my attempt at putting it into a blog...
View ArticleClik here to view.
SHOUTcast DNAS 2.2.1 - Stored XSS
# Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history (other version may be also affected)# Date: 2014-06-11# Exploit Author: robercik101# Vendor Homepage:...
View ArticleClik here to view.
CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP...
I. ADVISORYCVE-2014-3427 CRLF Injection in Yealink VoIP PhonesCVE-2014-3428 XSS vulnerabilities in Yealink VoIP PhonesDate published: 06/12/2014Vendor Contacted: 05/08/2014II....
View ArticleClik here to view.
Xiaomi smartphones can steal bank card data via NFC
Chinese woman accidentally discovered that its Xiaomi smartphone has the capability to steal bank card data via near field communication.more...
View ArticleClik here to view.
Creating an Extensible Packet Manipulation System for an Online Game
Many reverse engineers get their first taste of reverse engineering by tinkering with video games. Games make fun targets because they have such a wide range of possible exploits and modification...
View ArticleClik here to view.
ZTE / TP-Link RomPager DoS
I think by now you know the security issues disclosed related to TP-Link routers. I’ve noticed that some ZTE and TP-Link routers have the same ADSL firmware which is “FwVer:3.11.2.175_TC3086...
View ArticleClik here to view.
Plesk 10.4.4 / 11.0.9 XXE Injection
<?php/*Plesk SSO XXE injection (Old bug) ExploitCoded by z00 (electrocode)Twitter: electrocodeNot: Tor kurulu deÄŸilse proxy kismini kaldirinBug founded...
View ArticleClik here to view.
Paper: Spoiled Onions: Exposing Malicious Tor Exit Relays
Abstract. Tor exit relays are operated by volunteers and together pushmore than 1 GiB/s of network traffic. By design, these volunteers are ableto inspect and modify the anonymized network traffic. In this...
View ArticleClik here to view.
Paper: Exploiting Delay Patterns for User IPs Identification in Cellular Networks
Abstract. A surprisingly high number of mobile carriers worldwide do not blockunsolicited traffic from reaching their mobile devices from the open Internet orfrom within the cellular network. This...
View ArticleClik here to view.
Paper: I Know Why You Went to the Clinic: Risks and Realization of HTTPS...
Revelations of large scale electronic surveillance and data mining by governments and corporations have fueled increased adoption of HTTPS. We present a traffic analysis attack against over 6000...
View ArticleClik here to view.
SSL Pulse: 49% Vulnerable to CVE-2014-0224, 14% Exploitable
Last week (on June 5th), OpenSSL published an advisory detailing a number of serious problems. The CVE-2014-0224 vulnerability will be the most problematic for most deployments because it can be...
View ArticleClik here to view.
AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework
Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework...
View ArticleClik here to view.
AST-2014-006: Asterisk Manager User Unauthorized Shell Access
Asterisk Project Security Advisory - AST-2014-006 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission...
View ArticleClik here to view.
AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
Asterisk Project Security Advisory - AST-2014-007 Product Asterisk Summary Exhaustion of Allowed Concurrent HTTP Connections Nature of Advisory Denial Of...
View ArticleClik here to view.
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
Asterisk Project Security Advisory - AST-2014-008 Product Asterisk Summary Denial of Service in PJSIP Channel Driver Subscriptions Nature of Advisory Denial of Service Susceptibility Remote...
View ArticleClik here to view.
It's Time For a Hard Bitcoin Fork
A Bitcoin mining pool, called GHash and operated by an anonymous entity called CEX.io, just reached 51% of total network mining power today. Bitcoin is no longer decentralized. GHash can control...
View ArticleClik here to view.
ngrok
ngrok is a reverse proxy that creates a secure tunnel between from a public endpoint to a locally running web service. ngrok captures and analyzes all traffic over the tunnel for later inspection and...
View Article