Next Page >>
web browser
1. XSS 1
A HTTP GET request against the following URL will, on a web browser
with Javascript support, cause a dialog box saying '1' to be displayed:
http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
This vulnerability is only exploitable if the victim is allowed to view
From your paper:
>>It is noteworthy that it has taken 19 months since the initial general
availability of IE7 (public release October 2006) to reach 52.5%
proliferation amongst users that navigate the Internet with Microsoft's
Web browser. Meanwhile, 92.2% of Firefox users have migrated to FF2.
Could this be due to the fact that Mozilla stops supporting, and issuing
updates for old versions just a few months after the release of a new
one?
- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website
- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser
- Redirect the victim to a malicious third-party website which would
perform a phishing attack to steal the user credentials or exploit a
vulnerability (i.e.: buffer overflow) on the
> From your paper:
>
>>>It is noteworthy that it has taken 19 months since the initial general
> availability of IE7 (public release October 2006) to reach 52.5%
> proliferation amongst users that navigate the Internet with Microsoft's
> Web browser. Meanwhile, 92.2% of Firefox users have migrated to FF2.
>
> Could this be due to the fact that Mozilla stops supporting, and issuing
> updates for old versions just a few months after the release of a new
> one?
Introduction:
=============
Is it too difficult to get your photos and videos in original quality from your iPhone or iPad? Simply access them
from any nearby computer or another iPhone/iPod/iPad using Web Browser without need to install any 3rd party transfer utilities.
* Access and download all your photos and videos instantly without iTunes syncing and without installing 3rd party transfer utilities
* Simply run WiFi Photo Access on your device and point Web Browser on your computer to displayed address
* One tap download for photos or videoclips (you can also choose to view in current window or view in new window) to another iPhone/iPad
or any Mac or PC computer
Hi List,
For the last 18 month we analyzed the daily USER-AGENT data collected by
Google's Web search and application servers around the world to study how users
patch and update their Web browsers.
We came out that approximately 637 million (or 45.2 percent) users currently
surf the Web on a daily basis with an out-of-date browser – i.e. not running a
current, fully patched Web browser version.
A reply from Robert Hensing at Microsoft
(http://blogs.technet.com/robert_hensing/archive/2008/07/01/vulnerable-w
eb-browser-study-full-of-fail.aspx) says that your study did not include
minor version information for Internet Explorer, probably because such
information is not reported in the user-agent string. But fully-patched
copies of IE5 and IE6 are not insecure in the same way as an unsupported
version; Microsoft is still supporting them.
So is it true that your study calls anyone running IE7 secure, and
anyone running IE5 or IE6 insecure, regardless of their patch levels?
Java, such as to prevent silent exploits. The problem is
that "people don't understand those features yet" [1].
Starting from Java SE 7 Update 10 released in Oct 2012, a
user may control the level of security that will be used
when running unsigned Java apps in a web browser [2][3].
Apart from being able to completely disable Java content
in the browser, the following four security levels can be
used for the configuration of unsigned Java applications:
- Low
Most unsigned Java apps in the browser will run without
- Hijack user accounts by stealing the victim's cookies that are
assigned to the victim's browser by the vulnerable website
- Hijack user accounts by injecting a "fake" html form on the html
rendered by the victim's web browser
- Redirect the victim to a malicious third-party website which would
perform a phishing attack to steal the user credentials or exploit a
vulnerability (i.e.: buffer overflow) on the victim's web browser in
order to compromise the victim's workstation
Summary:
Multiple vulnerabilities in Firefox and Xulrunner
Software Description:
- firefox: safe and easy web browser from Mozilla
- xulrunner-1.9.2: XUL + XPCOM application runner
- firefox-3.5: safe and easy web browser from Mozilla
- firefox-3.0: safe and easy web browser from Mozilla
Details:
The WebKit application framework is included to facilitate development
of web client application functionality. The framework in turn uses
different third-party open source libraries to implement processing of
several image formats.
Android includes a web browser based on the Webkit framework that
contains multiple binary vulnerabilities when processing .GIF, .PNG and
.BMP image files, allowing malicious client-side attacks on the web
browser. A client-side attack could be launched from a malicious web
site, hosting specially crafted content, with the possibility of
executing arbitrary code on the victim's Android system.
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 12, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, visit following URL.
http://www.microsoft.com/ie/
III. ANALYSIS
Successful exploitation allows an attacker to execute arbitrary code in
the context of the current user. Social engineering is required, as an
attacker must trick a user into viewing an image in the Web Browser,
viewing an e-mail with embedded image, opening an office file with
embbeded image, or downloading an image file and opening it within a
graphics rendering program.
IV. DETECTION
Trustwave's SpiderLabs Security Advisory TWSL2011-014:
Vulnerability in Pantech Web Browser SSL Implementation
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-014.txt
Published: 2011-09-23
Version: 1.0
Vendor: Pantech (http://www.pantechusa.com)
Product: Link P7040P, others may be vulnerable
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 20, 2011
I. BACKGROUND
Safari is Apple's web browser, and is based on the open source WebKit
browser engine. MobileSafari is Safari for Apple's mobile devices
including the iPad and iPhone. For more information, see the vendor's
site found at the following link.
http://www.apple.com/safari/
Advisory URL: http://www.toucan-system.com/advisories/tssa-2011-02.txt
--[ Introduction:
Opera is a web browser having a market share of about 2,74%
following http://en.wikipedia.org/wiki/Usage_share_of_web_browsers .
Following the vendor, it runs on "Mac, PC and Linux computers, mobile
phones and PDAs, game consoles, and other devices like the
Nintendo Wii, DS, Sony Mylo, and more."
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 09, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website: http://www.microsoft.com/ie/
II. DESCRIPTION
- Gallery -- begins to scan all images in phone memory and card, and
crashes soon, obviously when it encounters nokiacrash.jpg. So, just
putting this file anywhere in the filesystem is Gallery DoS.
- Web Browser -- does nothing when typing file:///E:/nokiacrash.jpg, but
crashes upon <IMG SRC=nokiacrash.jpg> in HTML file (of course,
Settings->Page->Load Content have to be set to "Images" or "All",
otherwise IMG tags are skipped).
_________________________________________
The tested device has the following User-Agent:
Mozilla/5.0 (SymbianOS/9.2;U;Series60/3.1 NokiaE90-1/210.34.75
Profile/MIDP-2.0 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML)
Safari/413
Note: Although the Nokia Web Browser is built upon a port of the
open source WebKit used by Apple for its browser, the iPhone is not
affected (at least the iPhone firmware version 2.0.2(5C1))
====================================================
2) Severity
# W3C Amaya 10.1 Web Browser
#
# Amaya (id) Remote Stack Overflow Vulnerability
#
# Written and discovered by:
# r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
#
# Advisory: http://www.bmgsec.com.au/advisory/41/
# ------------------------------------------------------
#
# W3C Amaya 10.1 Web Browser
#
# Amaya (URL Bar) Remote Stack Overflow Vulnerability
#
# Written and discovered by:
# r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
#
# Advisory: http://www.bmgsec.com.au/advisory/40/
# ------------------------------------------------------
#
[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
Details
============
Product: Apple Safari Webbrowser
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.apple.com/safari/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010
another browser that supports Microsoft ActiveX technology may be
affected if the system has ever connected to a device that is running
the Cisco Clientless VPN solution. A remote, unauthenticated attacker
who could convince a user to connect to a malicious web page could
exploit this issue to execute arbitrary code on the affected machine
with the privileges of the web browser.
The affected ActiveX control is distributed to endpoint systems by
Cisco ASA. However, the impact of successful exploitation of this
vulnerability is to the endpoint system only and does not compromise
Cisco ASA devices.
CVE-2012-3887 - the vendor claims the use of encryption, but encryption is not used when sending private data
CVE-2012-3888 - an attacker can defeat a protection mechanism against multiple logins
Summary:
“AirDroid is a fast, free app that lets you wirelessly manage &
control your Android devices (phone & tablet) from a web browser.
It's designed with the vision to bridge the gap between your
Android device and web browser, on desktop computers or tablet devices,
on Windows or Mac. “ (http://airdroid.com/userguide.html)
“Application Security for AirDroid (..)
• LAN Connection (..)
I'll demonstrate how to get administrator rights even
if the victim has a protection against XSS (NoScript
Firefox plugin for example). First, the attacker will
fix the victim's session id by setting a cookie to
the victim. Then he'll also force the victim's web
browser to establish a connexion to a script that
will get the victim's IP. Take a look at this schema:
+----------------------------------------------------------+
| The attacker post a comment using the XSS vulnerability. |
| The code which will be executed on the client browser |
Method 1:
The updates are available for download using the following procedures:
1. Open a web browser and visit http://www.hp.com
2. In the Search field, type the applicable SoftPaq number from the list below. Start the search.
3. Select an item from the search results.
======================================================================
Flock web browser v2.5.6 (Remote Memory Corrupt) Crash Exploit
======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
Novell iManager is a Web-based administration console that provides
customized secure access to network administration utilities and
content from any location in the world. With iManager you can manage
Novell Open Enterprise Server, Novell Identity Manager, Novell
eDirectory and many other Novell and third-party services from a web
browser. Novell iManager is prone to a stack-based buffer overflow
vulnerability that can be exploited by authenticated users to execute
arbitrary code, and to an off-by-one error that can be abused by
remote, unauthenticated attackers to cause a Denial of Service to the
application.
QuickTime is prone to a heap overflow vulnerability when parsing
malformed Panorama Sample Atoms, which are used in QuickTime Virtual
Reality
Movies. This Vulnerability allows attackers to execute code on
vulnerable installations. Successful exploitation via Web Browser
requires that the
attacker should trick the user into visiting a specially crafted webpage.
Affected versions :
found, this file will be executed. Normally this will result in a
command shell. The path name can be set to anything that is supported by
Windows, including UNC names (i.e.
\\servername\sharename\executable.exe) but also URLs (i.e.
http://www.akitasecurity.nl/advisory/RunCalc.exe). For URLs, Outlook
will open the default web browser. For other types of URIs, the
registered protocol handler determines how the supplied URI is opened
and by which application.
------------------------------------------------------------------------
Attachment file names
Next Page>>
|
