Ultimi Articoli
- A Linksys video and an IGSuite exploit
- A Sneak Preview
- xine-lib NSF Demuxer Buffer Overflow Vulnerability
- Pligg 9.9.0 SQL Injection Vulnerability
- mplayer sdpplin_parse() Array Indexing Vulnerability
- Got sploit, lets patch! kthx.
- Primi problemi per Android
- Teewars remote heap overflow
- Vuln: Linux Kernel TTY Operations NULL Pointer Dere..
-
Linux Kernel TTY Operations NULL Pointer Dereference Den..
- Vuln: PADL 'nss_ldap' Race Condition Security Vulne..
-
PADL 'nss_ldap' Race Condition Security Vulnerability ..
- Vuln: MySQL MERGE Privilege Revoke Bypass Vulnerabi..
-
MySQL MERGE Privilege Revoke Bypass Vulnerability ..
Categories
Commenti
A Linksys video and an IGSuite exploit
Posted on 2008-06-23 00:01:56 in PornoSecurity
Well, i got bored. I notified Cisco PSIRT and Linksys security on 04/21, they confimed some of the vulnerabilities and asked for more details. I sent them a pretty dumb-proof report a couple of days after their email, now it's time to disclose! Here is a sexy video demonstrating the flaws, there's really no need for even a single line of code :)
I also posted to milw0rm a fully automated reverse shell exploit(currently waiting for it to be published) that take advantage of a blind SQL injection vulnerability in IGSuite <=3.2.4, enjoy.
A Sneak Preview
Posted on 2008-05-23 15:36:15 in PornoSecurity
Hi there, some time has passed since the last post on this weblog, I'm
now auditing a web application written by some italian guys and I am
focusing on the steps from an SQL Injection to a real command shell.
Too many times SQL Injection flaws are considered as a low/medium
threat due to the fact that they are often [ab]used to conduct low-impact
attacks(such as defacing).This has to change, SQL Injection flaws are a *really* dangerous threat. Here is a sneak preview regarding some of the (for now) 0-day flaws i discovered in this webapp.
I have also discovered some vulnerabilities in some Cisco/Linksys products, and I'm in contact with the Cisco Product Security Incident Response Team (PSIRT) and the Linksys security team to coordinate pubblic disclosure.
More news soon.
xine-lib NSF Demuxer Buffer Overflow Vulnerability
Posted on 2008-04-17 12:40:27 in PornoSecurity
I found a stack-based buffer overflow in the NES Sound Format demuxer(demux_nsf.c) of xine-lib <= 1.1.12.
The vulnerability is caused due to a boundary error within the "demux_nsf_send_chunk()" function in src/demuxers/demux_nsf.c and can be exploited to run arbitrary code while processing an NSF file with an overly large NSF title tag.



