Collaborate Disseminate
I recently submitted a bug bounty report concerning information disclosure on a platform (here referred to as "redacted"). The vulnerability allows an attacker to manipulate image source URLs to serve content from an attacker-con… Continue reading Exploiting <img src=URL> [closed]
Every month I’m reading about some zero-day vulnerability being exploited in Google Chrome. I’d like to roughly compare the situation with Firefox in some objective way. It’s ok if it does not fully capture everything (undisclosed vulnerab… Continue reading How can I get a count of high risk vulnerabilities of web browsers? [closed]
How do I find the right CPE for my vendor and product?
for example. I use org.hibernate » hibernate-core » 5.3.16.Final Maven dependency. However, when searching on NVD site(https://nvd.nist.gov/vuln/search) for hibernate-core or hibernate… Continue reading How to find the right CPE for your vendor and product [closed]
I am trying to understand how GitHub Advisory filters vulnerabilities, particularly in the context of Bootstrap 3.3.7. In the National Vulnerability Database (NVD), the following vulnerabilities are reported for Bootstrap 3.3.7:
CVE-2019-8… Continue reading How GitHub Advisory assigns vulnerabilities to same components coming from different package managers?
Is it possible to filter CVEs by affected platform/OS?
Some sources do provide this, like exploit-db, but the main vulnerability source NVD, National Vulnerability Database, doesn’t seem to have such category or filter for neither CVEs or … Continue reading Filter CVEs by affected OS
I’m looking at the NIST specification for CPE IDs version 2.3. The document is titled: Common Platform Enumeration: Naming Specification Version 2.3 NIST Interagency Report 7695 in case the link is broken at some point.
At page 18 (sectio… Continue reading CPE ID – Difference between the NIST specification and CPE ID [closed]
I had a request by some people in the Linux Users Group to show off metasploit. This is a product I’ve used, but I’m by no means an expert on.
Is there anything like an open source repository of images I can run in a virtual machine or the… Continue reading Where to get images with vulnerabilities to test penetration tooling? [closed]
I’ve been researching the main TLS 1.1 vulnerabilities, and from what I’ve seen, TLS 1.2 only improves the cryptographic hash functions, because TLS s 1.1 are broken.
If these hash functions are vulnerable, is there any way to break TLS 1…. Continue reading Are there any attacks against TLS 1.1 encryption?
Google Chrome uses CFG, ASLR, DEP, Remote PE blocking, Authenticode API, syscall-disabled, but malware like Emotet is still doing MITB web injects on the latest builds on Chrome(108.0.5359.95). Why isn’t Google fixing this?
Continue reading Why isn’t google patching methods used for MITB by malware like Emotet?
I have an assignment in which I have to implement OCSP and do a proof of concept of a vulnerability.
My idea was to implement OCSP without using a nonce (this is done) and then perform a replay attack. However I’m having trouble doing the … Continue reading Any vulnerability of OCSP for proof of concept