MIME-type spoofing in Firefox/Thunderbird and file managers
Published:
An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.
Code execution through MIME-type association of Mono interpreter
Published:
A dangerous file type association in Debian which could be used to trigger arbitrary code execution.
OAuth 2.x and OpenID Connect sequence diagrams
Published:
Some sequence diagrams about OAuth 2.x and OpenID Connect.
Entering in Podman containers
Published:
Some commands for interacting with the namespaces of Podman containers.
Impact of the different Wifi security modes
Published:
Comparing the different Wifi/WPA authentication and key distribution methods (PSK, EAP, SEA).
Browser-based attacks on WebDriver implementations
Published:
Some context and analysis about attacks on in WebDriver implementations.
Lack of X.509 TLS certificate validation in OWASP ZAP
Published:
Lack of X.509 TLS certificate validation in OWASP ZAP (Zed Attack Proxy) could be used for man-in-the-middle attacks.
DNS rebinding on ReadyMedia/minidlna v1.3.0 and below
Published:
A DNS rebinding vulnerability I found in ReadyMedia (formerly MiniDLNA) v1.3.0 and below. This is CVE-2022-26505.
CSRF and DNS-rebinding to RCE in Selenium Server (Grid)
Published:
Vulnerabilities in found on the WebDriver endpoints of Selenium Server (Grid).
DNS rebinding vulnerability to RCE in GeckoDriver
Published:
A DNS rebinding vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. This is bug #1652612 and CVE-2021-4138.
Page 2 of 4 | Previous page | Next page | JSON Feed | Atom Feed