I found that the filtering of private IPv4 addresses in the DNS-over-HTTPS (DoH) implementation of Firefox could by bypassed. This is CVE-2020-26961 and Mozilla bug 1672528. It has been fixed in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5.
Read more…
This post gives simple explanations of how UPnP (Universal Plug-and-Play) works, especially with the goal of testing the security devices such as routers, smart TVs, etc.
Read more…
I found a DNS rebinding vulnerability as well as a Cross Site Request Forgery (CSRF) vulnerability on the DIAL (Discovery And Launch) implementation of the Samsung TV UE40F6320 (v1.0), from 2011. This can be used to open any installed application (eg. Netflix and Youtube) and force the vizualisation of a given video in the applications.
Read more…
I found a DNS rebinding vulnerability on the Universal Plug-and-Play (UPnP) interface of the Samsung TV UE40F6320 (v1.0), from 2011. This could be used, for example, to change the channel, to know which channel is currently used or open the builtin browser to any URI.
Read more…
Some notes about how to write a Frida script with the (somewhat classic) example of disabling certificate verification for TLS communications on Android applications.
Read more…
I found some DNS rebinding vulnerabilities in Freebox devices (CVE-2020-24374, CVE-2020-24375, CVE-2020-24376, CVE-2020-24377) as well as a Cross Site Request Forgery (CSRF) vulnerability (CVE-2020-24373). These vulnerabilities were fixed in 2020-08-05.
Read more…
How I found remote code execution vulnerabilities via Cross Site Request Forgery (CSRF) on the administration interfaces of InternetCube applications and of the YunoHost administration interface which could have been used to execute arbitrary code as root. These vulnerabilities were fixed in YunoHost 3.3, OpenVPN Client app 1.3.0. and YunoHost 3.4.
Read more…
In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the same time (not by me).
Read more…
I found an argument injection vulnerability related to the handling of the BROWSER
environment variable in sensible-browser
. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER
processing and browser invocation in general.
Read more…
There has been some articles lately about Intel Active Management Technology (AMT) and its impact on security, trust, privacy and free-software. AMT supposed to be widely deployed in newest Intel hardware. So I wanted to see if I could find some AMT devices in the wild.
Read more…
Page 3 of 3 | Previous page | Next page | JSON Feed | Atom Feed