Cross-origin/same-site request forgery to RCE in chromedriver

computer security web vulnerability webdriver csrf

I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.

Read more…

DNS rebinding and CSRF vulnerabilites on Samsung TV DIAL implementation

computer security vulnerability dial dns-rebinding csrf advisory

I found a DNS rebinding vulnerability as well as a Cross Site Request Forgery (CSRF) vulnerability on the DIAL (Discovery And Launch) implementation of the Samsung TV UE40F6320 (v1.0), from 2011. This can be used to open any installed application (eg. Netflix and Youtube) and force the vizualisation of a given video in the applications.

Read more…

DNS rebinding vulnerability in Samsung SmartTV UPnP

computer security vulnerability dns-rebinding upnp advisory

I found a DNS rebinding vulnerability on the Universal Plug-and-Play (UPnP) interface of the Samsung TV UE40F6320 (v1.0), from 2011. This could be used, for example, to change the channel, to know which channel is currently used or open the builtin browser to any URI.

Read more…

Remote Code Execution via Cross Site Request Forgery in InternetCube and YunoHost

computer web security yunohost csrf vulnerability advisory

How I found remote code execution vulnerabilities via Cross Site Request Forgery (CSRF) on the administration interfaces of InternetCube applications and of the YunoHost administration interface which could have been used to execute arbitrary code as root. These vulnerabilities were fixed in YunoHost 3.3, OpenVPN Client app 1.3.0. and YunoHost 3.4.

Read more…

More example of argument and shell command injections in browser invocation

computer unix debian security shell vulnerability

In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the same time (not by me).

Read more…

Page 1 of 2 | | Next page | JSON Feed | Atom Feed