DNS rebinding vulnerability in GUPnP

Published: Jun 24 2021

GUPnP, a GNOME library for Universal Plug and Play (UPnP), was vulnerable to DNS rebinding attacks. This is CVE-2021-33516 and GUPnP issue #24. This was fixed in GUPnP 1.0.7 and GUPnP 1.2.5.

DNS rebinding vulnerability in pupnp and npupnp

Published: Jun 12 2021

I found that pupnp was vulnerable to DNS rebinding attacks. npupnp, a fork a pupnp, was impacted as well. This is demonstrated using Gerbera a UPnP MediaServer.

Firefox DoH DNS rebinding protection bypass using IPv4-mapped addresses

Published: Apr 5 2021

I found that the filtering of private IPv4 addresses in the DNS-over-HTTPS (DoH) implementation of Firefox could by bypassed. This is CVE-2020-26961 and Mozilla bug 1672528. It has been fixed in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5.

DNS rebinding and CSRF vulnerabilites on Samsung TV DIAL implementation

Published: Mar 22 2021

I found a DNS rebinding vulnerability as well as a Cross Site Request Forgery (CSRF) vulnerability on the DIAL (Discovery And Launch) implementation of the Samsung TV UE40F6320 (v1.0), from 2011. This can be used to open any installed application (eg. Netflix and Youtube) and force the vizualisation of a given video in the applications.

DNS rebinding vulnerability in Samsung SmartTV UPnP

Published: Mar 22 2021

I found a DNS rebinding vulnerability on the Universal Plug-and-Play (UPnP) interface of the Samsung TV UE40F6320 (v1.0), from 2011. This could be used, for example, to change the channel, to know which channel is currently used or open the builtin browser to any URI.

DNS rebinding vulnerabilities in Freebox

Published: Sep 23 2020

I found some DNS rebinding vulnerabilities in Freebox devices (CVE-2020-24374, CVE-2020-24375, CVE-2020-24376, CVE-2020-24377) as well as a Cross Site Request Forgery (CSRF) vulnerability (CVE-2020-24373). These vulnerabilities were fixed in 2020-08-05.

Remote code execution via cross site request forgery in InternetCube and YunoHost

Published: Feb 12 2019

How I found remote code execution vulnerabilities via Cross Site Request Forgery (CSRF) on the administration interfaces of InternetCube applications and of the YunoHost administration interface which could have been used to execute arbitrary code as root. These vulnerabilities were fixed in YunoHost 3.3, OpenVPN Client app 1.3.0. and YunoHost 3.4.

More example of argument and shell command injections in browser invocation

Published: May 30 2018

In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I am evaluating some other CVEs which were registered at the same time (not by me).

Argument and shell command injections in browser invocation

Published: May 28 2018

I found an argument injection vulnerability related to the handling of the BROWSER environment variable in sensible-browser. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER processing and browser invocation in general.

Page 2 of 2 | Previous page | Next page | JSON Feed | Atom Feed