[ad] There’s been a lot of highly technical and most theoretical attacks lately, academic season really is in full swing. This is a very neat attack which is being labeled somewhere between catastrophic and mildly annoying depending on who you ask. It effects most of the major Anti-virus vendors, it’s called an argument-switch attack and […]
Exploits/Vulnerabilities
Jarlsberg – Learn Web Application Exploits and Defenses
This codelab is built around Jarlsberg /yärlz’·bərg/, a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is […]
DAVTest – WebDAV Vulnerability Scanning (Scanner) Tool
When facing off against a WebDAV enabled server, there are two things to find out quickly: can you upload files, and if so, can you execute code? DAVTest attempts help answer those questions, as well as enable the pentester to quickly gain access to the host. DAVTest tries to upload test files of various extension […]
PayPal Patches Critical Security Vulnerabilities
[ad] PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is […]
Oracle Releases Emergency Patch for Java Vulnerability
[ad] After informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To […]