Thursday , March 28 2024 9:09 PM
Home / Exploits / Web Application Exploits (page 2)

Web Application Exploits

Avast Antivirus: X.509 Error Rendering Command Execution

Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature. Unbelievably, this means CN="<h1>really?!?!?</h1>" actually works, and is pretty simple to convert into remote code execution. To verify this bug, I've attached a demo certificate for you. Please find attached …

Read More »

Photos in Wifi v1.0.1 iOS

Document Title: =============== Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1600 Release Date: ============= 2015-09-28 Vulnerability Laboratory ID (VL-ID): ==================================== 1600 Common Vulnerability Scoring System: ==================================== 8.6 Product & Service Introduction: =============================== Share the photos and videos of your iPhone/iPad in wifi. Upload photos …

Read More »

Bosch Security Systems – XML Injection

# Exploit Title: Bosch Security Systems – XML Injection – Dinion NBN-498 Web Interface # Date: 01/09/2015 # Exploit Author: neom22 # Vendor Homepage: http://us.boschsecurity.com # Data Sheet: http://resource.boschsecurity.us/documents/Data_sheet_enUS_9007201286798987.pdf # Version: Hardware Firmware 4.54.0026 – Web Interface version is unknown # Tested on: Windows 8.1 – Firefox 40.0.3 # CVE …

Read More »