Implant Teardown

Posted by Ian Beer, Project Zero In the earlier posts we examined how the attackers gained unsandboxed code execution as root on iPhones. At the end of each chain we saw the attackers calling posixspawn, passing the path to their implant binary which they dropped in /tmp. This starts the implant...

The IE 11 browser is the explosion of security vulnerabilities: remotely steal local PC file-bug warning-the black bar safety net

Recently security experts in the IE 11 browser on the found new vulnerabilities in the process. MHT saved page can allow a hacker to steal the PC on the file. More importantly. MHT file format the default processing application is the IE 11 browser, so even the Chrome as the default web browser o...

Airmail 3 Exploit Instantly Steals Info from Apple Users

Severe vulnerabilities in the Airmail 3 software – an alternative to Apple Mail for MacOS – would allow a remote attacker to steal a user’s past emails and file attachments, in many cases without requiring user interaction beyond simply opening a weaponized message, researchers said. Security...

Brave Software: Access to local file system using javascript

Hey, The browser can access the local files using iframes with a local html file. this is very normal and often used for local web development but javascript shouldn't be able to get the content of that iframe because this can be used to post the contents to the attackers server. something else I...

Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...

HP WebInspect 10.4 - XML External Entity Injection

HP WebInspect 10.4 - XML External Entity Injection Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits...

Internet Explorer 4.0/5.0 DHTML Edit ActiveX Control File Stealing and Cross Frame Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/116/info Vulnerabilities in an ActiveX control distributed with Internet Explorer 5 and available for Internet Explorer 4 allow malicous web sites to steal local files and to bypass cross-frame security rules. The DHTML...

Compaq Client Management Agents 3.70/4.0,Insight Management Agents 4.21 A/4.22 A/4.30 A,Intelligent Cluster Administrator 1.0,Management Agents for Workstations 4.20 A,Server Management Agents <= 4.23,Survey Utility 2.0 Web File Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/282/info A vulnerability in the Compaq Management Agents and the Compaq Survey Utility when running as an agent allows remote malicious users to steal local files. All Compaq Server and Client Management Agents version 4....

Mac OS X Trojan Goes Bitcoin Mining, Steals Files

A new Trojan targeting Mac OS X users is not only after data, but Bitcoins as well. The malware is being detected by Sophos as Miner-D, but is also known as DevilRobber. According to Sophos, the Trojan is hiding inside pirated versions of the Mac OS X image editing application GraphicConverter...

Using Blended Browser Threats involving Chrome to steal files on your computer

For complete post with images, please visit http://securethoughts.com/2009/11/using-blended-browser-threats-involving-ch rome-to-steal-files-on-your-computer/ SECURETHOUGHTS.COM ADVISORY ============================================= - CVE-ID : CVE-2009-XXXX Chrome Pending - Release Date : Novembe...

Immunity Canvas: SAFARI_FILE_STEALING2

Name| safarifilestealing2 ---|--- CVE| CVE-2009-1699 Exploit Pack| CANVAS Description| Safari 3.2 XSL File Stealing Notes| CVE Name: CVE-2009-1699 VENDOR: Apple Reference: http://scary.beasts.org/security/CESA-2009-006.html Arugments: After you have placed your single file in the correct...

Ubuntu: Security Advisory (USN-619-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Immunity Canvas: SAFARI_FILE_STEALING

Name| safarifilestealing ---|--- CVE| CVE-2008-4216 Exploit Pack| CANVAS Description| Safari 3.2 File Stealing Notes| A Warning: Due to the nature of this exploit, a file error.html will be left behind on the target system CVE Name: CVE-2008-4216 VENDOR: Apple NOTES: There are a lot of things...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5405)

Mozilla Firefox was updated to version 2.0.0.15, fixing various bugs including following security bugs : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory...

Firefox < 2.0.0.15 Multiple Vulnerabilities

The installed version of Firefox is affected by various security issues : - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption MFSA 2008-21. - A vulnerability involving violation of the same-origin policy could allow for cross-site scripting attacks...

openSUSE 10 Security Update : seamonkey (seamonkey-4596)

This update fixes several security issues in Mozilla SeaMonkey 1.0.9. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

openSUSE 10 Security Update : seamonkey (seamonkey-4594)

This update fixes several security issues in Mozilla SeaMonkey 1.1.5. Following security problems were fixed : - MFSA 2007-26 / CVE-2007-3844: Privilege escalation through chrome-loaded about:blank windows Mozilla researcher mozbugra4 reported that a flaw was introduced by the fix for MFSA 2007-2...

Mozilla Foundation Security Advisory 2007-34

Mozilla Foundation Security Advisory 2007-34 Title: Possible file stealing through sftp protocol Impact: Moderate Announced: October 18, 2007 Reporter: Georgi Guninski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.8 SeaMonkey 1.1.5 Description On Linux machines with gnome-vfs support the...

Possible file stealing through sftp protocol — Mozilla

On Linux machines with gnome-vfs support the smb: and sftp: URI schemes are available in Firefox. Georgi Guninski showed that if an attacker can store the attack page in a mutually accessible location on the target server /tmp perhaps and lure the victim into loading it, the attacker could...

File stealing by changing input type (variant) — Mozilla

Chuck McAuley provided Proof-of-Concept code that demonstrates that MFSA 2006-23 was not fixed for all cases. In Firefox 1.5.0.2 it is still possible to pre-fill a text input control with the path to a file at a known location and then change the type of the input control to a file upload control...