PT-2016-3680 · Openstack · Openstack Orchestration Api

Name of the Vulnerable Software and Affected Versions: OpenStack Orchestration API Heat versions prior to 2015.1.3 OpenStack Orchestration API Heat versions 5.0.x prior to 5.0.1 Description: The issue allows remote authenticated users to cause a denial of service memory consumption or determine t...

An IE browser vulnerability security testing and analysis-vulnerability warning-the black bar safety net

Today saw on the Internet A IE little vulnerability. Do the following simple analysis The use method is as follows Program code: img src="sysimage://C:\WINNT\Notepad.exe,7 7 7" onError="document. write’bFile Exists!& lt;/b’;" Just start very strange this sysimage://is a Protocol,so in IE into:...

Microsoft Internet Explorer sysimage: information leak

By using sysimage: URL it's possible to check local file existance...

msieLocalFile.txt

Microsoft Internet Explorer permits to examine the existence of local files Description: There is a security bug in Microsoft Internet Explorer, which allows to check up existence of local files in system directories Root C:/, WINDOWS, SYSTEM, SYSTEM32, DESKTOP, COMMAND, Internet Explorer...