over
Twitter, at https://twitter.com/malerisch
Roberto Suggi Liverani
ly
> well-documented functionality of Java pretty much ever since:
>
> http://download.oracle.com/javase/6/docs/api/java/net/URL.html
>
> "Two hosts are considered equivalent if both host names can be
> resolved into the same IP addresses"
>
> This was a pre
|
+--+
Discovered and advised to Oracle
August 2010 by Roberto Suggi Liverani of
Security-Assessment.com.
Personal site: http://malerisch.net
+-+
|Extra|
+-+
Another interesting attack was discovered as part
of the research on this vulnerability.
This attack is another example of lever
ion code and exploit.
Cross Context Scripting with Firefox - Roberto Suggi Liverani
Link:
http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf
The addendum "Exploiting Cross Context
Scripting vulnerabilities in Firefox"
includes a number of exploi
11th February 2010.
The security patches can be downloaded at the
following website:
http://www.adobe.com/support/security/bulletins/apsb10-05.html
+--+
|Credit|
+--+
Discovered and advised to Adobe in
November 2009 by Roberto Suggi Liverani of Security-
Assessment.com. Perso
(, ) (,
. `.' ) ('.',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _/ / _ \ _
\ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ |\\ \__( <_> ) Y Y \
/__ /\___|__ / \___ >/|__|_| /
\/ \/.-.\/ \/:wq
Discovered and advised to the CoolPreviews vendor
March 2009 by Roberto Suggi Liverani of Security-
Assessment.com. Personal Page: http://malerisch.net/
For full details regarding this vulnerability
(including a detailed proof of concept exploit)
download the PDF from our website:
ht
tion:
http://xxx/2.html?a=http://xxx/a.js</a>>">(null)
This is a proof of concept.
10/9/2008 12:39:16 AM -
http://xxx/2.html?a=http://xxx/a.js</a>>
Opera 9.60 has partially fixed the issues above but
the HTML encoding is still not consistent.
== Credit ==
Discovered and
p?t=32252
== Credit ==
Discovered and advised to SugarCRM
April 2008 by Roberto Suggi Liverani Craig of Security-Assessment.com
== Greetings ==
To all my SA colleagues and thanks to the great atmosphere in
Hack in the Bush!
It was inspirational...
== About Security-Assessment.