Multiple critical vulnerabilities in Maxthon and Avant browsers

2012-12-11 Thread Roberto Suggi Liverani
Twitter, at https://twitter.com/malerisch Roberto Suggi Liverani

Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

2010-10-21 Thread Roberto Suggi Liverani
are considered equivalent if both host names can be resolved into the same IP addresses This was a pretty horrible design, so it's good to see it gone, though. /mz -- Roberto Suggi Liverani Senior Security Consultant Mob. +64 21 928 780 www.security-assessment.com

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

2010-10-19 Thread Roberto Suggi Liverani
organisations across New Zealand, Australia, Asia Pacific, the United States and the United Kingdom. Roberto Suggi Liverani

Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox Exploiting Cross Context Scripting vulnerabilities in Firefox

2010-04-22 Thread Roberto Suggi Liverani
Context Scripting vulnerabilities in Firefox - Nick Freeman, Roberto Suggi Liverani Link: http://www.security-assessment.com/files/whitepapers/Exploiting_Cross_Context_Scripting_vulnerabilities_in_Firefox.pdf ++ |Abstract| ++ Cross Context Scripting (XCS) is a term coined

Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities

2010-02-23 Thread Roberto Suggi Liverani
+--+ |Credit| +--+ Discovered and advised to Adobe in November 2009 by Roberto Suggi Liverani of Security- Assessment.com. Personal Page: http://malerisch.net/ For full details regarding this vulnerability download the PDF from our website: http://www.security-assessment.com/files/advisories/2010-02

CoolPreviews - Firefox Extension - Chrome Privileged Code Injection

2009-08-24 Thread Roberto Suggi Liverani
2009 by Roberto Suggi Liverani of Security- Assessment.com. Personal Page: http://malerisch.net/ For full details regarding this vulnerability (including a detailed proof of concept exploit) download the PDF from our website: http://www.security-assessment.com/files/advisories

Update Scanner - Firefox Extension - Chrome Privileged Code Injection

2009-08-24 Thread Roberto Suggi Liverani
). +--+ |Credit| +--+ Discovered and advised to the Update Scanner developer June 2009 by Roberto Suggi Liverani of Security- Assessment.com. Personal Page: http://malerisch.net/ For full details regarding this vulnerability (including a detailed proof of concept exploit) download the PDF from our website

Opera Stored Cross Site Scripting Vulnerability

2008-10-22 Thread Roberto Suggi
fixed the issues above but the HTML encoding is still not consistent. == Credit == Discovered and advised to Opera October 2008 by Roberto Suggi Liverani of Security-Assessment.com Personal Page: http://malerisch.net == Greetings == To all my SA colleagues - you guys rock! ;-) == About Security

SugarCRM Community Edition Local File Disclosure Vulnerability

2008-04-29 Thread roberto . suggi
== Credit == Discovered and advised to SugarCRM April 2008 by Roberto Suggi Liverani Craig of Security-Assessment.com == Greetings == To all my SA colleagues and thanks to the great atmosphere in Hack in the Bush! It was inspirational... == About Security-Assessment.com