what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Simon Zuckerbraun

Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption

Posted May 24, 2019

Authored by Simon Zuckerbraun

Microsoft Internet Explorer Windows 10 1809 17763.316 scripting engine memory corruption exploit.

tags | exploit

systems | windows

advisories | CVE-2019-0752

SHA-256 | 7d2015c3ac3c61fefec434f05b388f4ccd27c5327a0537ee0a13305ce2eda40c

Download | Favorite | View

Jetty 9.3.8 Path Sanitization

Posted May 30, 2016

Authored by Open Source CERT, Daniele Bianco, Simon Zuckerbraun

The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs. The path normalization logic implemented in the PathResource class and introduced in Jetty versions 9.3.x can be defeated by requesting malicious URLs containing specific escaped characters. Leveraging on this weakness, a malicious user can gain access to protected resources (e.g. WEB-INF and META-INF folders and their contents) and defeat application filters or other security constraints implemented in the servlet configuration. Versions 9.3.0 through 9.3.8 are affected.

tags | advisory, web

advisories | CVE-2016-4800

SHA-256 | 26929157b560ea70de00b08c35d3faa27d7dde2502ff66c5a5de0ac9128cc9bc

Download | Favorite | View