Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation

Google Chrome ( 5.0.375.127 and previous versions) suffers from HTTP Auth Dialog spoofing vulnerability due to possible realm manipulation in the HTTP header. This bug was actually patched. The issue mentioned in this bug was dialog spoofing due to long sub domain names. The patch worked only for that specific case which was outlined in […]

Continue Reading

Zero day exploit for Firefox 3.6

Russian security firm Intevydis has made a Windows exploit for a previously unknown security hole in Firefox 3.6 available to its customers. The exploit allows attackers to remotely gain control of a PC. Intevydis develops the commercial VulnDisco add-on for the also commercial Canvas exploit toolkit by vendor Immunity. On the Immunity forum, developer Evgeny […]

Continue Reading

Kaspersky 2010 Remote Memory Corruption / DoS PoC

Description: The vulnerability affects Kaspersky Internet Security 2010 9.0.0.459 antivirus and its brother, the Kaspersky Antivirus 2010 9.0.0.463 version. The exploit was discovered on August 18th 2009. The problem with these two antivirus versions appears when parsing a URL address. Using a lot of consecutive dots inside the address. Kaspersky’s native avp.exe process will soar […]

Continue Reading

Hacker pokes new hole in secure sockets layer

Website encryption has sustained another body blow, this time by an independent hacker who demonstrated a tool that can steal sensitive information by tricking users into believing they’re visiting protected sites when in fact they’re not. Unveiled Wednesday at the Black Hat security conference in Washington, SSLstrip works on public Wi-Fi networks, onion-routing systems, and […]

Continue Reading