RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Disclosures | ADVISORIES | July 1, 2012

Multiple Vulnerabilities in Fwknop

Fwknop stands for the “FireWall KNock OPerator” and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based on a default-drop packet filter and libpcap. A server might appear to have no open ports available, but it could still grant access to certain services if authorized fwknop packets are received. Companies commonly use this service on exposed systems and need to diminish the attack surface of this service. wknop contains several vulnerabilities. The most critical of these might allow remote, authenticated attackers to leverage flaws…

Launch PDF
Fernando Arnaboldi
Disclosures | ADVISORIES |

IBM Informix XML functions overflows

Informix is one of the world’s most widely used database servers, with users ranging from the world’s largest corporations to startups. Informix incorporates design concepts that are significantly different from traditional relational platforms. This results in extremely high levels of performance and availability, distinctive capabilities in data replication and scalability, and minimal administrative overhead. Informix contains two vulnerabilities affecting several versions. Attackers can exploit these vulnerabilities to execute arbitrary code or cause denial-of-service conditions.

Launch PDF
Ariel Sanchez
Disclosures | ADVISORIES |

Windows Kernel Library Filename Parsing Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Windows. User interaction is required to exploit this vulnerability in that the target must open or browse to a file or subfolder with a specially crafted name on a network SMB share, UNC share, or WebDAV web folder.

Launch PDF
Lucas Apa
Disclosures | ADVISORIES | May 4, 2010

Authentication Bypass In Tranax Remote Management Software

Reported: 04.05.10. The Tranax Remote Management Software (RMS) allows for the administration of common Automated Teller Machine (ATM) tasks from a remote location. To successfully authenticate to a remote ATM, both the serial number and the RMS password are required. An attacker can leverage an implementation flaw that occurs when verifying credentials to craft a request that bypasses all authentication measures. The attacker could then perform remote management tasks with invalid credentials. The RMS interface is enabled, by default, on a typical ATM installation.

Launch PDF
Barnaby Jack
Disclosures | ADVISORIES | March 18, 2010

SQL Injection and Cross-site Scripting at www.courts.wa.gov

Discovered: 03.18.10. Reported: 03.23.10. The formID parameter at http://www.courts.wa.gov/forms/ is vulnerable to SQL injection. The searchTerms parameter at http://www.courts.wa.gov/search/index.cfm is vulnerable to cross-site scripting attacks. Exploiting these vulnerabilities would likely expose sensitive data and may result in compromise of the affected systems.

Launch PDF
Mike Davis Rich Lundeen & Sean Malone
Disclosures | ADVISORIES | March 1, 2010

Multiple Vulnerabilities in Accoria Web Server

Discovered/Reported to Accoria: December 2008. Date Reported to US-Cert: March 1, 2010. The Accoria Web Server 1.4.7 for x86 Solaris exhibits multiple vulnerabilities, including cross-site scripting, directory traversal, and format string errors.

Launch PDF
Ilja van Sprundel
Disclosures | ADVISORIES | January 5, 2010

Mach Exception Handling Privilege Escalation

Discovered: 01.05.10. Mach exception handling suffers from a vulnerability that allows an attacker to gain access to the memory of a suid process (set user identifier). Due to a vulnerability that is similar to CVE-2006-4392 (found by Dino Dai Zovi of Matasano Security), it is possible for a suid process to inherit the Mach exception ports of the parent.

Launch PDF
Richard van Eeden
Disclosures | ADVISORIES | October 13, 2009

Microsoft Windows CryptoAPI X.509 Spoofing Vulnerability

Release Date: 10.13.09. VUPEN ID: VUPEN/ADV-2009-2891. CVE ID: CVE-2009-2510, CVE-2009-2511. Researchers identified two vulnerabilities in Microsoft Windows relating to the use of X.509 certificates. Attackers could exploit these to bypass security restrictions.

Launch PDF
Dan Kaminsky Ian Wright & Jean-Luc Giraud
Disclosures | ADVISORIES | July 19, 2009

doc.export* Methods Allow Arbitrary File Creation

Discovered: 07.13.09. Several JavaScript methods of the Document Object do not honor the Privileged Context and Safe Path settings. IOActive was able to execute certain privileged JavaScript methods that can be used to create arbitrary files and folders on a targeted file system.

Launch PDF
IOActive
Disclosures | ADVISORIES | June 9, 2009

Recursive Stack Overflow in ClamAV

Reported: 10.30.08. Patched: 12.01.08. Disclosed: 06.09.0. ClamAV’s JPEG parser contains code that recursively checks thumbnails, if they are included. Since the thumbnails can be JPEGs, there is no limit to the amount of recursions that can occur. This can lead to stack overflows.

Launch PDF
Ilja van Sprundel

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)IOACTIVE SERVICES OVERVIEW (PDF)


IOACTIVE ARCHIVED WEBINARS