Showing 1 - 4 of 4

Files from Alexandre Herzog

Oracle JavaMail SMTP Header Injection: Posted May 20, 2014; Authored by Alexandre Herzog; JavaMail does not check if the email subject contains a Carriage Return (CR) or a Line Feed (LF) character on POST multipart requests. This issue allows the injection of arbitrary SMTP headers in the generated email. This flaw can be used for sending SPAM or other social engineering attacks (e.g. abusing a trusted server to send HTML emails with malicious content). Versions 1.4.5 and 1.5.1 were found vulnerable.; tags | exploit, arbitrary; SHA-256 | 405fd5ea751ac4705c07542a270ee08ffee8bea6e4c25464024c27431b045351; Download | Favorite | View

Leed Authentication Bypass, SQL Injection, CSRF: Posted Dec 21, 2013; Authored by Alexandre Herzog; Leed suffers from authentication bypass, cross site request forgery, and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection, csrf; advisories | CVE-2013-2627, CVE-2013-2628, CVE-2013-2629; SHA-256 | 5d7cef70be868bc4ba37188215a7df2faffb093a6b4998f815979327d8478874; Download | Favorite | View

USP Secure Entry Server URL Redirection: Posted Dec 21, 2013; Authored by Alexandre Herzog | Site csnc.ch; USP Secure Entry Server suffers from a URL redirection vulnerability.; tags | exploit; advisories | CVE-2013-2764; SHA-256 | 995509d4226fbde7623bf7db3c4f9482a0db97f34ae2b2c1d1ded1f9c49e979b; Download | Favorite | View

NevisProxy 3.10.2.0 Cross Site Scripting: Posted Jun 15, 2012; Authored by Alexandre Herzog | Site csnc.ch; NevisProxy versions 3.10.2.0 and below suffer from a cross site scripting vulnerability in 302 redirects.; tags | advisory, xss; SHA-256 | dae923dd2b60f5df5d2fa5557c848a9059c8eafb1786b0a7d5788e2666f9b0db; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days