1. Reverse Engineering >
  2. Exploits >
  3. remarkable 1.6.2 on Node.js data URI cross site scripting


remarkable 1.6.2 on Node.js data URI cross site scripting

Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in remarkable 1.6.2 on Node.js (JavaScript Library). It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component data URI Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product....

Externe Webseite mit kompletten Inhalt öffnen


Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Diving Deep Into a Pwn2Own Winning WebKit Bug

    vom 409.93 Punkte ic_school_black_18dp
    Pwn2Own Tokyo just completed, and it got me thinking about a WebKit bug used by the team of Fluoroacetate (Amat Cama and Richard Zhu) at this year’s Pwn2Own in Vancouver. It was a part of the chain that earned them $55,000 and was a nifty piece of
  • Pwn2Own Returns to Vancouver for 2020

    vom 385.25 Punkte ic_school_black_18dp
    Jump to the contest rules As each new year starts, we at the Zero Day Initiative begin to think of spring and the Vancouver edition of the Pwn2Own contest. It was in Vancouver where the contest began back in 2007 and continues to be where we push the
  • Venom - A Multi-hop Proxy For Penetration Testers

    vom 370.26 Punkte ic_school_black_18dp
    Venom is a multi-hop proxy tool developed for penetration testers using Go. You can use venom to easily proxy network traffic to a multi-layer intranet, and easily manage intranet nodes.Features network topology multi-hop socks5 proxy multi-hop port forward port r
  • Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes

    vom 334.35 Punkte ic_school_black_18dp
    This is the second in our series of Top 5 interesting cases from 2019. Each of these bugs has some element that sets them apart from the more than 1,000 advisories released by the program this year. Today’s blog looks a local privilege escalation in t
  • MyEtherWallet: Local Storage Custom Node Credentials Leak

    vom 272.18 Punkte ic_school_black_18dp
    Summary Credentials for a custom node are stored in plain text inside Local Storage on the user's machine. If this node is configured in a certain way this could lead to the theft of any funds in accounts attached to this node, by a local attacker. A
  • How to Upgrade to TypeScript without anybody noticing, Part 2

    vom 232.14 Punkte ic_school_black_18dp
    This guide will show you how to fix Typescript compile errors in Javascript project that recently added Typescript support via a tsconfig.json. It assumes that the tsconfig.json is configured according to the description in part 1 of this post, and that you also installed types for some of your dependencies from the @types/* namespace. This guide
  • Deobfuscating/REversing Remcos - AutoIt, Shellcode, and RunPE

    vom 215.7 Punkte ic_school_black_18dp
    Remcos is a robust RAT actively being used in the wild. This multi-staged/evasive RAT provides powerful functionality to an attacker. Each stage is written in a different language: AutoIt -> Shellcode -> C++. I wanted to explore both the evasiven
  • ConstraintLayout 2.0.0 beta 2

    vom 213 Punkte ic_school_black_18dp
    We are happy to announce the release of ConstraintLayout 2.0 beta 2. It’s available from the google maven repository: dependencies {    implementation 'com.android.support.constraint:constraint-layout:2.0.0-beta2'} or if using the AndroidX packages: dependencies {    implementation 'androidx.con
  • MindShaRE: Hardware Reversing with the TP-Link TL-WR841N Router

    vom 201.93 Punkte ic_school_black_18dp
    In early 2019, we received a bug submission from a new researcher affecting the TP-Link TL-WR841N Router. While this vulnerability is still in disclosure phase, we would like to share lessons learned when we were vetting this submission. TL-WR841N
  • Using the Weblinks API to Reach JavaScript UAFs in Adobe Reader

    vom 189.16 Punkte ic_school_black_18dp
    JavaScript vulnerabilities in Adobe Acrobat/Reader are getting fewer and fewer. I credit this to the “boom” that happened back in 2015 and 2016. Back then, a lot of Adobe Acrobat research emerged ranging from JavaScript API bypasses to the classic me
  • HPR2900: Better Social Media 01 - Introduction

    vom 187.07 Punkte ic_school_black_18dp
    While many people like to use social media, platforms like Twitter and Facebook are very unsatisfying, not to mention inimical to your security and privacy. Fortunately there are alternatives we can try, and in this series I want to explore a few of
  • Windows 10 SDK Preview Build 18290 available now!

    vom 179.1 Punkte ic_school_black_18dp
    Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18290 or greater). The Preview SDK Build 18290 contains bug fixes and under development changes to the API surface area.

Team Security Diskussion über remarkable 1.6.2 on Node.js data URI cross site scripting