blog.malerisch.net
malerisch.netA blog about security research, web application security, software bugs and exploits.
http://blog.malerisch.net/
A blog about security research, web application security, software bugs and exploits.
http://blog.malerisch.net/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Saturday
LOAD TIME
9.6 seconds
PAGES IN
THIS WEBSITE
15
SSL
EXTERNAL LINKS
23
SITE IP
172.217.6.83
LOAD TIME
9.562 sec
SCORE
6.2
malerisch.net | blog.malerisch.net Reviews
https://blog.malerisch.net
A blog about security research, web application security, software bugs and exploits.
blog.malerisch.net
malerisch.net: April 2012
http://blog.malerisch.net/2012_04_01_archive.html
Security research, divulgations and food for thought. Thursday, 19 April 2012. Oracle GlassFish Server - Multiple Cross Site Scripting Vulnerabilities. Following disclosure of Oracle bugs. Oracle (www.oracle.com). April, 19th 2012 – CVE 2012-0551. Oracle GlassFish Server 3.1.1 (build 12). Http:/ www.security-assessment.com/files/documents/advisory/Oracle GlassFish Server Multiple XSS.pdf. Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web. Stored Cros...
malerisch.net: Playing with Kemp Load Master
http://blog.malerisch.net/2015/04/playing-with-kemp-load-master.html
Security research, divulgations and food for thought. Wednesday, 1 April 2015. Playing with Kemp Load Master. Vote on Hacker News. Kemp virtual load master. By default, Kemp web administrative interface is protected by Basic authentication, so the vulnerabilities discussed in the post below can either be exploited attacking an authenticated user via CSRF or XSS based attacks. Change logs of the fixed issues can be found at the following page:. Http:/ x.x.x.x/progs/fwaccess/add/1 command. The web applicat...
malerisch.net: White Papers
http://blog.malerisch.net/p/white-papers.html
Security research, divulgations and food for thought. Vote on Hacker News. Leveraging XSRF with Apache "Compatibility with older browser" feature and Java Applet. Cross Context Scripting with Firefox. Exploiting Cross Context Scripting Vulnerabilities. Subscribe to: Posts (Atom). Public profile on LinkedIn. Brute force pin callmanager cisco phone. TrendMicro ScanMail for Microsoft Exchange (SMEX) . Old site - Last 5 Articles.
malerisch.net: Pwning a thin client in less than two minutes
http://blog.malerisch.net/2015/04/pwning-hp-thin-client.html
Security research, divulgations and food for thought. Monday, 27 April 2015. Pwning a thin client in less than two minutes. Vote on Hacker News. Have you ever encountered a zero client or a thin client? It looks something like this. If yes, keep reading below, if not, then if you encounter one, you know what you can do if you read below. These clients run a Linux-based HP ThinPro OS by default and I had a chance to play with image version T6X44017. The point of this blog post is to demonstrate that a mal...
malerisch.net: April 2015
http://blog.malerisch.net/2015_04_01_archive.html
Security research, divulgations and food for thought. Monday, 27 April 2015. Pwning a thin client in less than two minutes. Vote on Hacker News. Have you ever encountered a zero client or a thin client? It looks something like this. If yes, keep reading below, if not, then if you encounter one, you know what you can do if you read below. These clients run a Linux-based HP ThinPro OS by default and I had a chance to play with image version T6X44017. The point of this blog post is to demonstrate that a mal...
TOTAL PAGES IN THIS WEBSITE
15
browser-shredders.blogspot.com
Browser Shredders: June 2014
http://browser-shredders.blogspot.com/2014_06_01_archive.html
Saturday, June 21, 2014. Browser Shredders Challenge #1. For some time now I haven't succeeded in triggering password autofill in any iOS browser from a downloaded HTML file (which would allow another easy way to steal passwords). There are no Same Origin Policy constraints for local HTML files, so it seems easy to just open the target website and read the password, but there are some problems:. Password autofill does not work in cross-domain frames in iOS browsers based on UIWebView. 1 Load as plain text.
browser-shredders.blogspot.com
Browser Shredders: Exploring and Exploiting iOS Web Browsers - local HTML files
http://browser-shredders.blogspot.com/2014/06/exploring-and-exploiting-ios-web_21.html
Saturday, June 21, 2014. Exploring and Exploiting iOS Web Browsers - local HTML files. A quick summary of the possible methods for preventing UXSS when loading untrusted local HTML files into iOS UIWebView:. 1 Load as plain text. This would probably break the planned functionality of the application, but you can always decide to use loadData method with mimeType text/plain and forget about all the HTML problems. The only application implementing similar solution that I know of is currently Onion Browser.
browser-shredders.blogspot.com
Browser Shredders: iOS UIWebView baseURL
http://browser-shredders.blogspot.com/2014/02/ios-uiwebview-baseurl.html
Sunday, February 09, 2014. UIWebView is one of the most popular components in Cocoa Touch library. It can be used to easily embed web content into iOS applications and - of course - to equally easily introduce Cross-Site Scripting vulnerabilities. When loading content into webView on iOS, a programmer can choose one of three methods:. Did you notice baseURL in the first two? This inconspicuous parameter is quite important when dealing with XSS. Alternatively to loading untrusted local file with loadReque...
browser-shredders.blogspot.com
Browser Shredders: WebView security in iOS - presentation from OWASP Poland meeting
http://browser-shredders.blogspot.com/2014/02/webview-security-on-ios-presentation.html
Sunday, February 02, 2014. WebView security in iOS - presentation from OWASP Poland meeting. English translation: http:/ www.slideshare.net/lpilorz/webview-security-on-ios-en. Original (Polish) version: http:/ www.slideshare.net/lpilorz/webview-security-on-ios-pl. Subscribe to: Post Comments (Atom). Decrypting iOS Applications (Automatically). Hack in the Box Amsterdam 2014. Decrypting iOS Applications (Manual). JavaScript Off for iOS. WebView security in iOS - presentation from OWASP .
browser-shredders.blogspot.com
Browser Shredders: Browser Shredders Challenge #1
http://browser-shredders.blogspot.com/2014/06/browser-shredders-challenge-1.html
Saturday, June 21, 2014. Browser Shredders Challenge #1. For some time now I haven't succeeded in triggering password autofill in any iOS browser from a downloaded HTML file (which would allow another easy way to steal passwords). There are no Same Origin Policy constraints for local HTML files, so it seems easy to just open the target website and read the password, but there are some problems:. Password autofill does not work in cross-domain frames in iOS browsers based on UIWebView. In other words it c...
browser-shredders.blogspot.com
Browser Shredders: February 2014
http://browser-shredders.blogspot.com/2014_02_01_archive.html
Thursday, February 27, 2014. Decrypting iOS Applications (Automatically). My previous post was about how to decrypt the iOS application manually. It is good to know how does it work but it can be tiring if you want to decrypt many applications. All the mentioned steps are gathered together in one tool - Clutch by KJCracks. The application and source code are available on the github https:/ github.com/KJCracks/Clutch/releases. Clutch automatically decrypts the application and creates the .ipa files. And i...
browser-shredders.blogspot.com
Browser Shredders: March 2014
http://browser-shredders.blogspot.com/2014_03_01_archive.html
Monday, March 10, 2014. CVE-2014-1449] Maxthon Cloud Browser for Android 4.1.4.2000 Address Bar Spoofing. Vulnerability: Maxthon Cloud Browser for Android Address Bar Spoofing. Date: 10.01.2014. Software Link: https:/ play.google.com/store/apps/details? Vulnerable version: 4.1.4.2000. Tested on: Android 4.4. 3 Proof of Concept. W = window.open("http:/ howl.overflow.pl");. Wlocation = "http:/ h0wl.pl";. SetTimeout('w.location = "a.html"', 1000);. SetTimeout('w.history.back();', 2000);. Http:/ www.maxt...
browser-shredders.blogspot.com
Browser Shredders: May 2014
http://browser-shredders.blogspot.com/2014_05_01_archive.html
Thursday, May 15, 2014. The purpose of this post is to summary methods used for iOS jailbreak detection. 1 Using the Filesystem. The jailbreak process modifies the filesystem by adding, moving and changing files and directories. These changes can be used to detect if the device is jailbroken or not. All methods presented in this point can be easily detected (it is very easy to find appropriate string in the application) and can be very easily bypassed (simple file name change can bypass this detection).
TOTAL LINKS TO THIS WEBSITE
23
Malekbr – The Blog
Malekbr – The Blog. The personal blog of Malek Ben Romdhane. The Monty Hall paradox : an experimental approach. It might appear logical to think that it wouldn’t anything. Actually, no. It is advantageous to change the choice. You’ll actually have twice more chance to drive back home in a new car. I’ve taken two random sequences of numbers representing the doors from 1 to 3 from www.random.org.
Malenation Blog | Just another WordPress site
Breed Me Raw: Aaron Burke and Cam Christou. July 31, 2015. For More of Breed Me Raw, Click Here! Malenation: Alex Granger and Billy Parker. July 29, 2015. For more of this hot bareback action, click HERE! Tattooed, hot, and raw men with James, Antonio, and Mario. July 29, 2015. Click here for more and a video. Click here for more and a video. On the Prowl with MaleNation – Scene 14 with Arnau Vila, Jered Aquila. July 22, 2015. Click here for the video. Click here for the video. July 18, 2015. July 2, 2015.
Blog Maler Hannover Heyse
Unser Team – Der Motor. Storytelling – Mitarbeitergeschichten. Referenzen – Kundenstimmen. Referenzen – Artikel. Social Media im Handwerk. Interviews mit Matthias Schultze. Experteninterviews – Wertvolle Tipps für Macher, Visionäre und Entscheider. Maler HEYSE 2.0. Fugenlose Oberflächen – Große Ausstellung in Hannover. Fugenlose Bodenbeläge, Spachtelboden, Böden ohne Fugen in Hannover. Böden ohne Fugen – Jede hergestellte Fußbodenfläche ist ein Unikat mit eigenem Charakter. Teilen Sie es, wenn Sie mögen:.
Opti-Maler-Partner – malerdeck
Opti-Maler-Partner – malerdeck. Der Opti-Maler Kommentare geschlossen. Neuer Blog: http:/ www.malerdeck.de/blog/. Gehen Sie bitte auf unseren neuen Blog. November 10th, 2014. Dieser Blog ist seit September 2013 geschlossen, ebenso die Kommentarfunktion. Unseren neuen Blog erreichen Sie unter. Tschüss 1und1, mit dem unterirdischen Service und dem noch unmöglicheren Verhalten! September 1st, 2013. Mit mir nicht mehr! Alle Verträge bei 1und1 gekündigt. August 31st, 2013. Domain malerdeck.de ist gesperrt.
Startseite
Seit knapp 100 Jahren gestalten, pflegen und erhalten wir mittels unserer breiten Leistungspalette die Werte unserer Kunden. Qualifizierte Mitarbeiter und ständige Weiterbildung bieten Ihnen Sicherheit. Klassische Handwerkstechniken gehören ebenso zu unserer Leistungspalette wie moderne Applikations- und Gestaltungstechniken. Genießen Sie Ihr Zuhause durch eine Gestaltung zum Wohlfühlen und den kompletten und kompetenten Bautenschutz vom maler HK-team. C) Horst Kruse 2017 E-Mail: info@malerhk.de.
malerisch.net
Security research, divulgations and food for thought. Wednesday, 26 April 2017. UXSS in McAfee Endpoint Security, www.mcafee.com and some extra goodies. During the HITB2017AMS talk. Given in Amsterdam with @Steventseeley. I promised that I would have disclosed vulnerabilities affecting a security vendor product other than Trend Micro. There are two different injection points:. UXSS when user visits a red labelled web site - the payload is rendered in the BlockPage.html. UXSS – Block page. In case the use...
Start - Der Malerbetrieb Trynoga aus Wuppertal bloggt.
Hier bloggt der Malerbetrieb Trynoga aus Wuppertal. Und über was schreibt der so? Nur über das, was ihn gerade so beschäftigt, was er alltäglich so sieht, was er erlebt, was er Ihnen vielleicht auch einfach nur zeigen möchte, weil er es interessant findet… und? Zusammenspiel Farb- und Lichtgestaltung – Gastbeitrag. Savamea goes Ibiza – fugenloser Pool mit microzement. Colourfutures2015 – Farbe des Jahres. Der nächste bitte… diesmal spontan. Savamea – die neusten fugenlosen Projekte. Überhaupt macht es fü...
Malesbanget.com Blog
Blog Official Crew MBDC. Behind The Scene Video MBDC, Foto, Video and Link menarik dari Staff MBDC untuk di share ke kalian semua :). Http:/ mobile.kontan.co.id/news/cicipi-fulus-dari-unggah-video-di-youtube. Universitas Parahyangan visited out office today. 10 Indonesian startups with consistent funding and growth. MBDC Media’s CTO Donnie Prakoso as a speaker in Amazon’s First AWS Cloud Kata with Pontus Sonnerstedt (Guvera/Bayon), Wilson Cuaca (East Ventures) and Andrew Darwis (Kaskus). TECHINASIA - Chr...
Maleva: VAD ASG (Atempo)
Maleva: Value Added Distributor of ASG-Atempo. Informativa sui dati personali. March 20, 2015. Webinar ASG Time Navigator 4.4.x le slide. Queste le principali slide del Webinar su ASG Time Navigator 4.4.x svolto il 19 marzo 2015. March 2, 2015. Webinar: le principali caratteristiche di ASG Time Navigator 4.4.x. February 23, 2015. Backup ottimizzato con gli agent VMware, Yosemite, SQL 2014 e PostgreSQL 9.4.1 di ASG Time Navigator 4.4.1. December 16, 2014. ASG Certificate We ASG, hereby certify that, today...
Mostly Ramblings...
Monday, November 13, 2017. A fix for Lightroom's scaling on high-density displays. I brought a Microsoft Surface Book laptop a couple months ago. I love the machine! However, the 3000x2000 display causes most apps to be really small. Way too small for me to use. I've spent all this time looking for a resolution and tonight I finally found it on superuser.com:. On the properties of the shortcut, under the Compatibility tab, I selected Override high DPI scaling. And set the Scaling performed by. Our altern...
Twinks having sex and gay teen twink porn for free.
Twink Porn Blog Home. Jacob Durham Pounds Flip. All of us fantasize about working out with a hot jock and after which getting to have our way with them. Jacob Durham is about to live that fanstasy with Flip. These boys worked out together …. Euro twinks get deep and nasty in these without a condom scenes from Staxus. Euro twinks get deep and nasty in these without a condom scenes from Staxus. Watch the Full Length, High. Adorable Twinks Offers Oral. Im look stern however really delicate into. Thereâ s no...
SOCIAL ENGAGEMENT