Attribution: Phantom Open Emoji maintainers and contributors

Because Computer Security Matters...

My Research & Publications

[*] Feb 13, 2018 / CVE-2017-12544 Hewlett Packard Enterprise, HP System Management Homepage Software prior to 7.6.1 Cross-site Scripting (XSS)

HP original bulletin (Nr HPESBMU03753) || Bugtraq advisory

The HP System Management Homepage (SMH) is a web-based interface that consolidates and simplifies the management of ProLiant and Integrity servers running Microsoft Windows or Linux, or HP 9000 and HP Integrity servers running HP-UX 11i. ...more...

[*] Jan 4, 2017 / CVE-2016-10113 Samsung DVR Web Viewer weak credentials

MITRE assigned me CVE-2016-10113 for reporting this vulnerability.

Samsung DVR Web Viewer is by default using HTTP (port 80) and transmits the credentials encoded in the Cookie header using very bad security practice, just encoding the login and password in BASE64 codification. It is trivial to decode those values and gain access to Samsung DVR web interface to monitor and control IP cameras, if the default credentials have been changed.
Vulnerable function:

[*] Aug 7, 2016 / net2ftp 1.0 Multiple XSS on Unauthenticated Users

net2ftp is a web based FTP client ( It can be used as a standalone version and also integrated in some web platforms as ISP providers, e-commerce sites and other websites. ... more ...

[*] Dec 22, 2008 / Roundcube Webmail 0.2 Remote Code Execution

Roundcube Webmail is a browser-based IMAP client that uses " HTML to Plain Text Conversion" library to convert HTML text to plain text, this library uses the preg_replace PHP function in an insecure manner. As this vulnerability was discovered in-the-wild: was quite sure that would be exploitable, using PHP curly we can execute phpinfo():
wget -q --header="Content-Type: ''" \
-O - --post-data='<b>{${phpinfo()}}</b>' \
--no-check-certificate \

[*] Offensive Techniques: Buffer Overflow off-by-one

An article written by klog for Phrack called The Frame Pointer Overwrite explains off by one vulnerabilities in the stack zone, this article was written in 1999, nowadays some things have changed, i.e behaviour of GCC compiler is different, now by default GCC left 2 words boundary in the stack between the local variables and the ebp and eip pushed, that means that no off by one vulnerabilities can be exploited. ...more...

[*] Aug 20, 2006 / CVE-2006-3747 POC & exploit for Apache 1.3/2.0/2.2 mod_rewrite off-by-one, SecurityFocus

My Tools

My References

© 2018
Contact (backwards): moc.liamnotorp@oofnips
Ninja picture attribution: Phantom Open Emoji maintainers and contributors