ZenPhoto 1.4.11 - Remote File Inclusion

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Zenphoto 1.4.11 Fixed in: 1.4.12 Fixed Version Link: https://github.com/zenphoto/zenphoto/archive/ zenphoto-1.4.12.zip Vendor Website: http://www.zenphoto.org/ Vulnerability Type: RFI Remote Exploitable: Yes Reported to...

TeamPass 2.1.24 - Multiple Vulnerabilities

Affected Product: TeamPass Vulnerability Type: Multiple XSS,CSRF, SQL injections Fixed in Version: 2.1.25 https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.25.0 Vendor Website: http://www.teampass.net Software Link: : https://github.com/nilsteampassnet/TeamPass Affected Version: 2.1.24...

Service Worker Manager out-of-bounds read in Service Worker Manager — Mozilla

Security researcher Looben Yang reported a mechanism where the Clients API in Service Workers can be used to trigger an out-of-bounds read in ServiceWorkerManager. This results in a potentially exploitable crash...

Out-of-bounds read in HTML parser following a failed allocation — Mozilla

Security researcher Ronald Crane reported an out-of-bounds read following a failed allocation in the HTML parser while working with unicode strings. This can also affect the parsing of XML and SVG format data. This leads to a potentially exploitable crash...

graphite2 -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a...

Buffer overflow in Brotli decompression — Mozilla

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered...

Use-after-free in GetStaticInstance in WebRTC — Mozilla

Security researcher Ronald Crane reported a race condition in GetStaticInstance in WebRTC which results in a use-after-free. This could result in a potentially exploitable crash. This issue was found through code inspection and does not have clear mechanism to be exploited through web content but...

Use-after-free in SetBody — Mozilla

Security researcher lokihardt, working with HP's Zero Day Initiative, reported a use-after-free issue in the SetBody function of HTMLDocument. This results in a potentially exploitable crash...

Out-of-bounds write with malicious font in Graphite 2 — Mozilla

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash...

Use-after-free during XML transformations — Mozilla

Security researcher Nicolas Grégoire used the Address Sanitizer to find a use-after-free during XML transformation operations. This results in a potentially exploitable crash triggerable by web content...

Use-after-free when using multiple WebRTC data channels — Mozilla

Security researcher Dominique Hazaël-Massieux reported a use-after-free issue when using multiple WebRTC data channel connections. This causes a potentially exploitable crash when a data channel connection is freed from within a call through it...

Memory corruption when modifying a file being read by FileReader — Mozilla

Security researcher Oriol reported memory corruption when local files are modified by either the user or another program at the same time being read using the FileReader API. This flaw requires that input be taken from a local file in order to be triggered and cannot be triggered by web content...

Memory corruption with malicious NPAPI plugin — Mozilla

The CESG, the Information Security Arm of GCHQ, reported a dangling pointer dereference within the Netscape Plugin Application Programming Interface NPAPI that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted NPAPI plugin in concert with scripted web content,...

Use-after-free in HTML5 string parser — Mozilla

Security researcher ca0nguyen, working with HP's Zero Day Initiative, reported a use-after-free issue in the HTML5 string parser when parsing a particular set of table-related tags in a foreign fragment context such as SVG. This results in a potentially exploitable crash...

Fiyo CMS 2.0.6.1 Cross Site Scripting

Introduction Affected Product: Fiyo CMS 2.0.6.1 Fixed in: 2.0.6.2 Vendor Website: http://www.fiyo.org/ Vulnerability Type: XSS Remote Exploitable: Yes 2. Overview There are multiple XSS vulnerabilities in Fiyo CMS 2.0.6.1. The vulnerabilities exist due to insufficient filtration of user-supplied...

IRZ RUH2 3G Firmware Overwrite Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-138-01 iRZ RUH2 3G Firmware Overwrite Vulnerability that was published May 17, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT has identified a firmware overwrite vulnerability in iRZ’s RUH2 device. iRZ has...

experts-exchange.com XSS vulnerability

Vulnerable URL: http://www.experts-exchange.com/searchResults.jsp?searchType=ALL=...

kamailio -- SEAS Module Heap overflow

Stelios Tsampas reports: A remotely exploitable heap overflow vulnerability was found in Kamailio v4.3.4...

brotli -- buffer overflow

Google Chrome Releases reports: 583607 High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli. Mozilla Foundation reports: Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially...

Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0060 Libgraphite Bidirectional Font mFeatureMap Denial of Service Vulnerability February 5, 2016 CVE Number CVE-2016-1522 Description An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially...