Slack: Content Spoofing all Integrations in https://team.slack.com/services/new/

Hello There, I've discovered 48+ content spoofing and confirmed all of your Integrations at https://team.slack.com/services/new/ is vulnerable to Content spoofing and exploitable to all users. Content Spoofing An attack technique used to trick a user into thinking that fake web site content is...

Oracle Solaris Critical Patch Update : july2013_SRU11_1_9_5_1

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Driver/IDM iSCSI Data Mover. The supported version that is affected is 11. Easily exploitable vulnerability allow...

Oracle Solaris Critical Patch Update : oct2012_SRU10_5

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating...

Slack: Content spoofing at Stripe Integrations

I have found Content Spoofing Vulnerable in Slack at Stripe Integrations vulnerability is exploitable to all users Proof of concept: https://asdasda.slack.com/services/2481499413?error=content%20spoofing%20! Regards, Jayson Zabate...

Trio of Flaws Haunts OleumTech Wireless Monitoring System

Researchers have identified several remotely exploitable vulnerabilities in a wireless remote monitoring product from OleumTech that is used in energy, water and other critical infrastructure sectors. Two of the three flaws are related to the encryption implementation in the affected products,...

Use-after-free while when manipulating certificates in the trusted cache — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are...

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

Buffer overflow during Web Audio buffering for playback — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audi...

Use-after-free with FireOnStateChange event — Mozilla

Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs...

Crash in Skia library when scaling high quality images — Mozilla

Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems...

Exploitable WebGL crash with Cesium JavaScript library — Mozilla

Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable...

Uzbey: Missing "size check" on files to upload could make memory leaks.

I noticed that there isn't any "size check" when someone tries to upload a flie through the "upload picture" option, this could generate a memory leak or also a kind of DoS and is deangerous with bigger and bigger files. So i first tried to upload a file of about 2,52 GB see the pic and no warnin...

Powie's PSCRIPT Gästebuch <= 2.09 SQL Injection Vulnerability

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Powie's PSCRIPT Gästebuch = 2.09 SQL Injection Vulnerability +Autor : Easy Laster +Date : 29.03.2010 +Script : Powie's PSCRIPT Gästebuch = 2.09 +Download :...

Emil 2.x Multiple Buffer Overrun and Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9974/info Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software...

Lexmark Multiple Laser printer Remote Stack Overflow

No description provided by source. Application: Lexmark Multiple Laser printer Remote Stack Overflow Platforms: Lexmark Multiple Laser printer Exploitation: Remote Exploitable CVE Number: CVE-2010-0619 Discover Date: 2010-01-06 Author: Francis Provencher Protek Research Lab's Website:...

NSI Rwhoisd 1.5 - Remote Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3474/info Rwhoisd is a publicly available RWHOIS server daemon for Unix based systems developed and maintained by Network Solutions Inc. Rwhoisd contains a remotely exploitable format string vulnerability. It is possible ...

smartplugs 1.3 - SQL Injection showplugs.php

No description provided by source. ----------------------------Information------------------------------------------------ +Name : smartplugs 1.3 SQL Injection showplugs.php +Autor : Easy Laster +Date : 03.03.2010 +Script : smartplugs 1.3 http://www.smart-plugs.com/spv1/ +Download : -------------...

NCSA httpd 1.x Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote users to execu...

BSD/OS 3.1/4.0.1,FreeBSD 3.0/3.1/3.2,RedHat Linux <= 6.0 amd Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/614/info There is a remotely exploitable buffer overflow condition in the amd daemon under several operating systems. Amd is a daemon that automatically mounts filesystems whenever a file or directory within that filesyst...

Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6666/info It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote...