Out-of-bounds write in Cairo — Mozilla

Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentiall...

Out of bounds read while decoding JPG images — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash...

Use-after-free in imgLoader while resizing images — Mozilla

Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash...

Use-after-free in the Text Track Manager for HTML video — Mozilla

Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a...

Solaris 9 (x86) : 149074-01

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Print Filter Utility. Supported versions that are affected are 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in...

Solaris 9 (sparc) : 149073-01

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Print Filter Utility. Supported versions that are affected are 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in...

SAP Router - Timing Attack Password Disclosure

SAP Router is an application-level gateway used to connect systems in a SAP infrastructure. A vulnerability have been found in SAP Router that could allow an unauthenticated remote attacker to obtain passwords used to protect route entries by a timing side-channel attack. SAP Router Password Timi...

SAP Router Password Timing Attack

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: http://www.coresecurity.com/advisories/sap-router-password-timing-attack Date published:...

Buffer overflow

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service read access violation and system crash via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as...

SAP Router Password Timing Attack

Advisory ID Internal CORE-2014-0003 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-router-password-timing-attack Date published: 2014-04-15 Date of last update: 2014-03-06 Vendors...

BlackBerry Z 10 Buffer Overflow Vulnerability

BlackBerry Z 10 suffers from a remotely exploitable buffer overflow in qconnDoor. BlackBerry Z 10 Buffer Overflow Vulnerability 1. Timeline --------------------------------------------------------------------- 2013-06-23: Vendor has been contacted. 2013-06-24: Vendor response. 2013-06-27: Vendor...

BlackBerry Z 10 Buffer Overflow

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Buffer Overflow in qconnDoor MZ-13-05 --------------------------------------------------------------------- --------------------------------------------------------------------- 1...

Hacking Maytag: Coin-Operated Laudromat Machines

Most Maytag commercial washers and dryers out there use a common controller platform. It dates back to the 80s and is still produced. So almost all Maytag with digital control panel is exploitable in this way. The identifying features are green vacuum florescent display with a four-digit numerica...

WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion

WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion Details ================ Software: Ajax Pagination twitter Style Version: 1.1 Homepage: http://wordpress.org/plugins/ajax-pagination/ CVSS: 9.3 High; AV:N/AC:M/Au:N/C:C/I:C/A:C Description ================ End-user exploitable local file...

Ajax Pagination 1.1 Local File Inclusion

Details ================ Software: Ajax Pagination twitter Style Version: 1.1 Homepage: http://wordpress.org/plugins/ajax-pagination/ CVSS: 9.3 High; AV:N/AC:M/Au:N/C:C/I:C/A:C Description ================ End-user exploitable local file inclusion vulnerability in Ajax Pagination twitter Style 1....

ICS Vulnerabilities Afffect Critical Infrastructure Security

Industrial control systems manufacturer, Siemens, has released new versions of its SIMATIC S7-1200 CPU family, resolving six security vulnerabilities in that product, and its SIMATIC S7-1200 PLC programmable logic controller, resolving an addition two vulnerabilities there. These patches are...

Out-of-bounds write through TypedArrayObject after neutering — Mozilla

Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution...

Google Chrome OS < 33.0.1750.152 Multiple Security Vulnerabilities (deprecated)

Binary data 8161.prm...

Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities

Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities 1. Advisory Information Title: Oracle VirtualBox 3D Acceleration Multiple Memory...

Microsoft, Kaspersky Shed Light on Sefnit Tor Botnet

Alarm bells went off last August when spikes in Tor client downloads were traced to a large click-fraud and Bitcoin-mining botnet called Sefnit. The malware was using the popular anonymity network to communicate with hackers in order to transmit stolen data and receive additional commands. In...