CVE-2019-3422

The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remo...

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented...

Microsoft Lab Offers $300K For Working Azure Exploits

Las Vegas – In an attempt to sniff out bugs in its Azure cloud platform, Microsoft announced at Black Hat USA 2019 on Monday that it will offer rewards of up to $300,000 for researchers who launch successful test exploits for the platform. Microsoft has launched a dedicated Azure cloud host testi...

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented...

Azure Security Lab: a new space for Azure research and collaboration

Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented...

Stable Channel Update for Desktop

The stable channel has been updated to 67.0.3396.87 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictio...

Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

Chinese security researchers have discovered more than a dozen vulnerabilities in the onboard compute units of BMW cars, some of which can be exploited remotely to compromise a vehicle. The security flaws have been discovered during a year-long security audit conducted by researchers from Keen...

Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

Chinese security researchers have discovered more than a dozen vulnerabilities in the onboard compute units of BMW cars, some of which can be exploited remotely to compromise a vehicle. The security flaws have been discovered during a year-long security audit conducted by researchers from Keen...

Chain of 11 Bugs Takes Down Galaxy S8 at Mobile Pwn2Own

The mobile version of the annual Pwn2Own contest wrapped up today in Tokyo with an unprecedented attack chain leveling the Samsung Galaxy S8. Researchers from MWR Labs used 11 vulnerabilities across six different mobile applications to execute code on Samsung’s flagship device and exfiltrate data...

Google Patches ‘High Severity’ Browser Bug

UPDATE Google is urging users to update their Chrome desktop browsers to avoid security issues related to a high-severity stack-based buffer overflow vulnerability. Google issued the alert Thursday and said an update for most browsers has been released. “The stable channel has been updated to...

WonderCMS 2.1.0 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and...

WonderCMS 2.1.0 Cross Site Request Forgery

document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and vulernability patched successfully. 2017-06-18: Vendor...

WonderCMS 2.1.0 - Cross-Site Request Forgery

WonderCMS 2.1.0 - Cross-Site Request Forgery document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and vulernability...

WonderCMS 2.1.0 - Cross-Site Request Forgery

document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and vulernability patched successfully. 2017-06-18: Vendor...

WordPress WP Job Manager 1.26.1 Cross Site Scripting

Exploit Title: Stored Cross-Site Scripting in WP Job Manager Date: 2017-06-15 Exploit Author: 0xCode Security Lab , Ehsan Hosseini Software Link: https://wordpress.org/plugins/wp-job-manager/ http://wpjobmanager.com/ Version: 1.26.1 Contact: [email protected] 0xCode Lab ID: ---------------...

PHPCMS v9. 6. 0 arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 404 security lab Date: 2017-04-12 0x00 vulnerability overview Vulnerability description A few days ago phpcms v9. 6 arbitrary file upload vulnerability caused by a safety ring hot, by the vulnerability the attacker may be in the unauthorized case any file is uploaded,...

Wordpress Plugin Single Personal Message 1.0.3 SQL injection vulnerability

Author:sebaoknow Chong Yu 404 security lab Date:2016-12-06 1. Vulnerability description Simple Personal Message is for WordPress website dedicated to create the privacy and security of information systems. Using Ajax operation, may be based on a group of users between the station within the...

WordPress <= 4.6.1 use the theme file to trigger stored XSS vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-10-08 0x00 vulnerability overview 1. Vulnerability description WordPress is a PHP and MySQL as a platform free and open source blogging software and content management systems, recently researchers found that in their=4.6.1 version, by...

Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-22 0x00 vulnerability overview 1. Vulnerability description Drupal （ https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities,...

Tesla Fixes 'Critical' Remote Hack Vulnerability

Several models of the Tesla S cars were hacked by researchers who were able to abruptly stop the car in its tracks, pop open the trunk while the car was being driven, and remotely turn on and off the windshield wipers. The hacks demonstrated by China’s Keen Security Lab, a division of Tencent, we...