1595 matches found
SAP HANA Information Disclosure Vulnerability (CNVD-2016-13026)
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. SAP HANA has an information disclosure vulnerability that can be exploited by attackers to obtain...
Microsoft Internet Explorer 9 - IEFRAME CMarkupPointer::MoveToGap Use-After-Free
!-- Source: http://blog.skylined.nl/20161215001.html Synopsis A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. The use appears to happen only once almost immediately after the free, which makes practical exploitation unlikely. Known affecte...
LocalTapiola: Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)
Basic report information Summary: Hi, The ctx parameter in http://viestinta.lahitapiola.fi/webApp/sankarikoulutus, can be exploited to perform an XSS Attack. Description: When a user clicks on a map area, The following POST request is generated : POST / HTTP/1.1 Host: viestinta.lahitapiola.fi...
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
Exploit for windows platform in category dos / poc window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-let...
Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068)
Source: http://blog.skylined.nl/20161205001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known affected software and...
Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free Exploit
A specially crafted web-page can cause the iertutil.dll module of Microsoft Internet Explorer 11 to free some memory while it still holds a reference to this memory. The module can be made to use this reference after the memory has been freed. Unlike many use-after-free bugs in MSIE, this issue,...
IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-11328)
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...
VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit
Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...
Microsoft Video Control Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...
Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the second entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161102001.html. There you can find a repro that...
Revive Adserver: Reflected XSS on Zones > Invocation Code
"Cricetinae" : This report is similar to my earlier report: 170156. Short Description The Close text parameter in Inventory Zone Invocation Code is vulnerable to Cross-Site Scripting vulnerability. Steps to Reproduce 1. Logon or Work as an agent. 2. Navigate to Inventory Zones Invocation Code...
New Relic: Potential sub-domain hijacking
Hey New Relic Security team, I noticed what appeared to be a configuration oversight and I wanted to mention it to you. The following domains are currently pointing to Fastly: fr.newrelic.com 151.101.192.207 es.newrelic.com 151.101.0.207 When you visit them, you should see something like this:...
Google Chrome Scheme Bypass Vulnerability
Google Chrome is a popular web browser. Google Chrome vulnerability has a security flaw. An attacker can exploit the vulnerability to bypass security restrictions...
GDI+ Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...
Microsoft Video Control Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...
Revive Adserver: Stored XSS on Admin Access Page - Email field
"Cricetinae" : Short Description The Email field is not sanitized on Inventory Admin Access page resulting in to Stored Cross-Site Scripting vulnerability. Vulnerability Details Cross-Site Scripting issue let's one to run a javascript of choice. It helps most of the client side risks including bu...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
Red Hat QuickStart Cloud Installer (QCI) Local Information Disclosure Vulnerability
Red Hat QuickStart Cloud Installer QCI is a web-based GUI configuration cloud product. A local information disclosure vulnerability exists in Red Hat QuickStart Cloud Installer QCI. An attacker could exploit the vulnerability to obtain sensitive information that could be useful in launching furth...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
Shopify: Open redirect using checkout_url
Hi , I would like to report an open redirect issue in .myshopify.com/account/logout and .myshopify.com/account/login Details: Your application allow redirecting to https://checkout.shopify.com/ through https://.myshopify.com/account/logout?returnurl= The page https://checkout.shopify.com/ will...