Design/Logic Flaw

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

LocalTapiola: Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The ctx parameter in http://viestinta.lahitapiola.fi/webApp/sankarikoulutus, can be exploited to perform an XSS Attack. Description: When a user clicks on a map area, The following POST request is generated : POST / HTTP/1.1 Host: viestinta.lahitapiola.fi...

Microsoft Internet Explorer 9 MSHTML - CDisp­Node::Insert­Sibling­Node Use-After-Free (MS13-037) (1)

Exploit for windows platform in category dos / poc window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-let...

Microsoft Edge - CBase­Scriptable::Private­Query­Interface Memory Corruption (MS16-068)

Source: http://blog.skylined.nl/20161205001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known affected software and...

Mozilla Firefox URL Redirection Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A remote URL redirection vulnerability exists in Mozilla Firefox. An attacker can exploit this vulnerability by constructing a malicious URL to trick users into clicking on a link and being...

UBUNTU-CVE-2016-6747

A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA...

Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free Exploit

A specially crafted web-page can cause the iertutil.dll module of Microsoft Internet Explorer 11 to free some memory while it still holds a reference to this memory. The module can be made to use this reference after the memory has been freed. Unlike many use-after-free bugs in MSIE, this issue,...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-11328)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

Reason Core Security 1.1.2 Privilege Escalation Vulnerability

Reason Core Security version 1.1.2 suffers from an unquoted service path privilege escalation vulnerability. ===================================================== Exploit Title : Reason Core Security - Unquoted Service Path Privilege Escalation Affected Products: Reason Core Security v1.1.2 -...

VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...

Microsoft Video Control Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...

Sophos Web Appliance 4.2.1.3 Privilege Escalation Vulnerability

Sophos Web Appliance version 4.2.1.3 suffers from a privilege escalation vulnerability. An unprivileged user can obtain an MD5 hash of the administrator password which can then be used to discover the plain-text password. Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-0...

Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the second entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161102001.html. There you can find a repro that...

Revive Adserver: Reflected XSS on Zones > Invocation Code

"Cricetinae" : This report is similar to my earlier report: 170156. Short Description The Close text parameter in Inventory Zone Invocation Code is vulnerable to Cross-Site Scripting vulnerability. Steps to Reproduce 1. Logon or Work as an agent. 2. Navigate to Inventory Zones Invocation Code...

New Relic: Potential sub-domain hijacking

Hey New Relic Security team, I noticed what appeared to be a configuration oversight and I wanted to mention it to you. The following domains are currently pointing to Fastly: fr.newrelic.com 151.101.192.207 es.newrelic.com 151.101.0.207 When you visit them, you should see something like this:...

Google Chrome Scheme Bypass Vulnerability

Google Chrome is a popular web browser. Google Chrome vulnerability has a security flaw. An attacker can exploit the vulnerability to bypass security restrictions...

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...

Microsoft Video Control Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...

Revive Adserver: Stored XSS on Admin Access Page - Email field

"Cricetinae" : Short Description The Email field is not sanitized on Inventory Admin Access page resulting in to Stored Cross-Site Scripting vulnerability. Vulnerability Details Cross-Site Scripting issue let's one to run a javascript of choice. It helps most of the client side risks including bu...

Attack Leverages Windows Safe Mode

Researchers warn the Windows diagnostic feature Safe Mode can be used as a remote attack vector by hackers who already have access to a compromised PC or server. The method of attack is unusual, researchers said, and places attention on the diagnostic tool used to fix PC problems and remove...