Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...

EUVD-2013-0991

Malware in sbrugna...

CVE-2013-0980

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature...

Slack: User can start call in a channel of an unpaid account

Found a super minor issue that allows a user to start a call in a channel of an unpaid account. Besides the minor financial incentive for an attacker, this doesn't have a super high impact. Wanted to let you know anyway since it's not possible through the UI by default. To reproce it, start by...

Privilege escalation

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature...

Key Combos Bust iPhone Password Protection

A flaw in the iOS software that runs Apple’s iPhone allows any user to bypass the password entry screen by manipulating the emergency call feature, essentially rendering iPhone passwords useless. The flaw, first disclosed in a discussion on the forums site macrumors.com on October 22, requires...

PT-2008-5521 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: Apple iPhone OS versions 1.0 through 2.1 Apple iPhone OS for iPod touch versions 1.1 through 2.1 Description: The issue allows physically proximate attackers to make a phone call to an arbitrary number by leveraging the emergency-call ability...