Pornhub: [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com

Researcher was able to exploit a serialization error in the SimpleXMLElement class to perform object injection using the callbackUrl parameter. Researcher was successful in achieving the following: SSRF Local file inclusion Limited execution of database commands without output I exploited the...

DEBIAN-CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the 1 sndtimeruserccallback and 2 sndtimerusertinterrupt...

CVE-2016-1662

extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...

DEBIAN-CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

Code injection

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

UBUNTU-CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted extension...

CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different...

UBUNTU-CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different...

PT-2016-1666 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to the implementation of the Transform object in the Flash Player platform, specifically a use-after-free vulnerability involving memory usage after it has...

Uber: Information disclosure at lite.uber.com

Hello! 1. At https://lite.uber.com/auth/login I get 302-redirect to https://login.uber.com. 2. After post my email and password I get callback to https://lite.uber.com/auth/callback?code=efopqUAx2uwMOqJafHGj2OP8yNxXkf 3. At this page we can see trace stack with names of nodejs modules, full path...

Trend Micro Deep Discovery Inspector 3.83.7 - Cross-Site Request Forgery

Trend Micro Deep Discovery Inspector 3.83.7 - Cross-Site Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt Vendor: ==================== www.trendmicro.com Product:...

WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion

Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link: https://wordpress.org/plugins/brandfolder/ Version: =3.0 Tested on: WAMP / Windows I-Details...

Google Chrome memory misreference vulnerability (CNVD-2016-01504)

Google Chrome is a web browser developed by the American company Google Google. A memory misreference vulnerability exists in the content/browser/webcontents/webcontentsimpl.cc file in versions of Google Chrome prior to 49.0.2623.75. A remote attacker can exploit this vulnerability to cause a...

UBUNTU-CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

Google Finance was traced to reflected File Download(RFD)vulnerabilities-vulnerability warning-the black bar safety net

! A Portuguese network security expert David Sopas found the impact of Google Finance a reflected File DownloadRFDvulnerabilities. I'm in audits of other clients time to discover this vulnerability, through RFD, you need to establish a page to force the download. This Google JSON file of the...

Trello: DOM based XSS via Wistia embedding

Hi, You are using Wistia to embed video at trello.com. However external script from fast.wistia.com vulnerable to XSS and allows to run malicious javascript on your side. vulnerable code: fast.wistia.net/assets/external/E-v1.js I found that parameter wchannel can be controled to load js from...

Xen Denial of Service Vulnerability (CNVD-2016-00238)

Xen is a virtualization technology developed by the University of Cambridge that can be used in the Linux kernel, allowing multiple operating systems to run simultaneously. A denial of service vulnerability exists in Xen 4.6 that allows local attackers to cause a denial of service via a heavily...