Cross-site Scripting (XSS)

Django is vulnerable to cross-site scripting XSS attacks. The library disabled HTML escaping in the 500 debug page template, allowing a malicious user to inject and execute arbitrary webscript...

Django -- possible XSS in traceback section of technical 500 debug page

Django blog: In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...

PT-2017-3841 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Django versions 1.10.x through 1.10.7 Django versions 1.11.x through 1.11.4 Description: The issue is related to the disabling of HTML autoescaping in a portion of the template for the technical 500 debug page in Django. This could allow a...

Bypassing VirtualBox Process Hardening on Windows

Posted by James Forshaw, Project Zero Processes on Windows are securable objects, which prevents one user logged into a Windows machine from compromising another user’s processes. This is a pretty important security feature, at least from the perspective of a non-administrator user. The security...

CVE-2017-8257

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...

Design/Logic Flaw

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...

CVE-2017-8257

In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sderotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use...

Threat Round-up for Aug 11 - Aug 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and August 18. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

Salt win_useradd, salt-cloud and Linode driver information disclosure vulnerabilities

Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. winuseradd one of the user creation component; salt-cloud is a virtual machine configuration component; Linode driver is a server driver. A security vulnerability exists in winuseradd, salt-cloud, an...

Microsoft Edge - Out-of-Bounds Access when Fetching Source Exploit

Exploit for windows platform in category dos / poc // The attached JavaScript file causes an out-of-bounds access of the source buffer when fetching the source for one of the functions during delayed compilation. The out-of-bounds value is then treated as the pointer to the source. This is likely...

Microsoft Edge - Out-of-Bounds Access when Fetching Source

Microsoft Edge - Out-of-Bounds Access when Fetching Source // The attached JavaScript file causes an out-of-bounds access of the source buffer when fetching the source for one of the functions during delayed compilation. The out-of-bounds value is then treated as the pointer to the source. This i...

Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses

GetOriginalEntryPoint : nullptr; if this-pCurrentFunction && this-pCurrentFunction-IsFunctionParsed Assertthis-pCurrentFunction-StartInDocument == pnode-ichMin; pCurrentFunction" is the consturctor, but "pnode" refers to the method "f". PoC: -- class MyClass fa printa; constructor 'use asm';...

Microsoft Edge Chakra - InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses

Microsoft Edge Chakra - InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses GetOriginalEntryPoint : nullptr; if this-pCurrentFunction && this-pCurrentFunction-IsFunctionParsed Assertthis-pCurrentFunction-StartInDocument == pnode-ichMin; pCurrentFunction" is the consturctor,...

Microsoft Edge Chakra - TryUndeleteProperty Incorrect Usage (Denial of Service)

Microsoft Edge Chakra - TryUndeleteProperty Incorrect Usage Denial of Service ::NoSlots return false; propertyIndex = deletedPropertyIndex; deletedPropertyIndex = staticcastTaggedInt::ToInt32object-GetSlotdeletedPropertyIndex; return true; bool...

Microsoft Edge Chakra TryUndeleteProperty Incorrect Usage

Microsoft Edge: Chakra: Incorrect usage of TryUndeleteProperty CVE-2017-8635 Chakra implemented the reuse of deleted properties of an unordered dictionary object with the following code. bool SimpleDictionaryUnorderedTypeHandler::TryReuseDeletedPropertyIndex DynamicObject const object,...

I Recommend This <= 3.8.1 - Authenticated SQL Injection

Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...

PYSEC-2017-71

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...

UBUNTU-CVE-2015-6941

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...

Design/Logic Flaw

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...

CVE-2015-6941

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...