Cloudflare Public Bug Bounty: Yet Another CASB Integration Takeover of Active Integrations

A vulnerability was found in a cloud access security broker's Microsoft integration where an attacker could bypass confused deputy protections. By manipulating the casing of a tenant UUID, a new integration could be created that surfaced sensitive customer information. This issue was addressed by...

Cloudflare Public Bug Bounty: Session mismatch leading to potential account takeover (local access required)

Vulnerability description not provided...

Cloudflare Public Bug Bounty: Bypassing creation of API tokens without email verification

API tokens could be created without email verification on Cloudflare. If an email-verified account changed their email address without verifying the new email, previously created API tokens remained valid. This vulnerability was addressed by requiring verification before completing the email chan...

GHSA-XWF3-6RGV-939R Flux CLI Workload Injection

Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the...

Cloudflare Public Bug Bounty: Bypass two-factor authentication

Due to lack of validation, a malicious actor could brute force OTP 2fa and guess a correct number after multiple failures. The issue was fixed by the Engineering team by implementing restrictions on 2FA attempts...

Cloudflare Public Bug Bounty: Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration

Cloudflare uses Sentry for application monitoring and error tracking. Due to the tool's misconfiguration source code scraping feature enabled, it was possible to sent blind requests to any endpoints using the Cloudflare infrastructure. The issue has been fixed by the Engineering team and the sour...

Is It Time to Consider Replacing Your CDN?

Content delivery networks CDNs are the pipelines of the Internet. Working behind the scenes, they are reshaping how information is consumed online, accelerating web traffic, enhancing user experience, and providing every website with the ability to truly go global. As you may imagine, any...

Shipt: Api Token Leaked in [shoppers.shipt.com]

A researcher reported an API key stored in source code that was part of a 3rd party knowledge base integration. The Shipt information security team immediately investigated the report and determined that the API key referenced was a legacy token that was no longer being used. While it didn't...

Critical GitLab Flaw Earns Bounty Hunter $20K

A critical GitLab vulnerability, which could be leveraged by a remote attacker to execute code, recently netted a researcher a $20,000 bug-bounty award. The flaw was reported to GitLab by software developer William Bowling via the HackerOne bug bounty platform on March 23. It was then disclosed...

Microsoft Excel 2016 1901 - XML External Entity Injection

Microsoft Excel 2016 1901 - XML External Entity Injection Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...

Razer: Request Smuggling vulnerability due a vulnerable skipper reverse proxy running in the environment.

The tester discovered that a server was using Skipper as a reverse proxy that was not fully patched, allowing a request smuggling vulnerability. We thank the tester for his report and excellent PoC and his patience with the slow response of the engineering team...

Shipt: Price manipulation via fraction values (Parameter Tampering)

A security researcher identified an issue in our member application that showed how a user's cart would accept fractional quantities of any item; irrespective of whether or not the item was capable of being in a 'fractional' state e.g. fractional quantities were being accepted for a half pound of...

Tor Browser Users Urged to Patch Critical ‘TorMoil’ Vulnerability

The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser. The patch was issued late Friday and fixes a vulnerability found in Tor Browser version 7.0.8. The patch is in an upgrade to Tor Browser 7.0.9. Windows users running...

VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues

The Microsoft Security Response Center MSRC receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of these reports turn out to be memory...

VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues

The Microsoft Security Response Center MSRC receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of these reports turn out to be memory...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common...

Advantech EKI-6340 - Command Injection

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL: http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection Date...

RHEL 6 : MRG (RHSA-2013:1852)

Updated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...

Moderate: Red Hat Security Advisory: Red Hat Network Satellite spacewalk-backend security update

Updated spacewalk-backend packages that fix one security issue are now available for Red Hat Network Satellite 5.3, 5.4, and 5.5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Scientific Linux Security Update : dhcp on SL3.x, SL4.x i386/x86_64

The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client root. CVE-2009-0692 An insecure temporary file use fl...