Slack: Content Spoofing all Integrations in https://team.slack.com/services/new/

Hello There, I've discovered 48+ content spoofing and confirmed all of your Integrations at https://team.slack.com/services/new/ is vulnerable to Content spoofing and exploitable to all users. Content Spoofing An attack technique used to trick a user into thinking that fake web site content is...

Oracle Solaris Critical Patch Update : july2013_SRU11_1_9_5_1

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Driver/IDM iSCSI Data Mover. The supported version that is affected is 11. Easily exploitable vulnerability allow...

Oracle Solaris Critical Patch Update : oct2012_SRU10_5

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating...

Slack: Content spoofing at Stripe Integrations

I have found Content Spoofing Vulnerable in Slack at Stripe Integrations vulnerability is exploitable to all users Proof of concept: https://asdasda.slack.com/services/2481499413?error=content%20spoofing%20! Regards, Jayson Zabate...

Trio of Flaws Haunts OleumTech Wireless Monitoring System

Researchers have identified several remotely exploitable vulnerabilities in a wireless remote monitoring product from OleumTech that is used in energy, water and other critical infrastructure sectors. Two of the three flaws are related to the encryption implementation in the affected products,...

Use-after-free while when manipulating certificates in the trusted cache — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are...

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

Buffer overflow during Web Audio buffering for playback — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audi...

Use-after-free with FireOnStateChange event — Mozilla

Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs...

Crash in Skia library when scaling high quality images — Mozilla

Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems...

Exploitable WebGL crash with Cesium JavaScript library — Mozilla

Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable...

Uzbey: Missing "size check" on files to upload could make memory leaks.

I noticed that there isn't any "size check" when someone tries to upload a flie through the "upload picture" option, this could generate a memory leak or also a kind of DoS and is deangerous with bigger and bigger files. So i first tried to upload a file of about 2,52 GB see the pic and no warnin...

Powie's PSCRIPT Gästebuch <= 2.09 SQL Injection Vulnerability

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Powie's PSCRIPT Gästebuch = 2.09 SQL Injection Vulnerability +Autor : Easy Laster +Date : 29.03.2010 +Script : Powie's PSCRIPT Gästebuch = 2.09 +Download :...

BSD/OS 3.1/4.0.1,FreeBSD 3.0/3.1/3.2,RedHat Linux <= 6.0 amd Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/614/info There is a remotely exploitable buffer overflow condition in the amd daemon under several operating systems. Amd is a daemon that automatically mounts filesystems whenever a file or directory within that filesyst...

Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9658/info Microsoft Internet Explorer has been reported prone to a vulnerability that may permit hostile content to be interpreted in the Local Zone. The issue may be exploited via the ITS InfoTech Storage Protocol URI...

PHP XML-RPC Arbitrary Code Execution

No description provided by source. $Id: phpxmlrpceval.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

FOSCAM IP-Cameras Improper Access Restrictions

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

WordPress 2.9 - Failure to Restrict URL Access

No description provided by source. WordPress = 2.9 Failure to Restrict URL Access http://www.thomasmackenzie.co.uk/ 1. Advisory Information Title: WordPress = 2.9 Failure to Restrict URL Access Date published: 2. Vulnerability Information Class: Failure to Restrict URL Access Remotely Exploitable...

Dolibarr ERP & CRM OS Command Injection

No description provided by source. Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Yes...