BlackBerry Z10 Authentication Bypass Vulnerability

BlackBerry Z10 suffers from a storage and access file-exchange authentication bypass vulnerability. BlackBerry Z10 Authentication Bypass Vulnerability --------------------------------------------------------------------- --------------------------------------------------------------------- 1...

BlackBerry Z10 Authentication Bypass

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass MZ-13-04 ---------------------------------------------------------------------...

Researcher Uncovers Vulnerability Oracle Data Redaction Security Feature

Oracle’s newly launched Data Redaction security feature in Oracle Database 12c can be easily disrupted by an attacker without any need to use exploit code, a security researcher long known as a thorn in Oracle's side said at Defcon. Data Redaction is one of the new Advanced Security features...

Mobile Carrier Controls Exploitable on a Massive Scale

LAS VEGAS – Device manufacturers and service providers quietly maintain a pervasive level of remote control over the devices they sell to consumers so they can push over-the-air OTA updates for a variety of reasons, but problematically one popular product that enables this type of control is poor...

SuSE 11.3 Security Update : openjdk (SAT Patch Number 9543)

This Critical Patch Update contains 20 new security fixes for Oracle Java SE. All of these vulnerabilities could have been remotely exploitable without authentication, i.e., could be exploited over a network without the need for a username and password. %NASLMINLEVEL 70300 C Tenable Network...

Slack: Content Spoofing all Integrations in https://team.slack.com/services/new/

Hello There, I've discovered 48+ content spoofing and confirmed all of your Integrations at https://team.slack.com/services/new/ is vulnerable to Content spoofing and exploitable to all users. Content Spoofing An attack technique used to trick a user into thinking that fake web site content is...

Oracle Solaris Critical Patch Update : july2013_SRU11_1_9_5_1

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Driver/IDM iSCSI Data Mover. The supported version that is affected is 11. Easily exploitable vulnerability allow...

Oracle Solaris Critical Patch Update : oct2012_SRU10_5

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Kernel. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating...

Slack: Content spoofing at Stripe Integrations

I have found Content Spoofing Vulnerable in Slack at Stripe Integrations vulnerability is exploitable to all users Proof of concept: https://asdasda.slack.com/services/2481499413?error=content%20spoofing%20! Regards, Jayson Zabate...

Trio of Flaws Haunts OleumTech Wireless Monitoring System

Researchers have identified several remotely exploitable vulnerabilities in a wireless remote monitoring product from OleumTech that is used in energy, water and other critical infrastructure sectors. Two of the three flaws are related to the encryption implementation in the affected products,...

Use-after-free while when manipulating certificates in the trusted cache — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are...

Exploitable WebGL crash with Cesium JavaScript library — Mozilla

Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable...

Crash in Skia library when scaling high quality images — Mozilla

Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems...

Use-after-free with FireOnStateChange event — Mozilla

Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs...

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

Buffer overflow during Web Audio buffering for playback — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audi...

Uzbey: Missing "size check" on files to upload could make memory leaks.

I noticed that there isn't any "size check" when someone tries to upload a flie through the "upload picture" option, this could generate a memory leak or also a kind of DoS and is deangerous with bigger and bigger files. So i first tried to upload a file of about 2,52 GB see the pic and no warnin...

Powie's PSCRIPT Gästebuch <= 2.09 SQL Injection Vulnerability

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Powie's PSCRIPT Gästebuch = 2.09 SQL Injection Vulnerability +Autor : Easy Laster +Date : 29.03.2010 +Script : Powie's PSCRIPT Gästebuch = 2.09 +Download :...

Dolibarr ERP & CRM OS Command Injection

No description provided by source. Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Yes...

Emil 2.x Multiple Buffer Overrun and Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9974/info Multiple locally and remotely exploitable buffer overrun and format strings were reported in emil. This could permit execution of arbitrary code in the context of the software...