Hacking Traffic Systems for Fun and Chaos

It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless...

Use-after-free in the Text Track Manager for HTML video — Mozilla

Using the Address Sanitizer tool, security researcher Abhishek Arya Inferno of the Google Chrome Security Team found a use-after-free in the Text Track Manager while processing HTML video. This was caused by inconsistent garbage collection of Text Track Manager variables and results in a...

Out of bounds read while decoding JPG images — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash...

Use-after-free in nsHostResolver — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash...

Out-of-bounds write in Cairo — Mozilla

Security researcher Jukka Jylänki reported a crash in the the Cairo graphics library. This happens when Cairo paints out-of-bounds to the destination buffer in the compositing function when working with canvas in certain circumstances. This issue allows malicious web content to cause a potentiall...

Use-after-free in imgLoader while resizing images — Mozilla

Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash...

Web Audio memory corruption issues — Mozilla

Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable...

SAP Router - Timing Attack Password Disclosure

SAP Router is an application-level gateway used to connect systems in a SAP infrastructure. A vulnerability have been found in SAP Router that could allow an unauthenticated remote attacker to obtain passwords used to protect route entries by a timing side-channel attack. SAP Router Password Timi...

Solaris 9 (x86) : 149074-01

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Print Filter Utility. Supported versions that are affected are 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in...

Solaris 9 (sparc) : 149073-01

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Print Filter Utility. Supported versions that are affected are 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in...

SAP Router Password Timing Attack

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: http://www.coresecurity.com/advisories/sap-router-password-timing-attack Date published:...

Buffer overflow

vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service read access violation and system crash via a crafted buffer in an IOCTL call. NOTE: the researcher reports "Vendor rated issue as...

SAP Router Password Timing Attack

Advisory ID Internal CORE-2014-0003 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-router-password-timing-attack Date published: 2014-04-15 Date of last update: 2014-03-06 Vendors...

BlackBerry Z 10 Buffer Overflow Vulnerability

BlackBerry Z 10 suffers from a remotely exploitable buffer overflow in qconnDoor. BlackBerry Z 10 Buffer Overflow Vulnerability 1. Timeline --------------------------------------------------------------------- 2013-06-23: Vendor has been contacted. 2013-06-24: Vendor response. 2013-06-27: Vendor...

BlackBerry Z 10 Buffer Overflow

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Buffer Overflow in qconnDoor MZ-13-05 --------------------------------------------------------------------- --------------------------------------------------------------------- 1...

Hacking Maytag: Coin-Operated Laudromat Machines

Most Maytag commercial washers and dryers out there use a common controller platform. It dates back to the 80s and is still produced. So almost all Maytag with digital control panel is exploitable in this way. The identifying features are green vacuum florescent display with a four-digit numerica...

WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion

WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion Details ================ Software: Ajax Pagination twitter Style Version: 1.1 Homepage: http://wordpress.org/plugins/ajax-pagination/ CVSS: 9.3 High; AV:N/AC:M/Au:N/C:C/I:C/A:C Description ================ End-user exploitable local file...

Ajax Pagination 1.1 Local File Inclusion

Details ================ Software: Ajax Pagination twitter Style Version: 1.1 Homepage: http://wordpress.org/plugins/ajax-pagination/ CVSS: 9.3 High; AV:N/AC:M/Au:N/C:C/I:C/A:C Description ================ End-user exploitable local file inclusion vulnerability in Ajax Pagination twitter Style 1....

ICS Vulnerabilities Afffect Critical Infrastructure Security

Industrial control systems manufacturer, Siemens, has released new versions of its SIMATIC S7-1200 CPU family, resolving six security vulnerabilities in that product, and its SIMATIC S7-1200 PLC programmable logic controller, resolving an addition two vulnerabilities there. These patches are...

Out-of-bounds write through TypedArrayObject after neutering — Mozilla

Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution...