Paragon Initiative Enterprises: Incorrect detection of onion URLs

Several places have incorrect code to detect if URL point to .onion domain tor hidden server: The following regexes: 1. ^https://^/:+.onion:?:0-9+ 2. ^https?://^/+.onion which is used in: https://github.com/paragonie/airship/blob/0e9289553cdc538556d362faaee63be6cc534a0c/src/Engine/Hail.phpL223...

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

Sucuri: Administrator Access to grafana instance logstash2.sucuri.net with default credentials

Hi Team, While doing some recon on the subdomains of sucuri.net I came across logstash2.sucuri.net which is running a grafana instance on port 3000. It appears that the instance has had the /public directory deleted or is unavailable as there are a few 404 errors which make the page unusable...

SecNews: DOM based XSS in search functionality

Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...

Adding CIA to DNA

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Alexandrea Mellen. White and black hat hackers specialize in altering, accessing and sometimes destroying information. Genetic engineers take th...

PornHub: Email Confirmation Bypass

Reporter : Vaxo Dai @0x00 After signing up client needs to verify his email address to further use but the confirmation can be bypassed and can put any email address to confirm the user account idname&code=code Here, user can get this id name using pornhub.com/users/username and viewing the sourc...

Instacart: Fetch private list metadata and any user's personal name

Overview == When a user creates a list, they can choose whether to make the list visible in search and whether to show their name with the list. The problem is that the attacker can still access the information that the user chose to hide. Furthermore, if the attacker gets hold of a user's ID, th...

Forms that use the GET method cause the XSRF token to be added to the URL

h5.Steps to Reproduce: In Confluence, visit the "My Profile" page /users/viewuserprofile.action Click "Edit Profile" Note that no atltoken is present in the URL. Click "Settings" /users/viewmysettings.action Click "Edit" Note that the atltoken value is present in the URL. h5.Cause Some forms are...

Forms that use the GET method cause the XSRF token to be added to the URL

h5.Steps to Reproduce: In Confluence, visit the "My Profile" page /users/viewuserprofile.action Click "Edit Profile" Note that no atltoken is present in the URL. Click "Settings" /users/viewmysettings.action Click "Edit" Note that the atltoken value is present in the URL. h5.Cause Some forms are...

Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, which are only processed if the Device Context is associated with a printer. In the code responsible for handling the...

Microsoft Windows - gdi32.dll Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)

Microsoft Windows - gdi32.dll Heap Buffer Overflow in ExtEscape Triggerable via EMREXTESCAPE EMF Record MS16-055 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, whic...

On Apple Patches, the iMessage Bug, Apple vs. FBI, Locky, and Badlock

Mike Mimoso and Chris Brook recap the week in news, including how the FBI vacated Tuesday’s Apple hearing, a crypto iMessage bug that was patched, and the latest hospital to be hit by the ransomware Locky. The two also preview Badlock and what, if any, implications this week’s announcement may...

Gentle Reminder at RSA: Hacking Back is a Bad Idea

SAN FRANCISCO—Surely all breached organizations consider hacking back as some means of response to being attacked and losing intellectual property. Thankfully there was a room full of lawyers at RSA Conference on Wednesday to remind IT pros of what a colossally bad idea that is. Putting aside the...

Many Health and Fitness Apps Remain Vulnerable

It seems little has changed over the last several years when it comes to how health and fitness apps go about securing user information. According to a survey carried out by the firm Arxan last fall, 86 percent of health apps it reviewed at had at least two critical vulnerabilities and 55 percent...

virtual PMU is unsupported

ISSUE DESCRIPTION The Virtual Performance Measurement Unit feature has been documented as unsupported, so far only on Intel CPUs. Further issues have been found or are suspected which would also or exclusively affect AMD CPUs. We believe that the functionality is mostly intended for non-productio...

CVE-2007-4044

No description is available for this CVE...

It's Official: Google Becomes ALPHABET

"Alphabet is about businesses prospering through strong leaders and independence. In general, our model is to have a strong CEO, who runs each business, with Sergey and me in service to them as needed." With this, founders Larry Page and Sergey Brin combined all Google products and services under...

X2Engine 4.2 - Arbitrary File Upload / CSRF Vulnerabilities

Exploit for php platform in category web applications X2Engine 4.2 - Arbitrary File Upload Details: It was discovered that authenticated users were able to upload files of any type providing that the file did not have an extension that was listed in the following blacklist: const EXTBLACKLIST =...

Phabricator: Information leakage through Graphviz blocks

This report amounts to Unsandboxed Command Execution Considered Harmful, which you already suspected: https://secure.phabricator.com/T7785 Graphviz blocks can be used to view a render of any image file readable by the webserver, through the image and shapefile graph node attributes. This alone...