Top 5 OAuth 2 Implementation Vulnerabilities

Heya, back to my favourite topics namely OAuth . I have previously discussed about common OAuth 2 Implementation Vulnerabilities but now it is time maybe to list those and order them based on their criticality. 5 The Postman Always Rings Twice I have introduced this 'attack' in last year post...

UBUNTU-CVE-2014-8147

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service...

CVE-2014-5320

The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application...

Information disclosure

The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application...

CVE-2014-5320

The CVE-2014-5320 entry concerns the Bump for Android app, where improper handling of implicit intents allows disclosure of sensitive owner-name information from another device. Affected component: Bump for Android; root cause is mishandling implicit intents. Impact documented in sources as infor...

Bump for Android vulnerable in handling of implicit intents

Overview Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

JVN#08994136: Bump for Android vulnerable in handling of implicit intents

Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Impact Information such as the owner's name that was obtained from another device may be disclosed. Solution Do not use Bump for...

OAuth authentication memory vulnerability caution a user identity hijacking-vulnerability warning-the black bar safety net

With OpenSSL, like OAuthOpen Authorizationas a widely used open-source third-party login authentication Protocol, this year also broke a security vulnerability. In the third session of the know the security Forum, from Sina Weibo of the blue di snowball shows Sina as early as year 3 months...

(0Day) (Pwn2Own\Pwn4Fun) Microsoft Internet Explorer localhost Protected Mode Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Ethernet Industrial Protocol (EtherNet/IP) Client Explicit Message Detection

Binary data 8277.prm...

Ethernet Industrial Protocol (EtherNet/IP) Implicit Message Detection

Binary data 7113.pasl...

rubygem-actionpack: directory traversal issue

A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted...

rubygem-actionpack: directory traversal issue

A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted...

[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...

UBUNTU-CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

PT-2014-3491 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 3.2.18 Ruby on Rails versions 4.0.x prior to 4.0.5 Ruby on Rails versions 4.1.x prior to 4.1.1 Description: The issue allows remote attackers to read arbitrary files via a crafted request, due to a directory...

Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails.The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow a...

MySQL: Вытягивание записей в строку с использованием встроенной функции insert

Все вы знаете о выводе колонок MySQL таблицы в одну строку, итак, встречаем - Четвертый метод! Но об этом немного позже, а сейчас вспомним то, что имеется на сегодняшний день. Из статьи Dr.Z3r0: MySQL SQL Injection полный FAQ: 1. groupconcat + Простое использование, небольшой размер - Ограничение...

Road passenger Baba stored in plain text and any password get-vulnerability warning-the black bar safety net

Brief description: Password stored in plain text plus cross-site worms, you know Detailed description: Register road passenger Baba sent a message, the message content for the test code as /textareascriptalertdocumeng. cookie/script I registered two account xxoo2013 and xxoo2014, the password is ...

CVE-2012-5182

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application...