Chrome Universal XSS using IDBKeyRange static methods(CVE-2015-1268)

VULNERABILITY DETAILS Calling an object-returning static method with a cross-origin thing passed as |this| yields an object wrapped in the cross-origin scope. This is because FunctionCallbackInfo ends up with a cross-origin holder, and the holder acts as a creation context for the return value in...

The vulnerability of the Mac OS X operating system, which allows a perpetrator to trigger a service failure or cause other adverse effects

The vulnerability of the libxslt component of the Mac OS X operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or other effects such as memory corruption through unknown mea...

APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat

APT10 Background APT10 MenuPass Group is a Chinese cyber espionage group that FireEye has tracked since 2009. They have historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan. We believe that the targeting of these...

GitLab: Access to GitLab's Slack by abusing issue creation from e-mail

Hi there, I found a way to become a verified GitLab team member on Slack. By doing so, I gained access to dozens of channels possibly containing sensitive information. Note that I deleted my account intidchackerone immediately afterwards and did not join, read or engage with any of those channels...

Misconfiguration in LIMIT directive of .htaccess file

There are a number of HTTP methods that can be used on a webserver for example OPTIONS, HEAD, GET, POST, PUT, DELETE etc.. Each of these methods perform a different function, and each has an associated level of risk when their use is permitted on the webserver. The directive within Apache's...

Exposed Localstart.asp Page

To restrict access to specific pages on a webserver, developers can implement various methods of authentication, therefore only allowing access to clients with valid credentials. There are several forms of authentication that can be used. The simplest forms of authentication are known as 'Basic'...

Allowed HTTP Methods

There are a number of HTTP methods that can be used on a webserver OPTIONS, HEAD, GET, POST, PUT, DELETE etc.. Each of these methods perform a different function and each have an associated level of risk when their use is permitted on the webserver. By sending an HTTP OPTIONS request and a direct...

CVS/SVN User Disclosure

Concurrent Version System CVS and Subversion SVN provide a method for application developers to control different versions of their code. Occasionally, the developer's version or user information can be stored incorrectly within the code and may be visible to the end user either in the HTML or co...

E-mail Address Disclosure

Email addresses are typically found on "Contact us" pages, however, they can also be found within scripts or code comments of the application. They are used to provide a legitimate means of contacting an organisation. As one of the initial steps in information gathering, cyber-criminals will spid...

Updated kdelibs4 packages fix security vulnerability

Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part user:password@host, and in the path and th...

U.S. Dept Of Defense: Default page exposes admin functions and all metods and classes available. on https://██████/█████/dwr/index.html

Summary: https://████/██████/dwr/index.html is a default installation page of DWR engine that exposes all classes and methods available to the user. Description: https://█████████/██████████/dwr/index.html is a default installation page of DWR engine that exposes all classes and methods available...

Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516

tl;dr if you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4j with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption JWE hence many software libraries implementing this specification used to suffer from a classic Invalid Curve Attack. This would allow a...

How to Enable Azure Active Directory Enrollment of Windows 10 Devices with XenMobile

When a Windows device is joined to Azure Active Directory, the device can be automatically enrolled in XenMobile. To enable this, add the XenMobile enrollment URL to Azure Active Directory as detailed in this article. You can join Windows 10 devices to Microsoft Azure AD in any of the following...

kio: Information Leak when accessing https when using a malicious PAC file

Albert Astals Cid reports: Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part...

BeeLogger - Generate Emailing Keyloggers to Windows on Linux

Generate gmail emailing keyloggers to windows on linux, powered by python and compiled by pyinstaller. Features Send logs each 120 seconds. Send logs when chars 50. Send logs with gmail. Some Phishing methods are included. Multiple Session disabled. Bypass UAC. Prerequisites apt wine wget Linux...

WordPress: Wordpress unzip_file path traversal

Summary The Wordpress unzipfile function https://codex.wordpress.org/FunctionReference/unzipfile is vulnerable to path traversal when extracting zip files. Extracting untrusted zip files using this function this could lead to code execution through placing arbitrary PHP files in the DocumentRoot ...

Oracle Java Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the creation of an...

Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

FiercePhish - A Full-Fledged Phishing Framework To Manage All Phishing Engagements

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notificati...

Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...