DNS Rebinding Attack: DNS Rebind Toolkit

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network LAN. It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, “smart” thermostats, and other IoT devices. Wi...

Multiple Web Browsers Security Feature Bypass Information Disclosure (CVE-2018-8235)

A vulnerability was discovered within multiple web browsers that could allow security feature bypass. The vulnerability could allow an attacker to bypass the Same Origin Policy. Successful exploitation could force the browser to send data that would otherwise be restricted...

cryptlib Information Disclosure Vulnerability

cryptlib is a general-purpose cryptographic library based on the GnuPG code. A security vulnerability exists in cryptlib. The vulnerability can be exploited by an attacker to obtain a key by accessing a local device or a different virtual machine on the same physical host...

Libgcrypt Information Disclosure Vulnerability

Libgcrypt is a general-purpose cryptographic library developed by the GNU Project based on the GnuPG code. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, public key algorithms, and more. There is a security vulnerability in Libgcrypt...

Magento MarketPlace T1 - Bypass & Persistent Vulnerability

Document Title: =============== Magento MarketPlace T1 - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1902 Release Date: ============= 2018-06-17 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2018-12440

BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

CVE-2018-12439

MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

LibreSSL ROHNP Vulnerability

LibreSSL is a fork of the OpenSSL cryptographic software library developed by the OpenBSD project and an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. A security vulnerability exists in LibreSSL versions prior to 2.6.5 and 2.7.x prior to...

LibTomCrypt ROHNP Vulnerability

LibTomCrypt is a modular and portable encryption toolkit. A security vulnerability exists in LibTomCrypt 1.18.1 and earlier versions. An attacker can exploit this vulnerability to obtain ECDSA keys by accessing a local device or a different virtual machine on the same physical host...

wolfSSL ROHNP Vulnerability

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the wolfcrypt/src/ecc.c file in versions prior to wolfSSL 3.15.1.patch. An attacker can exploit this...

DEBIAN-CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions

Table of Contents A Thin Layer of Chrome Extension Security Prior-Art Isolated But Talkative Worlds A Quick Disclaimer Home is Where the manifest.json Is - The Basic Extension Layout The Extension Architecture, Namespace Isolation and the DOM The Same Origin Policy SOP in the Chrome Extension Wor...

OX App Suite Improper Privilege Management Vulnerability

OX App Suite is a collection of cloud-based applications that support the management of email, contacts, calendars, media, documents and more. A mismanagement of privileges vulnerability exists in OX App Suite that allows users in the same environment to delete tasks from other users...

Microsoft Edge Security Bypass Vulnerability (CNVD-2018-11934)

Microsoft Edge is Microsoft's built-in browser in its latest operating system, Windows 10. A security bypass vulnerability exists in Microsoft Edge. The vulnerability stems from Edge failing to properly handle requests from different sources. An attacker could exploit the vulnerability to bypass...

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...

DEBIAN-CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

DEBIAN-CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...