IRCCloud: [IRCCloud Android] Opening arbitrary URLs/XSS in SAMLAuthActivity

Hi, I'd like to report a bug which allow to open arbitrary URLs in com.irccloud.android.activity.SAMLAuthActivity This activity is exported: xml it means that it can be accessed by any third-party apps installed on the same device. On the newest Androids it also could be exploited by Android...

GHSA-H77X-M5Q8-C29H Rack vulnerable to REDoS

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...

SUSE-SU-2017:2804-1 Security update for Linux Kernel Live Patch 9 for SLE 12 SP2

This update for the Linux Kernel 4.4.59-9224 fixes several issues. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel BlueZ was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remo...

gdal

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=6537397673132032 Project: gdal Fuzzer: libFuzzergdalogrfilesystemfuzzer Fuzz target binary: ogrfilesystemfuzzer Job Type: libfuzzerubsangdal Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...

Tor: Address Bar Spoofing on TOR Browser

Hi TOR team, I would like to report a security bug in your browser: Step 1: Goto http://www.ոokia.com/http://jsbin.com/wuyikedaxi/1/edit?html,output Step 2: Observe that address bar points to http://www.ոokia.com/ which actually to be pointing to http://xn--okia-zgf.com, however browser displays...

UCOPIA Wireless Appliance 5.1 (Captive Portal) - Root Remote Code Execution

UCOPIA Wireless Appliance 5.1 Captive Portal - Root Remote Code Execution Exploit Title: Unauthenticated remote root code execution on captive portal Ucopia '/var/www/html/upload/bd.php;echo%20t As php is in sudoers without password...

giphiy.com XSS vulnerability

Open Bug Bounty ID: OBB-318751 Description| Value ---|--- Affected Website:| giphiy.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-14926

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document...

Apple WLC_E_COUNTRY_CODE_CHANGED Information Leak Vulnerability

Exploit for macOS platform in category dos / poc Apple: Information Leak when handling WLCECOUNTRYCODECHANGED event packets CVE-2017-7116 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi router...

Apple updateRateSetAsyncCallback Heap Overflow Vulnerability

Exploit for macOS platform in category dos / poc Apple: Heap overflow in "updateRateSetAsyncCallback" when handling ioctl results CVE-2017-7108 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi...

CVE-2017-14685

Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xpsloadlinksinglyphs in...

SUSE-SU-2017:2499-1 Security update for Linux Kernel Live Patch 22 for SLE 12

This update for the Linux Kernel 3.12.61-5277 fixes several issues. The following security bugs were fixed: - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access bsc1052368...

SUSE-SU-2017:2457-1 Security update for Linux Kernel Live Patch 5 for SLE 12 SP2

This update for the Linux Kernel 4.4.49-9211 fixes several issues. The following security bugs were fixed: - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access bsc1052368...

delight.im: Add movie or series CSRF

Hello, I Found Cross-Site Request Forgery CSRF while adding new movie or series . Reproduction: - Login by any user. - Add Name,YEAR and STRING for the movie in poc...

youngleak.com XSS vulnerability

Open Bug Bounty ID: OBB-290551 Description| Value ---|--- Affected Website:| youngleak.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Nextcloud: Nextcloud logs ldap passwords

When the ldap server is temporarily unavailable, data like the attached ends up in log files. I've replaced usernames with XXXUSERnXXX and passwords with XXXPASSnXXX. It seems that at least the following are missing from $methodsWithSensitiveParameters in lib/private/Log.php: - bind -...

CVE-2017-3735

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g...

sunstar.com.ph XSS vulnerability

Open Bug Bounty ID: OBB-281993 Description| Value ---|--- Affected Website:| sunstar.com.ph Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Microsoft Edge Chakra Incorrect Jit Optimization

Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter 3 CVE-2017-8601 Coincidentally, Microsoft released the patch for the issue 1290 the day after I reported it. But it seems they fixed it incorrectly again. This time, "funca, b, i;" is replaced with "funca, b, ;". PoC: 'use...

Microsoft Edge Charka Failed Re-Parse Exploit

InterpreterStackFrame::ProcessLinkFailedAsmJsModule in Microsoft Edge Chakra incorrectly re-parses. Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses CVE-2017-8645 When Chakra fails to link an asmjs module, it tries to re-parse the failed-to-link...