CVE-2015-9259

In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json fi...

Nextcloud: Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock

I'm sorry for my bad English, I'm German How to reproduce this security bug. Step 1: Take a normal Android smartphone maybe it also works on iOS, but I have not tested it yet. Step 2: Install the official nextcloud-client. Step 3: Set up nextcloud: Open the nextcloud app, tap on "Skip", enter the...

Node.js third-party modules: [serve] Directory listing and File access even when they have been set to be ignored

I would like to report a vulnerability in serve on macOS. It allows listing directory and reading local files on the target server. Module module name: serve version: 6.5.3 npm page: https://www.npmjs.com/package/serve Module Description Ever wanted to share a project on your network by running...

imagemagick/encoder_pict_fuzzer: Use-of-uninitialized-value in PerceptibleReciprocal

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=4733409088765952 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderpictfuzzer Fuzz target binary: encoderpictfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

Visual Studio Code remote code execution vulnerability

I occasionally noticed that Visual Studio Code was listening on a fixed TCP port 9333. After upgrading to 1.19.3, it’s gone. ➜ netstat -an | grep 9333 tcp4 0 0 127.0.0.1.9333 . LISTEN Looks like it’s a bug that affects VSCode 1.19.01.19.2. Extension process always run in debug mode, because of th...

DEBIAN-CVE-2018-8960

The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read...

imagemagick/encoder_pict_fuzzer: Use-of-uninitialized-value in ScaleQuantumToChar

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=6501920794476544 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderpictfuzzer Fuzz target binary: encoderpictfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

Zomato: [Zomato Android/iOS] Theft of user session

Hi, I'd like to report a bug which allows to theft user data even without installing third-party apps. Activity xml is exported, and can be accessed by browser. When any WebView in a client app, or a browser meets a zomato://etc URL it will automatically launch Zomato app. File...

imagemagick/encoder_pdb_fuzzer: Use-of-uninitialized-value in PushColormapIndex

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5687802160218112 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderpdbfuzzer Fuzz target binary: encoderpdbfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

Node.js third-party modules: `fs-path` concatenates unsanitized input into exec()/execSync() commands

I would like to report command injection in fs-path. It allows to inject and execute arbitrary shell commands while performing various operations from fs-path API like copying files. Module module name: fs-path version: 0.0.24 npm page: https://www.npmjs.com/package/fs-path Module Description...

Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection

Exploit Title: Redaxo CMS Addon MyEvents SQL Injection Backend Date: 01.03.2018 Exploit Author: h0n1gsp3cht Vendor Homepage: http://www.github.com/wende60/myevents Version: 2.2.1 Last Version Tested on: LinuxMint More: Login Required GET Vuln Code + redaxo/src/addons/myevents/pages/eventadd.php...

CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

Chrome: V8: TranslatedState::MaterializeCapturedObjectAt caching bug

Here'a snippet of TranslatedState::MaterializeCapturedObjectAt. case JSSETKEYVALUEITERATORTYPE: case JSSETVALUEITERATORTYPE: Handle object = Handle::cast isolate-factory-NewJSObjectFromMapmap, NOTTENURED; Handle properties = materializer.FieldAtvalueindex; Handle elements =...

imagemagick/encoder_label_fuzzer: Use-of-uninitialized-value in StringInfoToHexString

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5710818319532032 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderlabelfuzzer Fuzz target binary: encoderlabelfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

A week in security (February 19 – February 25)

Last week on Malwarebytes Labs, we gave readers a primer on encryption, took a stab at that Deepfakes tool Internet users seem to be interested in, and started a new series that talks about GDPR. We also looked at a drive-by download campaign that starts in booby-trapped Chinese websites that dro...

Audio Cutter Software - Code Injection Vulnerability

Exploit for windows platform in category dos / poc Technical Details: ================= Vulnerability Title: Audio Cutter Software - Code Injection Vulnerability Tool Name: Weeny Audio Cutter Software v1.5 Critical Level: High Author: Ajay Gowtham aka AJOXR Blackhat forums Type: Software Security...

redstarshop.rs XSS vulnerability

Open Bug Bounty ID: OBB-566577 Description| Value ---|--- Affected Website:| redstarshop.rs Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...

jewishsingleslondon.co.uk Open Redirect vulnerability

Open Bug Bounty ID: OBB-563671 Description| Value ---|--- Affected Website:| jewishsingleslondon.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

frogtoon.com XSS vulnerability

Open Bug Bounty ID: OBB-562965 Description| Value ---|--- Affected Website:| frogtoon.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Inside the MSRC– The Monthly Security Update Releases

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...