Ed: Oauth flow on the comments widget login can lead to the access code leakage

Description Hello. Here is a keyword: frog I discovered an little Oauth flow in the comments widget authentication process using redirecturi manipulations. The widget located on the all blogposts, which have URL https://edoverflow.com/2017/post-title/ Upon authentication, it appeared that code...

Medium: cacti

Issue Overview: include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page. CVE-2017-15194 Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2017-923 to update your system. New Packages: noarch: ...

wget HTTP integer overflow(CVE-2017-13089)

That’s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levomäki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more...

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit

Exploit for java platform in category web applications !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program...

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure

!/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' Oracle Java Web Start JNLP XML...

CVE-2017-15008

PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element...

Radancy: [werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages.

Hi Dear Maximum Team Hope you are good! Vulnerablity Summary The HTTP header of the werkenbijmcdonalds.nl website includes an unsafe-inline parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed...

CVE-2017-14744

UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element...

CVE-2017-14744

UEditor 1.4.3.3 is vulnerable to cross-site scripting via the SRC attribute of an IFRAME element. The issue is documented across multiple sources (NVD, CNVD, Red Hat, CVE lists) and is consistently described as an XSS in Baidu/UEditor, with no explicit remediation or patch version provided in the...

CVE-2017-11695

Heap-based buffer overflow in the allocsegs function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...

Medium: curl

Issue Overview: FILE buffer read out of bounds CVE-2017-1000099 TFTP sends more than buffer size CVE-2017-1000100 URL globbing out of bounds read CVE-2017-1000101 Affected Packages: curl Issue Correction: Run yum update curl or yum update --advisory ALAS-2017-889 to update your system. New...

Legal Robot: CSP script-src includes "unsafe-inline"

A security researcher pointed out that our Content Security Policy included the unsafe-eval keyword in the script-src directive. I pointed out some low level issue in CSP policy. and great fix by legalrobot team...

WakaTime: Unsafe Inline and Eval CSP Usage

Hi Team, The HTTP header of the wakatime.com website includes an unsafe CSP parameter for "script-src". Impact: However, the "script-src" parameter is set to "unsafe-inline" or "unsafe-eval", which allows injection of user passed values, which in result can be misused for Cross-Site Scripting...

Gratipay: Gratipay Website CSP "script-scr" includes "unsafe-inline"

Summary: ======== The HTTP header of the gratipay.com website includes an unsafe CSP parameter for "script-src". Description: ========== has a Content-Security-Policy configured the "script-src" parameter is set to "unsafe-inline", which allows injection of user passed values, which in result can...

Gratipay: CSP "script-src" includes "unsafe-inline" in https://gratipay.com

SUMMARY: Related Report: 225833 Gratipay is using unsafe-inline in script-src csp headers which allows the use of inline resources, such as inline elements, javascript: URLs, inline event handlers, and inline elements. Proof Of Concept By Using cURL: curl -I https://gratipay.com The results See m...

Weblate: CSP "script-src" includes "unsafe-inline" in weblate.org and demo.weblate.org

Weblate is using unsafe-inline in script-src csp headers which allows the use of inline resources, such as inline elements, javascript: URLs, inline event handlers, and inline elements. POC: HTTP/1.1 200 OK Server: nginx Date: Tue, 23 May 2017 10:49:15 GMT Content-Type: text/html; charset=utf-8...

HackerOne: www.hackerone.com website CSP "script-src" includes "unsafe-inline"

Summary: The HTTP header of the hackerone.com website includes an unsafe CSP parameter for "script-src". Description: The hackerone.com website https://www.hackerone.com has a Content-Security-Policy configured, as pointed out on the Bug Bounty page of their program: We utilize a strict Content...

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID

I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...

Updated tnef packages fix security vulnerability

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker. CVE-2017-6307 An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can le...

Shopify: Setting Arbitrary Cookie at kitcrm.com

Hey The src parameter of Image is not being sanitized which allows me to set cookies at kitcrm.com Proof of Concept 1. Create a post at https://kitcrm.com/pages/ID/manualposts/new 2. Select Schedule for Later 3. Go to Scheduled Posts https://kitcrm.com/pages/ID/manualposts 4. Click Edit on your...