Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives

Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula fr...

[SECURITY] Fedora 28 Update: exiv2-0.26-10.fc28

A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted value s, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...

WordPress Events Manager Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up personal blog sites.Events Manager plugin is used in one of the registration plugin. A cross-site scripting vulnerability exists in th...

FreeBSD : chromium -- multiple vulnerabilities (8e986b2b-1baa-11e8-a944-54ee754af08e)

Google Chrome Releases reports : Several security fixes in this release, including : - 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 - 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 - 793620...

Security update for chromium (important)

This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed: - CVE-2018-6031: Use after free in PDFium boo1077571 - CVE-2018-6032: Same origin bypass in Shared Worker boo1077571 - CVE-2018-6033: Race when opening downloaded files boo1077571 - CVE-2018-6034:...

HackerOne: Partial disclosure of undisclosed programs through <meta> tags

Summary Report pages contain tags that contains the description of the report. New browsers create thumbnails of recently visited pages that that display the content of the tags. Since the meta tags contain the contents of report, private report contents are partially disclosed. Description Moder...

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...

Design/Logic Flaw

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...

CVE-2017-15210

CVE-2017-15210 affects Kanboard prior to 1.0.47. An authenticated user can bypass restrictions by altering form data to view thumbnails of images in another user’s private project. Root cause described as a design/logic flaw in access control handling, enabling partial confidentiality impact. Evi...

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...

Kanboard Design Vulnerability (CNVD-2017-30939)

Kanboard is a French software developer Frederic Guillot developed a set of open source visualization task board software. The software supports customization of the panel according to the business, task dragging and so on. A security vulnerability exists in Kanboard versions prior to 1.0.47. An...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Several security fixes in this release, including: 780450 High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 787103 High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu @shhnjk on 2017-11-20 793620 High...

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The...

USN-3095-1 php5, php7.0 vulnerabilities

Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-7124 Taoguang Chen discovered that PHP incorrectly...

Slack: Unauthenticated Access to some old file thumbnails

File thumbnails which were uploaded before the implementation of auth checks do not have those checks retroactively applied. However, their URLs contain a secret which prevents guessing or brute-forcing of their location. Well, since you hid all the details which is why I requested disclosure in...

Pornhub: View storyboard of private video @ ht.pornhub.com

The researcher was able abuse the API in order to leak the thumbnails of private videos...

Dtcms default template file has cross-site scripting vulnerability

dtcms is a content management system developed based on c. A cross-site scripting vulnerability exists in the default template file of dtcms version V4.0, due to the absence of strict filtering of image thumbnails and title fields in the default template file. An attacker is allowed to exploit th...

Linux file chooser crashes on malformed images due to flaws in Jasper library — Mozilla

Security researcher Gustavo Grieco reported that on Linux Gnome systems the dialog for choosing local files uses the operating system's gdk-pixbuf library to render thumbnails for image file types. This library supports various image decoders, and Grieco reported that the Jasper and TGA decoders...

WordPress Default Facebook Thumbnails 0.4 Cross Site Scripting

Title: WordPress 'Default Facebook Thumbnails' Plugin Version: 0.4 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-13 Download: - https://wordpress.org/plugins/default-facebook-thumbnail/ - https://plugins.svn.wordpress.org/default-facebook-thumbnail/ Notified WordPress:...

Vimeo: abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video

https://vimeo.com/upload/selectthumb uri is used set a thumbnails on your vimeo video. https://vimeo.com/upload/selectthumb uri request is compose of 3 parameter clipid, token, and time . clipid parameter is used to select a video you want to get a thumbnail,clipid is a csrf token and time...