5 matches found
CVE-2026-55794
Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...
Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in all recent versions of Windows. I asked Microsoft if...
Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API
Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attacker...
Phabricator: Information leakage through Graphviz blocks
This report amounts to Unsandboxed Command Execution Considered Harmful, which you already suspected: https://secure.phabricator.com/T7785 Graphviz blocks can be used to view a render of any image file readable by the webserver, through the image and shapefile graph node attributes. This alone...
Vimeo: XSS on any site that includes the moogaloop flash player | deprecated embed code
The moogaloop flash player includes in most cases http://f.vimeocdn.com/p/flash/moogaloop/6.0.30/controllers/videoControllerProgressive.swf. In that flash file we can find functionality that looks into the SharedObject "com.conviva.livePass" for recently loaded swf-URLs under the key "lastSwfUrls...