Home
Posted by Ashish Pujari, Chrome Security Team Introduction Chrome is trusted by millions of business users as a secure enterprise brow...
When writing an exploit for a memory corruption vulnerability, knowing the heap allocator internals is often required to shape the heap as desired. This article will dive into one of Android libc allo
Hello Gitlab!
[Vulnerable code](https://gitlab.com/gitlab-org/gitlab/blob/9d81e97d9d111f874799605ce50ae480ae15b0c5/app/assets/javascripts/vue_merge_request_widget/components/states/mr_widget_rebase.vue#L47)
To reproduce the bug, we need to open a merge request with the following conditions:
1. Project must have 'Merge commit with semi-linear history' or 'Fast-forward merge' merge method
2....
Introduction Faronics Insight is a feature rich software platform which is deployed on premises in schools. The application enables teachers to administer, control and interact with student devices
Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires ...
The latest news and insights from Google on security and safety on the Internet
Discovered by Matt Wiseman of Cisco Talos. SUMMARY A memory corruption vulnerability exists in the MELSOFT Direct functionality of Mitsubishi Electric Corporation MELSEC iQ-F FX5U v1.240 and v1.260...
David Kluge, Technical Program Manager, and Andy Warner, Product Manager Nobody likes preventable site errors, but they happen disappointing...
During Pwn2Own Toronto 2022, three different teams successfully exploited the Sonos One Speaker. In total, $105,000 was awarded to the three teams, with the team of Toan Pham and Tri Dang from Qrious Secure winning $60,000 since their entry was first on the schedule. Part of Pwn2Own competitions inv
Information about 0-days exploited in-the-wild!
## Summary:
Whenever the aws-iam-authenticator server gets a POST request to /authenticate it extracts the token and validates it. The token's content is a signed AWS STS request to the GetCallerIdentity endpoint, where the response content is used to map to matching K8s identity (username, groups).
I found several bypasses to validation parts in [AWS IAM...
Brandon Lum and Mihai Maruseac, Google Open Source Security Team Today, we are announcing the launch of the v0.1 version of Graph for Unders...
Posted by Chrome Root Program, Chrome Security Team What is the Chrome Root Program? A root program is one of the foundations for se...
An optimized content discovery phase involves crawling and brute forcing the attack surface while balancing depth, cost, and detection risk.
Chariot offers a simple solution for medical device manufacturers to conduct the ongoing postmarket monitoring that Section 524B.1 requires.
%PDF-1.5 % 143 0 obj << /Length 5046 /Filter /FlateDecode >> stream x;]z:Me% ls(3bLZ_E'h4`y |xH%Ho7ydiIs"~ b{dcA]&...
goshawk.code-analysis.org
May 19 2023 @ 4:50 PM
Goshawk: Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis 1. Introduction Goshawk is an automated memory corruption bug detection system, which first auto...
Information about 0-days exploited in-the-wild!
This post covers an exploit chain demonstrated by Nguyn Hong Thch ( @hi_im_d4rkn3ss ) of STAR Labs SG Pte. Ltd. during the Pwn2Own Vancouver event in 2023. During the contest , he used an uninitialized variable bug and a stack-based buffer overflow in VMware to escalate from a guest OS t
Hi Reddit ,
I found a way to distribute, persist & store Illegal images such as child porn , beheadings on reddit and in plain sight .
I can also store & distribute xml ,json data eg illegal links .
I can also store & communicate illegal instructions aka terrorist messages in html and plain text.
This hack also bypasses all security related to detecting illegal messages &...
go to your account's chat page, stop the request and change the reddit session parameter, now leave the request and you will be able to access the test account's chat screen
send the request to the repeater change the reddit session parameter and send it then you will see the return result is 200
show reply in browser and copy and paste the address into your browser you will access the chat...
## Summary:
Hello team! I was tampering with the dest parameter in accounts.reddit.com and found out it is vulnerable to Cross Site Scripting once the victim performs the log in.
## Steps To Reproduce:
1. Enter to the following link: ```https://accounts.reddit.com/?dest=javascript:alert(document.domain)```
- If not signed in, the user will be promped to log in and after doing so XSS will...
Posted by Sarah Jacobus, Vulnerability Rewards Team As technology continues to advance, so do efforts by cybercriminals who look to explo...
Bug bounties are broken the story of i915 bug, ChromeOS + Intel bounty programs, and beyond : pi3 blog
Dongge Liu, Jonathan Metzman and Oliver Chang, Google Open Source Security Team Googles Open Source Security Team recently sponsored a fuzz...
For the second time at Pwn2Own competition, network printers have been featured in Toronto 2022.
Juan Jos Lpez Jaimez, Security Researcher and Meador Inge, Security Engineer Today, we are announcing Buzzer , a new eBPF Fuzzing framewor...
May 2nd 2023 Congratulations to our new king and in honour of the coronation, we proudly present Nighthawk 0.2.4. Our last Nighthawk public post was for our 0.2.1 release in...
Posted by Ronnie Falcon, Product Manager Android is built with multiple layers of security and privacy protections to help keep you, your...
Hi @gdattacker
Improper Authentication was discovered and reported to IBM, analyzed and has been remediated. Thank you to our external researcher.
## Summary:
After creating the workspace, if victim clicks on forgot password then reset password link has been generated and sent over mail and that password link is unsecured http protocol.
## Steps To Reproduce:
1. Signup to a workspace
2. Navigate to https://h1-\*your-own-instance\*.cloud.mattermost.com/reset_password and enter signup email
3. Check email, you will get reset...
It was discovered that the "Ask where to save each file before downloading" setting disables the potentially-malicious file type warning for downloads in Brave. This behavior is also present in Chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=1410578.
Discovered by Kelly Leuschner of Cisco Talos. SUMMARY An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set...
Application security issues found by Assetnote
Discovered by Kelly Leuschner of Cisco Talos. SUMMARY An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A speci...
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
A vulnerability has been discovered in the updateMessage Meteor Method, allowing adversaries to edit messages without proper authorization. This occurs due to insufficient permission checks for the "rid" parameter. Attackers can exploit this issue to leak private messages with known message IDs.
Code scanning detects ReDoS vulnerabilities automatically, but fixing them isnt always easy. This blog post describes a 4-step strategy for fixing ReDoS bugs.