Two vulnerabilities, the first an insecure activity is exposed that allows other applications to automatically install any application on the Galaxy Store, the secondis a filter bypass which can lead to navigating the CloudGame webview to an untrusted domain.
A total of either issues impacting various companies in the automotive industry, mix of issues from simple SQL injection to some interesting Single Sign On (SSO) implementation decisions.
The `username`, `from_name` and `password` fields of the SMTP server configuration accept new-line characters that will be printed directly into the resulting configuration file.Using this it is possible to include configuration parameters that are not normally exposed...
Multiple static functions in`InetAddress` like `getByName` and `getAllByName` can be used both to resolve a name string to an IP address, and to validate the format of an address.The problem is that the OpenJDK implementation does not properly validate the format of an IP address string...
This vulnerability builds on/is complicated by two past issues.The first being an RCE via caching of remote font files, we discussed this vulnerability on [Episode 129](https://dayzerosec.com/vulns/2022/03/21/from-xss-to-rce-dompdf-0day.html)...
Cool research post introducing a few ModSecurity rule bypasses abusing different parser errors in the ModSecurity Code Rule Set.While those specific to ModSecurity are probably patched by now...