Vulnerabilities tagged "information-disclosure"

• Web Hackers vs. The Auto Industry

  09 January 2023

  A total of either issues impacting various companies in the automotive industry, mix of issues from simple SQL injection to some interesting Single Sign On (SSO) implementation decisions.

• OTP Leaking Through Cookie Leads to Account Takeover

  12 December 2022

  The title is all you really need on this one, the OTP was reflected in the cookies so no need to actually receive it.

• RCE in Tailscale, DNS Rebinding, and You [CVE-2022-41924]

  28 November 2022

  A number of bugs in Tailscale leading to an RCE chain.

• NXP i.MX SDP_READ_DISABLE Fuse Bypass [CVE-2022-45163]

  22 November 2022

  A timing-based side-channel in the `CHECK_DATA` Device Configuration Data could allow the value of memory to be disclosed and read even when reading was disabled.

• Bypassing the Renesas RH850/P1M-E read protection using fault injection

  22 November 2022

  The RH850 is an automotive MCU which features SecureOnboard Communication or SecOC, which includes read protections to prevent the ability to dump the ROM over serial.After reversing the protocol with a logic analyzer, they discovered the authentication was only gated on the sync command (which is required before any other commands are acknowledged)...

• A Confused Deputy Vulnerability in AWS AppSync

  21 November 2022

  Bypassing an authentication check in AWS AppSync by changing the case of a JSON key.

• Multiple Samsung Specific Modifications to Android Leading to Permission Bypasses

  14 November 2022

  Oversecured pointed their code-scanning tool at discovering issues in vendor patches to the Android System APIs and found a number of places where Samsung introduces vulnerabilities.

• Client-Side Path Traversal Chained With Open Redirect to Inject CSS

  14 November 2022

  An interesting look at an overlooked vulnerability, client-side path traversal.A client-side path traversal is when the path traversal attack lands on the client side rather than the more traditional attack against server-side files...

• Blind SSRF to LQL Injection to File Deletion to Authentication Bypass in Checkmk

  14 November 2022

  A long chain of issues going from blind SSRF to new-line injection to a blind Livestatus Query Language (LQL) injection to arbitrary file deletion and finally a race condition leading to authentication bypass.

• A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

  08 November 2022

  An in-the-wild exploit chain was discovered that exploits three vulnerabilities in Samsung exynos devices running kernel 4.14.113. It consisted of one userland exploit in Samsung's custom clipboard provider, a kernel infoleak through their `sec_log` functionality, and finally a UAF in the Display Processing Unit (DPU) driver.

• Weird Caching Issues in Unnamed Application

  07 November 2022

  As the title says, some weird load balancers issues, core problem being that user-specific data would be cached and returned to other users.

• [GitLab] RepositoryPipeline allows importing of local git repos

  07 November 2022

  When performing a BulkImport it is possible to provide a URL to`httpUrlToRepo` that will resolve to a repository on the local filesystem.

• Arbitrary File Read in Tasks.org Android app [CVE-2022-39349]

  07 November 2022

  Funny bug in Task.org, which is an open source reminder and todo list tracking app.The vulnerability is lack of path validation in the ShareLinkActivity's `share` intent...

• Crowbleed (Crow HTTP framework vulnerability)

  27 September 2022

  In responding to a static file request, the Crow HTTP framework would allocate a 16kb buffer and read the target file into it. It would then send the whole buffer to the client regardless of how many bytes were actually read.