Vulnerabilities tagged "vuln"

In the land of PHP you will always be (use-after-)free

A bug and exploit that hearkens back to old-school browser exploitation. The bug is a use-after-free in `concat_function()` for variable concatenation, which is abused in the PHP engine to escape `disable_functions` and `open_basedir` sandboxing.
 

FORCEDENTRY: Sandbox Escape

Follow-up to the December post which covered an int overflow in the CoreGraphics PDF parser for the JBIG2 image format, which implemented a weird machine / mini architecture to execute code. This post covers the sandbox escape that was chained with it, which unlike the first bug, is a logic issue rather than a memory corruption.
 

[Stripe] CSRF token validation system is disabled

The title says it all, CSRF protection was disabled for a period of time on Stripe's Dashboard.As the most sensitive actions required reentering the user's password or solving a captcha the damage was limited but you could still change various account settings...
 
4
5
6
7
8
9
10