Vulnerabilities (Page 4)

Facebook SMS Captcha Was Vulnerable to CSRF Attack

Facebook’s SMS Captcha page would as you might expect, display a captcha, the user fills it out, and then it makes a POST request to the next page including the anti-CSRF token. The problem being that the next location was determined by the next url parameter which was entirely attacker controlled, and could be pointed to sensitive GraphQL endpoints.


Integer Overflow Leading to Buffer Overflow in "Official" SHA-3 Implementation

An integer overflow in the official SHA-3 implementation as used by PHP, Python, Ruby and I’m sure other places.When updating a block that already has some data in it, it will try to calculate if the new partial block bytes will go out of bounds, it makes the classic mistake of adding the current index and the length of new data, then just checking if it is lower than a bounding value…


Windows Kernel integer overflows in registry subkey lists leading to memory corruption

A couple integer overflows in the the Windows Kernel through the registry, the core problem being that a 16bit integer is used for the Count field storing the number of subkeys inside an index.Under normal circumstances, when adding new subkeys the registry will automatically divide itself so you won’t have more than ~1000 subkeys, but you can import arbitrarily formatted indexes, using this you can craft one with 65535 keys…


[Packagist] Arugment Injection in Mecurial Driver leading to RCE

An argument injection leading to remote code execution on Packagist server. The vulnerability comes from how workers will try to update the package’s main documentation page by reading the package’s readme file use hg’s cat command.