Private Blog Content Disclosed in Atom Feed
Even if a Shopify blog was private and required a password the post titles and preview of content would be published in the globally accessible atom feed
Even if a Shopify blog was private and required a password the post titles and preview of content would be published in the globally accessible atom feed
Stark Bank maintains two libraries “starkbank-ecdsa” one for Python and one for Node which insecurely implement the ECDSA signature verification method. The issue stems from two problems:
Great little bug taking advantage of the ability to manage GSuite users directly from within domains.google.com
by trusted the Gsuite organization name and ID from the user request. By changing out the organization’s domain and id (does require knowing the target organization numeric id) in the requests domains.google.com
makes when adding a new user, the user will be added to the new domain rather than to the one you actually own.
A relatively trivial heap overflow in the Transparent Inter-Process Communication (TIPC) module of the kernel.The crypto_key_rcv
function in the driver takes a received packet and parses it for key data…
Multiple vulnerabilities in the Trusted Application, tzdemuxerservice
used by Samsung Smart TVs, five of the six issues have the same root cause.When a “normal world” application is calling into the “trusted execution environment” (TEE) the parameters can be passed as either by value or by reference…
Gerbv uses a fixed size array to store gerbv_aperture_t
structures but is indexed by an unrestricted integer providing an out-of-bounds read and write. This array is indexed through an attacker controlled value tool_num
, while the value is checked against the MIN and MAX values for the array, being out-of-bounds only results in an error message.
Heap overflow in the AMD GPU driver’s debugfs write handler for display port test patterns.The driver allocates a 100 byte write buffer to copy data into, but uses the debugfs handler’s size parameter for the actual copy…
StreamLabs would normally only redirect to a set of whitelisted domains approved to recieve the access_token
.The author here put some effort into discovering what domains were approved, and found http://dragynslair.live
was whitelisted, but no longer registered…
Vulnerability
It is possible to bypass macOS’s System Integrity Protection (SIP) through the system_installd
daemon. This daemon has the com.apple.rootless.install.heritable
entitlement which means that any process started by the daemon will not be protected by SIP.