Vulnerabilities (Page 55)

RCE in GitLab when removing metadata using ExifTool

The vulnerability itself is in ExifTool, in parsing DjVu archive metadata it will parse the token, do some validation on it to make sure its safe and call eval on it to parse the C-Style string escapes within the string.The problem is the validation trips up on handling an escaped newline, ignoring the newline character and thinking the next character is the escaped one…

 

One-click reflected XSS on Instagram

This is a surprisingly simple reflected XSS on instagram.com.Just a next= URL parameter that is reflected into an href, you can include a javascript: target for the url…

 

D-Link Rate-Liminting Bypass

D-Link attempted to provide some protection against brute-force by delaying the response for three seconds on a bad login.The problem was that the delay only happened on a bad login meaning, so there was a clear timing difference between a good and bad login attempt…