Posted by Gil Besso on Mar 09
Not exactly what you’re after, but might interest you anyway:
http://scarybeastsecurity.blogspot.co.il/2011/03/multi-browser-heap-address-leak-in-xslt.html
Monthly Archives: March 2015
OpenKM Platform Remote Reflected Cross Site Scripting
Posted by Mohamed A. Baset on Mar 09
# Exploit Title: OpenKM Platform Remote Reflected Cross Site Scripting
# Google Dork: N/A
# Date: 18-11-2014
# Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh)
# Vendor Homepage: http://www.openkm.com/en
<http://s.bl-1.com/h/mPQYWnX?url=http://www.openkm.com/en>/
# Software Link: http://www.openkm.com/en/download-english.html
<http://s.bl-1.com/h/mPQZb9Z?url=http://www.openkm.com/en/download-english.html>
# Version: All…
MikroTik RouterOS Admin Password Change CSRF
Posted by Mohamed A. Baset on Mar 09
# Exploit Title: MikroTik RouterOS Admin Password Change CSRF
# Google Dork: N/A
# Date: 23-2-2015
# Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh)
# Vendor Homepage: http://www.mikrotik.com
<http://s.bl-1.com/h/mPRbq77?url=http://www.mikrotik.com/>/
# Software Link: http://www.mikrotik.com/download
<http://s.bl-1.com/h/mPRbvX9?url=http://www.mikrotik.com/download>
# Version: All versions < 5.0
# Tested on: All OS
# CVE…
Multiple vulnerabilities in Untangle NGFW 9-11
Posted by Hutton on Mar 09
Multiple issues have been discovered in the Untangle NGFW virtual
appliance. The vendor was unresponsive and uncooperative to the researcher.
– Persistent XSS leading to root
Authentication requiredConfirmed in versions 9 and 11 (up to rev r39357)
Throughout
the Untangle user interface there are editable data tables for various
user configuration options. An example of this is in: Configuration >
Networking > Port Forwards. This table…
CVE-2011-5319
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.
CVE-2014-9689
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device’s physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231.
CVE-2015-1213
The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
CVE-2015-1214
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation.
CVE-2015-1215
The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
CVE-2015-1216
Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.