This one is complicated, but allows an attacker to read any file on the filesystem by clicking a link. You don’t even have to know the name or path of the file, because you can also retrieve directory listings using this attack. Additionally, you can send arbitrary authenticated HTTP requests, and read the responses. This […]
Netgear Pro NMS 300 suffers from code execution and arbitrary file download vulnerabilities.
ThumbDrive version 1.1 suffers from local file inclusion and remote file upload vulnerabilities.
Mobile Drive Free 1.8 suffers from local file inclusion and remote file upload vulnerabilities.
The default Samsung email client’s email viewer and composer (implemented in SecEmailUI.apk) doesn’t sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to execute arbitrary JavaScript when a user views a HTML email which contains HTML script tags or other events.
This proof of concept file causes memory corruption when it is scanned by the face recognition library in android.media.process.
This jpg file causes an invalid pointer to be freed when media scanning occurs on Samsung Galaxy S6.
This mp4 file causes stack corruption in Flash. To run the test, load LoadMP42.swf?file=null.mp4 from a remote server.
There is an overflow in the ui::PlatformCursor WebCursor::GetPlatformCursor method in Google Chrome.
When you install Comodo Internet Security, by default a new browser called Chromodo is installed and set as the default browser. Additionally, all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.