The application interface MOBOTIX VMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain…
>> ARCHIVE: 2016-03
Apple Quicktime versions prior to 7.7.79.80.95 suffer from .fpx and .psd file parsing memory corruption vulnerabilities. Multiple proof of concepts included.
Included in this archive is a whitepaper called Metaphor – A (real) real-life Stagefright exploit. It presents a thorough research on libstagefright and new techniques used to bypass ASLR. This…
This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a…
Wireshark – dissect_pktc_rekey Heap-based Out-of-Bounds Read
MOBOTIX Video Security Cameras – CSRF Add Admin Exploit
Apache Jetspeed Arbitrary File Upload
Apache OpenMeetings 1.9.x – 3.1.0 – ZIP File path Traversal
The Vulnerability Laboratory Core Research Team discovered an application-side mail encoding web vulnerability and filter bypass issue in the official PayPal Inc online-service web-application.
An independent vulnerability laboratory researcher discovered multiple sql injection vulnerabilities in the Cades online service web-application (2016-Q1).