Published Vulnerabilities


Google Android Mobile Browser - Persistent Remote Vulnerability (PoC Video)

Google Android Mobile Browser - Persistent Remote Vulnerability

Today in the morning the well known vulnerability-lab core team researcher ismail kaleem (maledives) has discovered the details of a google android browser vulnerability. The vulnerability is remotly exploitable and the severity of the issue is high.

The bug has been reported to google by the famous maledivian researcher during a pentest session in the official facebook bug bounty program. The issue is located in the google android mobile browser engine and its validation.

Remote attacker are able to inject own persistent script code by base64 encode script code payloads to hijack session information or to compromise user accounts of a service. First the bug has been reported to the facebook security team which later refered the core team to the google security program.


Oracle Corporation fixed Vulnerability in MyOracle Online-Service Application

Persistent Vulnerability discovered in the MyOracle Application

Today the oracle security alert team allowed the vulnerability laboratory to discover an application-side vulnerability in the well known MyOracle web-service. The MyOracle online-service provides an user account profile after registration and is connected to the official Oracle Corporation support website. The MyOracle account can be accessed through several portals of the oracle community. Once registered you can access the connected services to interaction as client or customer of the company. The issue has been reported in april 2014 and has been patched since september 2014. The issue that has been disclosed was reported by the security researcher and company ceo benjamin kunz mejri to the oracle corporation.


Subscribe to RSS - Published Vulnerabilities