security

Filter by

Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places
by Vikas Anil Sharma September 4, 2023

VULNERABILITY DESCRIPTION This vulnerability involves a Web Cache Deception attack targeting the https://redacted.com/anynonexisting URL endpoint. ...

Posted in security

Read more

2 comments
CVE-2023-1906 - Heap-based Buffer Overflow in ImageMagick
by Vikas Anil Sharma April 6, 2023

As part of our security research efforts , we recently used AFL++ (American Fuzzy Lop) to fuzz test ImageMagick, an open-source software suite for ...

Read more
Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover
by Vikas Anil Sharma March 10, 2023

Before getting started reported product Clipchamp is not under the scope for MSRC bug bounty rewards so don't waste your precious time on this asse...

Posted in security

Read more
Race Condition vulnerability in Azure Video Indexer allowed trial account users use Advance / Premium feature
by Vikas Anil Sharma December 7, 2022

VULNERABILITY DESCRIPTION The Microsoft Azure's services App Videoindexer.ai ( https://vi.microsoft.com/en-us) has a feature known as "Animated ...

Read more

2 comments
Privilege Escalation in Microsoft Teams
by Vikas Sharma December 7, 2021

Vulnerability Description While researching the Microsoft Teams web application which is part of the Microsoft Bug Bounty program (https://www.mic...

Posted in security

Read more

Uncovering Web Cache Deception: A Missed Vulnerability in the Most Unexpected Places

CVE-2023-1906 - Heap-based Buffer Overflow in ImageMagick

Clipchamp ( Microsoft Office Product) - Google IAP Authorization bypass allowed access to Internal Environment Leading to Zero Interaction Account takeover

Race Condition vulnerability in Azure Video Indexer allowed trial account users use Advance / Premium feature

Privilege Escalation in Microsoft Teams