In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation
We really think research is what moves the information security community on and we invest countless hours in finding new vulnerabilities and exploiting brand new and really known technologies.
Most of our public research are described in this page.
Some of the major vulnerabilities and 0-day we have discovered have a related blog post providing further information on the methodology and techniques used during the exploitation.
Froxlor instances <= 0.10.22 do not perform validation on user-input passed in the customermail GET parameter. More specifically, the value of this parameter is reflected unsanitized in the response webpage.
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure