91 - WebSocket Hijacking, GitHub review bypass and SQLi to RCE
Just a handful of traditional vulns this week: IDOR, CSRF, SQLi, a logic vuln and zi's boomer side starts to show.
90 - HyperKit Bugs & an Open5GS Stack Overflow
Uninitialized variables everywhere in Hyperkit, and a Open5GS stack-based buffer overflow.
89 - SharePoint RCE & an Apache Path Traversal
A simple to exploit path traversal in Apache...in 2021, a one-time-password defeat by having it be send to the attacker and victim, and more JWT issues.
88 - Chrome Exploits and a Firefox Update Bug
This week we start off with a nice introduction to signedness issues before diving into a couple Chrome bugs (type confusion and use-after-free)
87 - Gatekeeper Bypass, Opera RCE, and Prototype Pollution
A few interesting issues this week, ranging from a macOS Gatekeeper bypass, some oauth flow issues in Facebook, and even an RCE through the password field.
86 - Kernel UAFs and a Parallels VM Escape
This week we we've got a couple Linux kernel Use-After-Frees and a Parallels guest to host escape.
85 - iOS 0days, Apache Dubbo RCEs, and NPM bugs
Some of Apple's XPC services are leaking information, Finder has an RCE, and some CodeQL use to find many RCEs in Apache Dubbo.
84 - A Curl UAF, iPhone FORCEDENTRY, and a Crazy HP OMEN Driver
We start off the week with a crazy driver that exposes some powerful primitives, a use-after-free in curl, we speculate a bit about exploiting a 2-byte information disclosure, and talk about FORCEDENTRY.
83 - A Flickr CSRF, GitLab, & OMIGOD, Azure again?
Some high impact vulnerabilities this week, CSRF in account deletion, remote code execution as root, and an apache "0day" that discloses PHP source.
82 - NETGEAR smart switches, SpookJS, & Parallels Desktop
This week we've got an awesome chain of attacks in NETGEAR smart switches, a speculative type confusion (Spook.js) and an integer overflow leading to HTTP Request Smuggling