05 May 2020 Show Notes 40 - Auth Bypass, XSS, RCE and more 00:09:19 Facebook v. NSO Group 00:18:22 Netsweeper PreAuth RCE 00:25:57 SaltStack authorization bypass Additional Links: https://github.com/saltstack/salt/blob/0b2a5613b345f17339cb90e60b407199b3d26980/salt/master.py#L1139 00:42:10 E-Learning Platforms Getting Schooled Additional Links: https://github.com/LearnPress/learnpress/commit/d6f818b5f65b007acbdf62236d4aa549fb33d24a?diff=split 01:04:02 Roblox - Subdomain Takeover 01:08:17 Fix XSS issue in handling of CDATA in HTML messages · roundcube/roundcubemail@87e4cd0 · GitHub 01:10:21 Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin 01:17:19 Gitlab - Arbitrary file read via the UploadsRewriter when moving and issue 01:20:23 Researching Polymorphic Images for XSS on Google Scholar 01:27:49 TP-LINK Cloud Cameras Multiple Vulnerabilities Additional Links: https://seclists.org/fulldisclosure/2020/May/3 https://seclists.org/fulldisclosure/2020/May/4 01:34:54 Remote Code Execution on Microsoft SharePoint Using TypeConverters [CVE-2020-0932] 01:43:11 Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access 01:52:04 Siguza - iOS <13.5 sandbox escape/entitlement 0day 02:03:24 Honeysploit: Exploiting the Exploiters 02:15:21 Guy's 30 Reverse Engineering Tips & Tricks 02:16:53 Remote Code Execution on Nintendo 64 through Morita Shogi 64