Podcast Episodes (Page 13)

• 95 - Discourse SNS RCE, a Stored XSS in GitLab, and a Reddit Race Condition

  02 November 2021

  A couple unique vulns this week involving getting extra coins on Reddit, and bypassing certificate checking for a Discourse RCE.

• 94 - A Kernel Race, SuDump, and a Chrome Garbage Collector Bug

  27 October 2021

  We start off this week with a look at in-the-wild 0days from the past seven years, before diving into some pretty awesome bugs this week including a OOB access in Squirrel (programming language), a couple Linux kernel issues and a Chrome garbage collector bug.

• 93 - A Slack Attack and a MySQL Scientific Notation Bug

  26 October 2021

  Just four bugs this week, but that all are somewhat interesting, from an Instagram 2FA removal, deanonymizing Slack users, a MySQL bug, and how to get cheap reddit coins.

• 92 - WebKit Bugs, a Windows Race, and House of IO Improved

  20 October 2021

  Tianfu Cup happened this week, we also got some cool windows and webkit issues, along side an improvment to the House of IO attack

• 91 - WebSocket Hijacking, GitHub review bypass and SQLi to RCE

  19 October 2021

  Just a handful of traditional vulns this week: IDOR, CSRF, SQLi, a logic vuln and zi's boomer side starts to show.

• 90 - HyperKit Bugs & an Open5GS Stack Overflow

  13 October 2021

  Uninitialized variables everywhere in Hyperkit, and a Open5GS stack-based buffer overflow.

• 89 - SharePoint RCE & an Apache Path Traversal

  12 October 2021

  A simple to exploit path traversal in Apache...in 2021, a one-time-password defeat by having it be send to the attacker and victim, and more JWT issues.

• 88 - Chrome Exploits and a Firefox Update Bug

  06 October 2021

  This week we start off with a nice introduction to signedness issues before diving into a couple Chrome bugs (type confusion and use-after-free)

• 87 - Gatekeeper Bypass, Opera RCE, and Prototype Pollution

  05 October 2021

  A few interesting issues this week, ranging from a macOS Gatekeeper bypass, some oauth flow issues in Facebook, and even an RCE through the password field.

• 86 - Kernel UAFs and a Parallels VM Escape

  29 September 2021

  This week we we've got a couple Linux kernel Use-After-Frees and a Parallels guest to host escape.

• 85 - iOS 0days, Apache Dubbo RCEs, and NPM bugs

  28 September 2021

  Some of Apple's XPC services are leaking information, Finder has an RCE, and some CodeQL use to find many RCEs in Apache Dubbo.

• 84 - A Curl UAF, iPhone FORCEDENTRY, and a Crazy HP OMEN Driver

  22 September 2021

  We start off the week with a crazy driver that exposes some powerful primitives, a use-after-free in curl, we speculate a bit about exploiting a 2-byte information disclosure, and talk about FORCEDENTRY.

• 83 - A Flickr CSRF, GitLab, & OMIGOD, Azure again?

  21 September 2021

  Some high impact vulnerabilities this week, CSRF in account deletion, remote code execution as root, and an apache "0day" that discloses PHP source.

• 82 - NETGEAR smart switches, SpookJS, & Parallels Desktop

  15 September 2021

  This week we've got an awesome chain of attacks in NETGEAR smart switches, a speculative type confusion (Spook.js) and an integer overflow leading to HTTP Request Smuggling

• 81 - Reused VMWare exploits & Escaping Azure Container Instances

  14 September 2021

  Some drama with the VMWare bounty program, and then a few straight forward vulnerabilities and a really cool Azure Container Instances escape and takeover.