Uninitialized variables everywhere in Hyperkit, and a Open5GS stack-based buffer overflow.
Podcast Episodes (Page 7)
A simple to exploit path traversal in Apache...in 2021, a one-time-password defeat by having it be send to the attacker and victim, and more JWT issues.
This week we start off with a nice introduction to signedness issues before diving into a couple Chrome bugs (type confusion and use-after-free)
A few interesting issues this week, ranging from a macOS Gatekeeper bypass, some oauth flow issues in Facebook, and even an RCE through the password field.
This week we we've got a couple Linux kernel Use-After-Frees and a Parallels guest to host escape.
Some of Apple's XPC services are leaking information, Finder has an RCE, and some CodeQL use to find many RCEs in Apache Dubbo.
We start off the week with a crazy driver that exposes some powerful primitives, a use-after-free in curl, we speculate a bit about exploiting a 2-byte information disclosure, and talk about FORCEDENTRY.
Some high impact vulnerabilities this week, CSRF in account deletion, remote code execution as root, and an apache "0day" that discloses PHP source.
This week we've got an awesome chain of attacks in NETGEAR smart switches, a speculative type confusion (Spook.js) and an integer overflow leading to HTTP Request Smuggling
Some drama with the VMWare bounty program, and then a few straight forward vulnerabilities and a really cool Azure Container Instances escape and takeover.