Three deserialization related issues, two stemming from core of Lucee, and one in Mura a CMS built on Lucee.Lucee is a ColdFusion Markup Language based scripting language the runs on the JVM (Java Virtual Machine) and is intended for the development of web applications...
Not making encrypted blobs tamper-proof is a pretty classic crypto issue that lead to an arbitrary file-upload and code execution vulnerability in ShareFile. The file upload functionality of ShareFile took a few natural arguments: a `filename`, an `uploadid` and a `parentid`...
A long, fairly beginner friendly post about attacking a Bluetooth lock, there is a lot of process information here as it was an intern's research project. What the vulnerability comes down to though is a lack of any real authoization checking instead only validating the integrity (poorly!) of the request and trusting the app did all the heavy lifting.
World's worst fuzzer, leading to a traditional stack overflow in the kernel.Really not much to say about the vulnerability, `copy_from_user` with no bounds check into a fixed sized buffer on the stack...
Cool, yet simple finding from the DataDog security team where calls to an undocument `iamadmin` service would also not appear in CloudTrail logs but could reproduce the functionality of several standard IAM service methods.
Oversecured pointed their code-scanning tool at discovering issues in vendor patches to the Android System APIs and found a number of places where Samsung introduces vulnerabilities.
Multiple memory corruptions in Microsoft Edge browser, there are several issues here but they all generally can be summed up as "self-corruptions".Its things like a use-after-free by opening a dialog, closing the backing page that spawned the dialog, and then closing the dialog triggering a callback that no longer exists...
Great series of posts covering the authors research progress and eventual owning of a wireless scoreboard system.Unlike a lot of the attacks we cover, this had more of a hardware and even radio signal focus...
Two argument injections that were found in Bitbucket server, though only one of them was exploitable.The first was in the `/rest/api/latest/projects/~USER/repos/repo1/browse` endpoint, where an `at` parameter could be provided...