A path traversal type issue in Kardex MLOG due to not properly handling windows path separators.The service's `GetFile`handler would check for an `/api` and `/image` slug, and if neither were present it would fall back on trying to construct a filename...
A small bug in processing/validating the entries in the Merkel tree resulting in the theft of 2 million BNB ($586 Million USD at time of the original theft).
Simple enough vulnerable, a POST parameter was directly unserialized, which would often be pretty damning, but vBulletin apparently had put in some effort to make it hard to exploit.
A bit of research on leaking access tokens from OAuth2/OIDC flows, in all cases you already need a cross-site scripting vulnerability to exist on the host recieving the callback, it does present an interesting case of escalating two often unimportant issues, a self-XSS and a Login CSRF, into an account takeover though.
Starts off with an exposed activity in the KAYAK app, ends up with session hijacking.
Fun little CSS injection turned full-read SSRF thanks to an (imo) overly powerful PDF generator.
The last time we covered a "how to exploit a null-deref in the modern era" post we were...disappointed (and potentially attacked by North Korea but that's another story), this one is legit. Rather than focusing on the null-deref as the core memory corruption though, it abuses the handling of the null-dereference with a kernel oops and the side-effects of the oops to overflow a reference count.
A cool bug that can inject a new user with controlled SSH key into a compute instance and the request doing this can be reached via a GET request with no anti-CSRF token.
A trivial out of bounds access in the iPod nano 3rd-5th generation's USB stack in the bootROM.The `USB::HandlePendingSetup()` handler for SETUP packets would accept a request and dispatch it to different sub-handlers based on the `bmRequestType`...
Some funny vulns in an undisclosed forum's "teams" feature where users could create their own teams and request to join others as different roles.Users could request to join a team as any non-admin role, and a team admin could accept the request...