Vulnerabilities tagged 'interesting exploit'
The idea here is that by overflowing the value containing the size of a header name you can cause the header to be misinterpreted.
New-line Injection to Uncontrolled File Write and Authentication Bypass in some NETGEAR Smart Switches
Kind of a neat attack to track users across browsers.Potentially fairly loud for most users though…
12 CVEs, a few fundamental design issues, and some implementation issues.The implementation issues generally just removed some restrictions on abusing the design flaws making them more practical…
Two vulnerabilities.Firstly the
SCM_RUN_FROM_PACKAGE environment var within the Azure Function container contained a “Shared Access Signature” (SAS) that was scoped for r/w…
Interesting post that covers a bit about the meta of bug-hunting in Source Engine games and some how-to information. There are two OOB read vulnerabilities used in the chain.
Two stage attack to fully takeover a facebook account.
tl;dr Cleverly crafting a packet with a large header+options length could cause a null dereference. The net buffer would be created with DataSize=uint16_t(length), but it would attempt to read with size=length (no truncation), which would result in an error case and a null return.