We start off the week with a crazy driver that exposes some powerful primitives, a use-after-free in curl, we speculate a bit about exploiting a 2-byte information disclosure, and talk about FORCEDENTRY.
This week we've got an awesome chain of attacks in NETGEAR smart switches, a speculative type confusion (Spook.js) and an integer overflow leading to HTTP Request Smuggling
Some drama with the VMWare bounty program, and then a few straight forward vulnerabilities and a really cool Azure Container Instances escape and takeover.
Multiple account takeover vulnerabilities in this episode with three cross-origin communication vulnerabilities in Facebook, an odd OTP endpoint in SnapChat and an open redirect in JetBrains leaking your JWT.
Another short episode this week covering graphql attacks, a couple NoSQL injections, a few misconfigurations and a cool attack to reset monotonic counters on a Mifare card.
Kicking off the week with some awesome vulns, an "almost" padding oracle in Azure Functions, a race-condition in AWS Cognito, some sound engine bugs, and a Foxit Reader Use-after-free.
Big episode this week, with a lot of discussion about CTFs, kernel drama, and Github's exploit policy. Then some really interesting exploit strategies on Tesla and Netgear, along with some simple, yet deadly issues in Wordpress and Composer.
Some drama in the Linux Kernel and so many vulns resulting in code execution in Homebrew, GitLab, an air fryer, Source engine, Super Mario Maker, Adobe Reader and the Linux Kernel.
One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.
Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption.