Quick bounty episode this week with some request smuggling, abusing a SSRF for client-sided impact, a weird oauth flow, and a desktop VPN client LPE.
More information about the FORCEDENTRY exploit chain, and some Linux exploitation with a couple netfilter bugs. Ending the episode with some discussion about exploiting blind kernel read primitives from Microsoft.
This week we have some fun with some bugs that really shouldn't have passed code-review, we of course talk about Spring4Shell/SpringShell and dive into the decade long history of that bug, and a bit of discussion about triaging more subtle bugs.
Plenty of exploit strategy talk this week with vulnerabilities and complete exploits targeting a NAS, a router, and a Linux Kernel module with a page-level overflow.
Some easy vulnerabilities this week, a directory traversal due to a bad regex, a simply yet somewhat mysterious authentication bypass, arbitrary file read in GitLab thanks to archives with symlinks, and a PHP filter_var bypass.
A few issues this week, a OOB access in chrome and in the Linux Kernel's Netfilter, and a few issues in Smart UPS devices.
Several easy issues this week from leaking envrionment variables, to gaining host code execution and an XSS to RCE.
Some unusual issues this week as we get into some speculative executive issues, and some more usual Linux and Window's kernel vulnerabilities. Also some discussion about security through obscurity and the nvidia leaks.
We've got some cloud issues this week, in Azure Automation and GKE Autopilot along with a couple other interesting chains.
No spot the vuln this week, but we do have a cool kernel bug, "Dirty Pipe", a look at a stack based overflow: BrokenPrint, and finally some discussion about memory tagging.