Three deserialization related issues, two stemming from core of Lucee, and one in Mura a CMS built on Lucee.Lucee is a ColdFusion Markup Language based scripting language the runs on the JVM (Java Virtual Machine) and is intended for the development of web applications...
A pretty classic command injection vulnerability but in ClamAV.Often seen (in my experience) running on mail-servers to scan incoming email attachments...
A fun but simple buffer overflow in Factorio.When loading save files, the game will load a `PropertyTree` from the file...
A secure boot bypass in Chromecast with the Google TV (CCwGTV)'s 1080p revision. This bypass sort of involves two issues, a hardware fault injection and a software logical bug, and this is due to mitigations and efforts Google has made since the exploit chain that was released against the 4K model previously.
A somewhat odd vulnerability in Adobe Coldfusion, where it would take an attacker controllable `classname` parameter and use it to compile Coldfusion code on the fly to render in the response.If the `classname` didn't match a valid Coldfusion Class, it would treat the it as a path to a Coldfusion template...
This one starts off with a fun mass-assignment issue.Early on in the processing chain of a HTTP request to CrushFTP's web interface it will parse all the HTTP headers into a Java `Properties`object...
This vulnerability impacts kubernetes setups using NGINX as the ingress controller via [ingress-nginx](https://github.com/kubernetes/ingress-nginx). At first I wanted to blame this one on block-listing when they should have used an allow-list, but its not quite that, but it is basically just a missed edge-case that allows for code execution.
There is a lot going on in this post, the novel aspect are a few Mark-of-the-Web (MotW) bypasses, those MotW bypasses were found while exploring an in-the-wild exploit chain which is also covered here.
The authors here focus on crafting the exploit for an already discovered vulnerability in Orthanc's DICOM server. The vulnerability is a natural consequence of two features:
An object type confusion was discovered in the Microsoft Kernel Streaming Server (`mskssrv.sys`), which is used for virtualizing camera devices and allowing multiple applications to access camera streams.The driver uses two main object types for allowing userspace to acquire a context and send/receive data, a `context` and a `stream`...