Another indexing issue, and entity index is received and used, but only the lower bound (>= 0) is checked, leading to an OOB access and a virtual function call.
Workplace by Facebook would allow workplace administrators to enable a “self-invite” option.Anyone with an email on an approved domain could invite themselves into the workplace...
Interesting post that covers a bit about the meta of bug-hunting in Source Engine games and some how-to information. There are two OOB read vulnerabilities used in the chain.
Cool bug, but hard to actually exploit despite getting PC control.The vuln uses GLSL, a c-like shader language that gets translated into C before being executed...
First goes into some background details on QMI, what kinds of services it provides, and details on how they fuzzed the interface (used QEMU hexagon to emulate the modem in conjunction with AFL).They talk about one of the vulns the fuzzer dug up, which was a heap overflow in the voice service's `call_config_req` handler...
Very long post, covering an old issue (2013) tons of background about Java bytecode, App Engine and ASM (library).Some context for the issue is that App Engine would perform in-process sandboxing...
The device administration web-app fails to properly validate the session cookie allowing for an unauthorized attacker to gain access.The issue depends on the internal ifttt_token not being set (default)...
Two vulnerabilities.Firstly the `SCM_RUN_FROM_PACKAGE` environment var within the Azure Function container contained a “Shared Access Signature” (SAS) that was scoped for r/w...
Composer will query Packagist to obtain metadata about the package to download.This includes where to fetch the code from (both source and pre-build archives)...