Vulnerabilities tagged "vuln"

Uninitalized value

An uninitalized "Fast Tracker" in the Window's HTTP Protocol stack as used by IIS. Despite providing a bit of a crash analysis and a POC the post is missing information about the vulnerability as their primary focus was on building out the exploit.
 

Untrusted `.git` folder in Parent Directory Enabled Code Execution [CVE-2022-24765]

This one is a bit of a cross-user attack on the same machine, as `git` when executed in a directory that doesn't have a `.git` folder, will traverse upward looking for the `.git/` of the repo.The problem is if one accidentally invokes `git` while not in a repository it'll look in some potentially untrusted locations as it traverses by defualt all the way to the root of the storage...
 

Copy-paste XSS in vditor text editor [CVE-2021-32855]

Copying and pasting an HTML element with a script within it can result in an XSS in vditor text editor.This does feel like a bit of a stretch for an attack scenario, pasting in malicious content to an editor, but not really a thread situation I've thought much about either...
 
3
4
5
6
7
8
9