PHP servers drop any header if the header has "\r" [@OctagonNetworks]

The title gives this one away, the header(...) function in PHP will issue a warning (and keep executing) without adding the header to the response if the header contains a Carriage Return (\r), New-Line (\n) or Null-byte (\x00).That functionality may not be new to you as its purpose is to kill response splitting attacks, but @OctagonNetworks presents a fresh twist on this, probably not the first to have the thought but it was a neat idea to me…


Peanut Butter Jellyfin Time

Two vulnerabilities in Jellyfin, which is a media server fork of Emby. They focused on the REST API in the server, and they noticed that the Authorization header seemed to be implicitly trusted in many endpoints despite the fact it could be attacker-controlled.


The OverlayFS vulnerability [CVE-2023-0386]

A linux kernel bug in the overlayfs filesystem that can lead to root privilege escalation.For a bit of background, overlayfs allows you to have a filesystem that’s comprised of two layers; an upper layer and a lower layer…


Placeholder for Dayzzz: Abusing placeholders to extract customer informations

A post by Ophion Security that looks at customer support portals built off Zendesk that have poor configuration such as GitHub.Zendesk supports “placeholders” for tickets, mainly for support agents and automated responses to use for autofilling information, such as the ticket ID, someone’s name, etc…