Stack Clashing is a bit of an uncommonly seen vulnerability class, but the idea is simple, its a vulnerability resulting in the stack pointer pointing outside of the stack.
The idea here is that by overflowing the value containing the size of a header name you can cause the header to be misinterpreted.
There is an out-of-bounds access
New-line Injection to Uncontrolled File Write and Authentication Bypass in some NETGEAR Smart Switches
What if authentication was optional? That seems to be the case here where the Netgear Switch Discovery Protocol, a UDP based protocol where each datagram is a header following by a Type Length Value (TLV) chain.The expectation is that all of the “get” commands can be used without authentication but that “set” commands should send the password authentication entry (Type 10) as the first part of the TLV chain…
tl;dr A well positioned attacker (needs to be using the same IP as the victim) can hijack a successful authentication flow and take over the session victims session by polling the
get.cgi endpoint after the victim’s login was successful but before the victim has polled the same page (which happens every second)
Authentication bypass by including a magic string in the URL.The string isn’t exactly magic, rather it seems like this page (setcup.cgi) has a single file that needs to be access without authentication…
The vulnerability here is simply that Opera’s Pinboard feature allows pinning URLs starting with
This is a vulnerability within the
check-spelling workflow specifically and not GitHub Actions.This workflow is used to, well, check the spelling on an incoming Pull Request…