Vulnerabilities (Page 12)

Cross-origin request forgery against Grafana [CVE-2022-21703]

web

Fundamentally, this is a cross-site request forgery (CSRF) issue, Grafana relies on two incomplete mitigations to defend against such attacks. First is the use of the SameSite attribute by default, second is the validation of the Content-Type header.

 

Details on a Samba Code Execution Bug [CVE-2021-44142]

Mistrusting some extended attributes, using them to calculate an offset leading to out-of-bound read/write primitives; presumably exploitable since these were used at Pwn2Own.In the fruit_pread function will read the org.netatalk.Metadata extended attribute which can unauthenticated user can set…

 

Solving DOM XSS Puzzles

We’ve got two XSS “puzzles” in unnamed bounty programs, each with somewhat interesting exploit strategies. The original post is worth a read for more insight into the thought process leading to the discovery of each step.

 

HigherLogic Community RCE Vulnerability

Once again deserialization and RCE through an unprotected viewstate, its kinda silly that this sort of issue continues to persist.The normal _VIEWSTATE field is used by some .NET applications to contain a ton of information about the current view state…

 

Don't trust comments

web

Really straight forward bug, NimForums uses the rather feature-full Restructured Text (RST) format for its user-generated content, which has an include directive that can be used to include local files. What is atleast slightly interesting here is that the code authors seemed aware of the potential vulnerabilities and included a couple comments in relevant code: