A fairly classic mobile issue, the McAfee Security: Antivirus VPN is a highly privileged app and it exports a fairly generic MainActivity.The MainActivity is rather dynamic in terms of what type content it’ll load, basically acting as a wrapper to load whatever the real intent was…
A high performance, but apparently low security library for some industrial software, root cause is the use of a signed comparison of a value that is then used as an unsigned size value in a memcpy. End result being a much too large copy, overflowing the destination buffer.
An exploit chain that targets Samsung’s TEEgris OS running in the ARM TrustZone secure world.TEEgris consists of a secure kernel and trustlets that run on the userspace side, which Android in the non-secure world can communicate with via Secure Monitor Calls (SMCs)…
A directory traversal vulnerability in Parallels Desktop for MacOS has been identified, leading to a guest-to-host VM escape.Parallels ToolGate, a virtual PCI device, facilitates communication between the guest and host operating systems…
Abuse ChatGPT and other language models for remote code execution, sounds great! This is quite literally just a case of determining how the AI is being leveraged in the backend and then engineering a prompt to ask the language model to respond with something malicious. The author has two examples on BoxCars:
The vulnerability is a Server-Side MIME Sniff issue in the answerdev/answer project (a Q&A platform) that leads to a stored XSS vulnerability. What is really interesting is that the bug primarily only appears when running the application under Docker.
Two CloudTrail logging vulnerabilities have been identified, involving endpoints/services that fail to log properly.
A curious account takeover and one-time-password (OTP) bypass vulnerability has been identified.During the signup process, users receive an OTP sent to their email address…
This was a fun authorization check bypass because when checking if higher privileges were needed the flag value was checked for equality with the two privileged actions.Later on however, when deciding what handler to use to handle to request, it used a bitwise operation to check if the specific bit is set…
Three hard to exploit (beyond denial of service) out-of-bounds read vulnerabilities in MIT Kerberos V5 but each with a bit of an interest cause.