Vulnerabilities (Page 14)

Hacking a Bank by Finding a 0day in DotCMS

This starts off in a pretty straight-forward way with an arbitrary file upload vulnerability, but also includes a bit of discussion about exploiting it in a more hardened environment which had some interesting insight.

 

Nimbuspwn - A Linux Elevation of Privilege

Blogpost by Microsoft that details a few vulnerabilities in the networkd-dispatcher component in systemd which can be chained for LPE.When looking at the code flow, they noticed it would register a signal receiver on the system bus, and the handler would receive a state path followed by some data…

 

[Nextcloud] Bypass the protection lock in andoid app

Simple bypass of the (optional) password lock screen by force-killing the application a few times.The exact cause of this is unclear, I have seen something previously where it was a “feature” because the developers thought it was crashing on that point so disabled it to let the user continue to use the application…