Vulnerabilities (Page 20)

A total of either issues impacting various companies in the automotive industry, mix of issues from simple SQL injection to some interesting Single Sign On (SSO) implementation decisions.

A neat vuln with an interesting impact in Mario Kart 8 Deluxe on the Switch.The game has a feature where players can create tournaments with their own ruleset, accessibility, dates it will run, etc…

A JIT optimization based type confusion in jscript9.The root cause of this bug is the fact that the OptArraySrc optimization would call ShouldExpectConventionalArrayIndexValue() to decide if it should keep a type check in place, but that function could sometimes return false and cause the optimization to remove a type check when it shouldn’t…

Excellent post covering three vulnerabilities in Huawei’s Secure Monitor used to proxy/transition requests from the “normal world” usually from the hypervisor or kernel into the secure world.

A post on exploiting a bug that Jann Horn discovered in the linux kernel’s memory management (MM) subsystem.The bug isn’t detailed in this post and is fairly complex (there is a project zero bug report but it’s difficult to understand without deep knowledge of MM internals), though they state it will be written up in a future blogpost…

Great documentation of the process finding a WAF process, building up the final payload bit by bit.

The title is all you really need on this one, the OTP was reflected in the cookies so no need to actually receive it.

A couple command injection bugs on the NetGear RAX30 router, straight forward IoT bugs.

Two vulns in Netgear RAX30 routers that were patched 2 days before the Pwn2Own draw. One was a LAN bug, the other a WAN issue.

Two parts to the post the vulnerability is a simple SQL injection, URL data winds up in the query.Nothing too special there…