Vulnerabilities (Page 31)

Hacking a Bank by Finding a 0day in DotCMS

This starts off in a pretty straight-forward way with an arbitrary file upload vulnerability, but also includes a bit of discussion about exploiting it in a more hardened environment which had some interesting insight.

 

Nimbuspwn - A Linux Elevation of Privilege

Blogpost by Microsoft that details a few vulnerabilities in the networkd-dispatcher component in systemd which can be chained for LPE.When looking at the code flow, they noticed it would register a signal receiver on the system bus, and the handler would receive a state path followed by some data…