Three Buffer Overflows, an OOB read, and a Type Confusion within Mercedes-Benz Cars
Plenty of background here, both in terms of software, architecture, and testing environment.Probably worth checking out if you want to get into car hacking…
Plenty of background here, both in terms of software, architecture, and testing environment.Probably worth checking out if you want to get into car hacking…
The vulnerability here is in libterm.js as used by AWS CloudShell.When handing the escape to get the Termcap/Terminfo string (+q) it’ll reflect the parameter right back into the respond…
This is another one of those, IDE/tooling doing more than you expect issues.In Rust you have #[proc_macro]s which are functions that are executed at compile time…
The vulnerability itself is in ExifTool, in parsing DjVu archive metadata it will parse the token, do some validation on it to make sure its safe and call eval on it to parse the C-Style string escapes within the string.The problem is the validation trips up on handling an escaped newline, ignoring the newline character and thinking the next character is the escaped one…
This is a surprisingly simple reflected XSS on instagram.com.Just a next= URL parameter that is reflected into an href, you can include a javascript: target for the url…
12 CVEs, a few fundamental design issues, and some implementation issues.The implementation issues generally just removed some restrictions on abusing the design flaws making them more practical…
Crypto-attacks are not my strong point, so I might be missing some nuance to this one.The first important concept is flash loans…
D-Link attempted to provide some protection against brute-force by delaying the response for three seconds on a bad login.The problem was that the delay only happened on a bad login meaning, so there was a clear timing difference between a good and bad login attempt…
Kind of a neat attack to track users across browsers.Potentially fairly loud for most users though…
Another indexing issue, and entity index is received and used, but only the lower bound (>= 0) is checked, leading to an OOB access and a virtual function call.
Good bit of background on this one, does a good job of explaining the root of the issue.There are two parts, first is a 2020 CVE…
Workplace by Facebook would allow workplace administrators to enable a “self-invite” option.Anyone with an email on an approved domain could invite themselves into the workplace…
Interesting post that covers a bit about the meta of bug-hunting in Source Engine games and some how-to information. There are two OOB read vulnerabilities used in the chain.
Cool bug, but hard to actually exploit despite getting PC control.The vuln uses GLSL, a c-like shader language that gets translated into C before being executed…
First goes into some background details on QMI, what kinds of services it provides, and details on how they fuzzed the interface (used QEMU hexagon to emulate the modem in conjunction with AFL).They talk about one of the vulns the fuzzer dug up, which was a heap overflow in the voice service’s call_config_req handler…