Ignoring plenty of nuance, tiocspgrp
(TTY IOCTL Set Process Group) would grab the wrong lock.Pseudoterminals (pty) have a master and a slave device, both of which are controlled by userland and can have ioctls called on them…
A logic bug in the Chrome garbage collector was discovered which could cause use-after-free. The garbage collector (GC) is a monolithic and complex component of the browser, and some background knowledge is needed to appreciate the issue.
It is possible for a malicious website to associate a visitor with their a known slack account.The attack relies on a difference in behavior when accessing a file with and without permission, and the ability to share a file with specific users…
The gist here is that One-Time-Password brute-force prevention was based on IPs, so using IP rotation could get around that.
Reddit had an issue in associating transactions and order information.If you initiated a coin purchase for say $1.99, the order will be created and the order ID can be obtained…
A simple bug in how MySQL deals with the e
scientific notiation for numbers (1.1e5 for 110000 as an example) could be abused to bypass various Web-Application Firewalls (WAF).The bug being that the lack of any number following the e
would result in the term being stripped from the query and nothing being put in its place…
Amazingly simple issue as far as browser bugs go.The removeFromFacesLookupTable
method in the CSSFontFaceSet
class failed to properly check if they reached the end of the table when looking up a font…
When the DOMWindow::open
method receives a frame name of _top
or _parent
, they’re treated as special cases which get an immediate scheduling for a location change.The scheduleLocationChange
function is usually invoked in a asynchronous manner if the URL is the same as the old one, but if the URL fragments differ, it’ll run synchronously and fire a popstate
event…
Seven vulnerabilities in Windows.Starts off with a lot of background information on Windows kernel I/O, how Time-of-Check Time-of-Use (TOCTOU) works, and an overview of Advanced Local Procedure Calling (ALPC), which is a set of high performance IPC syscalls…
This issue resides in the nt!ObpCreateSymbolicLinkName
syscall for creating symbolic links.One of the first things it does is creates a user handle for the symbolic link object…