Three Buffer Overflows, an OOB read, and a Type Confusion within Mercedes-Benz Cars
Plenty of background here, both in terms of software, architecture, and testing environment.Probably worth checking out if you want to get into car hacking…
Plenty of background here, both in terms of software, architecture, and testing environment.Probably worth checking out if you want to get into car hacking…
The vulnerability here is in libterm.js as used by AWS CloudShell.When handing the escape to get the Termcap/Terminfo string (+q) it’ll reflect the parameter right back into the respond…
This is another one of those, IDE/tooling doing more than you expect issues.In Rust you have #[proc_macro]
s which are functions that are executed at compile time…
The vulnerability itself is in ExifTool, in parsing DjVu archive metadata it will parse the token, do some validation on it to make sure its safe and call eval
on it to parse the C-Style string escapes within the string.The problem is the validation trips up on handling an escaped newline, ignoring the newline character and thinking the next character is the escaped one…
This is a surprisingly simple reflected XSS on instagram.com.Just a next= URL parameter that is reflected into an href, you can include a javascript: target for the url…
12 CVEs, a few fundamental design issues, and some implementation issues.The implementation issues generally just removed some restrictions on abusing the design flaws making them more practical…
Crypto-attacks are not my strong point, so I might be missing some nuance to this one.The first important concept is flash loans…
D-Link attempted to provide some protection against brute-force by delaying the response for three seconds on a bad login.The problem was that the delay only happened on a bad login meaning, so there was a clear timing difference between a good and bad login attempt…
Kind of a neat attack to track users across browsers.Potentially fairly loud for most users though…
Another indexing issue, and entity index is received and used, but only the lower bound (>= 0) is checked, leading to an OOB access and a virtual function call.