Vulnerabilities (Page 56)

Good bit of background on this one, does a good job of explaining the root of the issue.There are two parts, first is a 2020 CVE…

Workplace by Facebook would allow workplace administrators to enable a “self-invite” option.Anyone with an email on an approved domain could invite themselves into the workplace…

Interesting post that covers a bit about the meta of bug-hunting in Source Engine games and some how-to information. There are two OOB read vulnerabilities used in the chain.

Cool bug, but hard to actually exploit despite getting PC control.The vuln uses GLSL, a c-like shader language that gets translated into C before being executed…

First goes into some background details on QMI, what kinds of services it provides, and details on how they fuzzed the interface (used QEMU hexagon to emulate the modem in conjunction with AFL).They talk about one of the vulns the fuzzer dug up, which was a heap overflow in the voice service’s call_config_req handler…

Very long post, covering an old issue (2013) tons of background about Java bytecode, App Engine and ASM (library).Some context for the issue is that App Engine would perform in-process sandboxing…

Race conditions on the web are one of my favorite vulnerability classes.Easy and often fairly impactful…

Fairly simple to understand bug in the JS Engine (v8) used by Foxit Reader. The crash is just two lines of code.

The device administration web-app fails to properly validate the session cookie allowing for an unauthorized attacker to gain access.The issue depends on the internal ifttt_token not being set (default)…

Two vulnerabilities.Firstly the SCM_RUN_FROM_PACKAGE environment var within the Azure Function container contained a “Shared Access Signature” (SAS) that was scoped for r/w…