Vulnerabilities (Page 6)

Iconics Support for `gdfx` Files Results in Command Injection

This seemed to mostly be an exercise in attack surface discovery, scanning the files used by Iconics they found support for gdfx files with support for embeded JavaScript, including the ability to load an ActiveX object and execute shell commands on the local machine. Despite this being an apparently surface level issue, it survived until Pwn2Own and through multiple other contestants (the author was 5th of 7 against the application) to net them a $20,000 bounty.


exploit for CVE-2022-2588

A logic bug in the Linux kernel’s route4_change() function for route filters that lead to use-after-free (UAF).The problem has to do with how filters are added, particularly when a filter already existed on a handle and needs to be copied over to a new filter…


Crow HTTP framework use-after-free

A use-after-free vulnerability in the Crow HTTP Framework owing to the input reader being agnostic to HTTP Pipelining (sending more than one HTTP request without waiting for a response on the same connection) and asynchronous workers tracking state expecting one request per connection.


Exploiting Web3’s Hidden Attack Surface: Universal XSS on Netlify’s Next.js Library

Three vulns that were discovered in Netlify’s Next.js lib, which is heavily used across many cryptocurrency sites due to it’s web3 support. With that context in mind, CIA (confidentiality, integrity, availability) is interesting with web3, as integrity is critical; the data coming from a trusted site needs to be trustworthy, as most users won’t go digging through the blockchain to verify a particular address or transaction matches.