Vulnerabilities (Page 7)

Uninitalized value

An uninitalized “Fast Tracker” in the Window’s HTTP Protocol stack as used by IIS. Despite providing a bit of a crash analysis and a POC the post is missing information about the vulnerability as their primary focus was on building out the exploit.


Untrusted `.git` folder in Parent Directory Enabled Code Execution [CVE-2022-24765]

This one is a bit of a cross-user attack on the same machine, as git when executed in a directory that doesn’t have a .git folder, will traverse upward looking for the .git/ of the repo.The problem is if one accidentally invokes git while not in a repository it’ll look in some potentially untrusted locations as it traverses by defualt all the way to the root of the storage…


Copy-paste XSS in vditor text editor [CVE-2021-32855]


Copying and pasting an HTML element with a script within it can result in an XSS in vditor text editor.This does feel like a bit of a stretch for an attack scenario, pasting in malicious content to an editor, but not really a thread situation I’ve thought much about either…


In the land of PHP you will always be (use-after-)free

A bug and exploit that hearkens back to old-school browser exploitation. The bug is a use-after-free in concat_function() for variable concatenation, which is abused in the PHP engine to escape disable_functions and open_basedir sandboxing.