Vulnerabilities (Page 8)

An Odd Authentication Bypass

web

I’m not even too sure why this one works, but basically by changing the JSON object sent in results in being able to login in as (presumably) arbitrary accounts.

 

From XSS to RCE (dompdf 0day)

web

A chain of issues going from an XSS to a remote file download in a server-side PDF renderer, leading to remote-code execution.The XSS initally seemed a bit weak as the application had no secrets or even authentication so attacking other users would not provide much gain…

 

cr8escape: New Vulnerability in CRI-O Container Engine [CVE-2022-0811]

Simple container escape compared to several we’ve covered in the past, the sysctls passed into the pinns utility are delimited by a + which can be maliciously included in a value to inject otherwise blocked sysctls. There is some minimal validation on the sysctls being passed in to ensure the keys don’t match any sensitive keys, however an attacker can set a value to +sensitive.key=othervalue to smuggle in a blocked option.

 
6
7
8
9
10
11
12