Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat
Day[0] - A podcast by dayzerosec
Categorie:
One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features. [00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry [00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts https://labs.f-secure.com/blog/wind-vision-writeup/ [00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/ [00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918] https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ [00:28:38] [HackerOne] Jira integration plugin Leaked JWT https://hackerone.com/reports/1103582 [00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection https://hackerone.com/reports/870615 [00:38:06] [Rocket.Chat] Account takeover via XSS https://hackerone.com/reports/735638 [00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761] https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html [00:52:41] Who Contains the Containers? https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html [01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646] https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid [01:12:59] Security Analysis of AMD Predictive Store Forwarding https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf [01:19:58] Pluralsight free for April https://www.pluralsight.com/ [01:21:54] Pwn2Own 2021 https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)