cover of episode Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat

Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat

2021/4/6
logo of podcast Day[0]

Day[0]

Shownotes Transcript

One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.

[00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry

- https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry

[00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts

- https://labs.f-secure.com/blog/wind-vision-writeup/

[00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454)

- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/

[00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918]

- https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

[00:28:38] [HackerOne] Jira integration plugin Leaked JWT

- https://hackerone.com/reports/1103582

[00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection

- https://hackerone.com/reports/870615

[00:38:06] [Rocket.Chat] Account takeover via XSS

- https://hackerone.com/reports/735638

[00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761]

- https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html

[00:52:41] Who Contains the Containers?

- https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html

[01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646]

- https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid

[01:12:59] Security Analysis of AMD Predictive Store Forwarding

- https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf

[01:19:58] Pluralsight free for April

- https://www.pluralsight.com/

[01:21:54] Pwn2Own 2021

- https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec))