Kudos to the person who registered exmaple.com.

here at macrosoft we offer only the most bloated software for your SSD to fight for its life over. Because it’s not as funny when your PC isn’t on the verge of bursting into flames when it boots

OZZ: Identifying Kernel Out-of-Order Concurrency Bugs
with In-Vivo Memory Access Reordering

https://dl.acm.org/doi/pdf/10.1145/3694715.3695944

/via exploits.club

[RSS] Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x

https://www.assetnote.io/resources/research/leveraging-an-order-of-operations-bug-to-achieve-rce-in-sitecore-8-x---10-x

the c2.com wiki (the very first wiki) now requires javascript to render. the web i knew is dead

What's your favorite file format challenge / trick / bug / surprise / work / art ?
Bonus point if it's underrated or obscure!

Extremely vulnerable blinky boxes are viable business because shit like this:

If you want debug logs from Squid you are expected to supply *pairs of numbers* in the config for debug section and level. The manual says:

"We take great pains to keep debug sections consistent across releases." -> meaning they aren't...

https://wiki.squid-cache.org/KnowledgeBase/DebugSections

#FOSS

Happy 37th anniversary of the Max Headroom Incident, to those who celebrate.

#Adobe released a surprise update for InDesign that addresses a single OOB Read reported by ZDI security researcher Mat Powell. It's not under active attack, so it's odd to see it released outside of Patch Tuesday. https://helpx.adobe.com/security/products/indesign/apsb24-91.html

  

New Project Zero issue:

Linux >=6.6: race between mremap (move_normal_pmd) and MADVISE_COLLAPSE (retract_page_tables)

https://project-zero.issues.chromium.org/issues/371047675

CVE-2024-50066

Yeah this should be totally obvious... /s

https://discuss.kotlinlang.org/t/kotlin-sublass-constructors-do-not-inherit-default-parameter-values/27936

#kotlin

A lovely review and takedown of Microsoft's lackadaisical approach to NTLM issues.

At the very least, please disable outbound SMB from your environment, and get signing/encryption (v2/3) going wherever possible.

https://blog.morphisec.com/5-ntlm-vulnerabilities-unpatched-privilege-escalation-threats-in-microsoft

Got nerd sniped today by Qualys's 5 Linux LPE 0days

https://www.qualys.com/2024/11/19/needrestart/needrestart.txt

Did a PoC for CVE-2024-10224

The blog post (and tooling) on my Apple kernel extension fuzzing technique that I used to find several AppleAVD AV1 decoder bugs is now public at https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html

New vulnerability report from Talos:

GoCast name parameter OS command injection vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960

CVE-2024-28892

New vulnerability report from Talos:

GoCast NAT parameter OS command injection vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1961

CVE-2024-29224

New vulnerability report from Talos:

GoCast HTTP API lack of authentication vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1962

CVE-2024-21855

New vulnerability report from Talos:

MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953

CVE-2024-28025,CVE-2024-28026,CVE-2024-28027,CVE-2024-28025,CVE-2024-28026,CVE-2024-28027

Aaaand our QEMU patchset to automatically promote helpers to TCG (using LLVM) is out! 😱😱😱

It has been in the making for quite some time, we’re very proud of it. 💪

Presentation: https://www.youtube.com/watch?v=Gwz0kp7IZPE

Patchset: https://lists.gnu.org/archive/html/qemu-devel/2024-11/msg04035.html