Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat episode artwork

EPISODE · Apr 6, 2021 · 1H 25M

Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat

from Day[0] · host dayzerosec

One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features. [00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry [00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts https://labs.f-secure.com/blog/wind-vision-writeup/ [00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/ [00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918] https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ [00:28:38] [HackerOne] Jira integration plugin Leaked JWT https://hackerone.com/reports/1103582 [00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection https://hackerone.com/reports/870615 [00:38:06] [Rocket.Chat] Account takeover via XSS https://hackerone.com/reports/735638 [00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761] https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html [00:52:41] Who Contains the Containers? https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html [01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646] https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid [01:12:59] Security Analysis of AMD Predictive Store Forwarding https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf [01:19:58] Pluralsight free for April https://www.pluralsight.com/ [01:21:54] Pwn2Own 2021 https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Episode metadata supplied by the publisher feed · Published Apr 6, 2021

One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features. [00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry [00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts https://labs.f-secure.com/blog/wind-vision-writeup/ [00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/ [00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918] https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ [00:28:38] [HackerOne] Jira integration plugin Leaked JWT https://hackerone.com/reports/1103582 [00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection https://hackerone.com/reports/870615 [00:38:06] [Rocket.Chat] Account takeover via XSS https://hackerone.com/reports/735638 [00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761] https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html [00:52:41] Who Contains the Containers? https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html [01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646] https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid [01:12:59] Security Analysis of AMD Predictive Store Forwarding https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf [01:19:58] Pluralsight free for April https://www.pluralsight.com/ [01:21:54] Pwn2Own 2021 https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat

0:00 1:25:03

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 1 hour and 25 minutes long.

When was this Day[0] episode published?

This episode was published on April 6, 2021.

What is this episode about?

One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features. [00:00:46] nOtWASP bottom 10: vulnerabilities that make you...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!