Authentication bypasses, SQL injection, command injection, and more in this web-exploit heavy episode.

[00:09:11] Facebook v. NSO Group

[00:18:14] Netsweeper PreAuth RCE

[00:25:49] SaltStack authorization bypass

[00:42:02] E-Learning Platforms Getting Schooled

[01:03:54] Roblox - Subdomain Takeover

[01:08:09] Fix XSS issue in handling of CDATA in HTML messages · roundcube/roundcubemail@87e4cd0 · GitHub

[01:10:13] Stealing the Trello token by abusing a cross-iframe XSS on the Butler Plugin

[01:17:11] Gitlab - Arbitrary file read via the UploadsRewriter when moving and issue

[01:20:15] Researching Polymorphic Images for XSS on Google Scholar

[01:27:41] TP-LINK Cloud Cameras Multiple Vulnerabilities

[01:34:46] Remote Code Execution on Microsoft SharePoint Using TypeConverters [CVE-2020-0932]

[01:43:03] Firefox js::ReadableStreamCloseInternal Out-Of-Bounds Access

[01:51:56] Siguza - iOS <13.5 sandbox escape/entitlement 0day

[02:03:16] Honeysploit: Exploiting the Exploiters

[02:15:13] Guy's 30 Reverse Engineering Tips & Tricks

[02:16:45] Remote Code Execution on Nintendo 64 through Morita Shogi 64

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

Podden och tillhörande omslagsbild på den här sidan tillhör dayzerosec. Innehållet i podden är skapat av dayzerosec och inte av, eller tillsammans med, Poddtoppen.