ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Speculation in Predictive Store Forwarding, Broken Fixes, and Owning Rocket.Chat"
Episode Synopsis
One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features.
[00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry
https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry
[00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts
https://labs.f-secure.com/blog/wind-vision-writeup/
[00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/
[00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918]
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
[00:28:38] [HackerOne] Jira integration plugin Leaked JWT
https://hackerone.com/reports/1103582
[00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection
https://hackerone.com/reports/870615
[00:38:06] [Rocket.Chat] Account takeover via XSS
https://hackerone.com/reports/735638
[00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761]
https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html
[00:52:41] Who Contains the Containers?
https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html
[01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646]
https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid
[01:12:59] Security Analysis of AMD Predictive Store Forwarding
https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf
[01:19:58] Pluralsight free for April
https://www.pluralsight.com/
[01:21:54] Pwn2Own 2021
https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
[00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry
https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry
[00:07:28] Click here for free TV! - Chaining bugs to takeover Wind Vision accounts
https://labs.f-secure.com/blog/wind-vision-writeup/
[00:15:28] Elevate Yourself to Admin in Umbraco CMS 8.9.0 (CVE-2020-29454)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/elevate-yourself-to-admin-in-umb-cms-890-cve-2020-29454/
[00:23:19] "netmask" npm package vulnerable to octal input data [CVE-2021-28918]
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
[00:28:38] [HackerOne] Jira integration plugin Leaked JWT
https://hackerone.com/reports/1103582
[00:33:20] [Kaspersky] A vulnerability in KAVKIS 2020 products family allows full disabling of protection
https://hackerone.com/reports/870615
[00:38:06] [Rocket.Chat] Account takeover via XSS
https://hackerone.com/reports/735638
[00:43:18] This man thought opening a TXT file is fine, he thought wrong. macOS [CVE-2019-8761]
https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html
[00:52:41] Who Contains the Containers?
https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html
[01:06:11] Getting Code Execution on Apache Druid [CVE-2021-25646]
https://www.thezdi.com/blog/2021/3/25/cve-2021-25646-getting-code-execution-on-apache-druid
[01:12:59] Security Analysis of AMD Predictive Store Forwarding
https://www.amd.com/system/files/documents/security-analysis-predictive-store-forwarding.pdf
[01:19:58] Pluralsight free for April
https://www.pluralsight.com/
[01:21:54] Pwn2Own 2021
https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
More episodes of the podcast Day[0]
Exploiting VS Code with Control Characters
12/05/2025
Pulling Gemini Secrets and Windows HVPT
16/04/2025
ESP32 Backdoor Drama and SAML Auth Bypasses
17/03/2025
In God we trust