tl;dr

• Passing corrupted ciphertext to get the symmetric key leak
• Fastbin link corruption
• Exploiting double free and UAF in the heap

tl;dr

• Use format String to get into secret service.
• Get libc leaks by overwriting mapped bit of a free chunk.
• Overwrite the Thread Local Block , thus overwriting canary to get buffer overflow.

tl;dr

• Linux userspace exploitation by parsing ELF for symbol addresses with an arbitrary read

tl;dr

• Linux heap exploitation with arbitary free vulnerability

tl;dr Linux client-server application heap exploitation

tl;dr

• linux heap exploitation challenge with glibc 2.30

Writeup from InCTFi 2019 bartender

tl;dr Windows 32-bit SEH exploitation

tl;dr

• double fput() leading to uaf

tl;dr 2 element overflow in Array when jit compiled

tl;dr

• Exploit code for a vulnerability in Firefox, found by saelo and coinbase security.
• IonMonkey does not check for indexed elements on the current element’s prototypes, and only checks on ArrayPrototype. This leads to type-confusion after inlining Array.pop.
• We confuse a Uint32Array and a Uint8Array to get a overflow in an ArrayBuffer and proceed to convert this to arbitrary read-write and execute shellcode.