0x02a: CVE-2020-16040 ANALYSIS & EXPLOITATION https://homecrew.dev/posts/cve-2020-16040.html
homecrew.dev
CVE-2020-16040 Analysis and Exploitation
CVE-2020-16040 Analysis and Exploitation: Chrome's V8 JIT compiler's Simplified Lowering VisitSpeculativeIntegerAdditiveOp was setting Signed32 as restriction type, even when relying on a Word32 truncation, skipping an overflow check. To summarise, the problem…
Exploiting the xmlrpc.php on all WordPress versions https://nitesculucian.github.io/2019/07/01/exploiting-the-xmlrpc-php-on-all-wordpress-versions/
faxhell: A Bind Shell Using the Fax Service and a DLL Hijack https://github.com/ionescu007/faxhell
GitHub
GitHub - ionescu007/faxhell: A Bind Shell Using the Fax Service and a DLL Hijack
A Bind Shell Using the Fax Service and a DLL Hijack - ionescu007/faxhell
👍1
Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609) https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
Securitum
Securitum - Security penetration testing.
Securitum is a pure pentesting company specialising in the security of IT systems. We have experience in performing security audits (including penetration tests) - mainly for
financial/e-commerce/industrial sectors. We have performed penetration tests and…
financial/e-commerce/industrial sectors. We have performed penetration tests and…
To Schnorr and beyond (part 2) https://blog.cryptographyengineering.com/2023/11/30/to-schnorr-and-beyond-part-2/
A Few Thoughts on Cryptographic Engineering
To Schnorr and beyond (part 2)
This post continues a long, wonky discussion of Schnorr signature schemes and the Dilithium post-quantum signature. You may want to start with Part 1. In the previous post I discussed the intuition…
Competing in Pwn2Own ICS 2022 Miami: Exploiting a zero click remote memory corruption in ICONICS Genesis64 https://doar-e.github.io/blog/2023/05/05/competing-in-pwn2own-ics-2022-miami-exploiting-a-zero-click-remote-memory-corruption-in-iconics-genesis64/
doar-e.github.io
Competing in Pwn2Own ICS 2022 Miami: Exploiting a zero click remote memory corruption in ICONICS Genesis64
Real-life OIDC Security (IV): Server-Side-Request-Forgery https://security.lauritz-holtmann.de/post/sso-security-ssrf/
(Web-)Insecurity Blog
Real-life OIDC Security (IV): Server-Side-Request-Forgery
This is the fourth post of a series on Single Sign-On and OpenID Connect 1.0 security. In this post, SSRF vulnerabilities that were discovered in popular OIDC implementations (Keycloak (CVE-2020-10770) and Amazon Cognito) are explained in detail.
Tricard - Malware sandboxes fingerprinting https://therealunicornsecurity.github.io/Tricard/
therealunicornsecurity.github.io
Tricard - Malware sandboxes fingerprinting
Introduction to malware sandboxes fingerprinting
AeroBlade on the Hunt Targeting the U.S. Aerospace Industry https://blogs.blackberry.com/en/2023/11/aeroblade-on-the-hunt-targeting-us-aerospace-industry
BlackBerry
AeroBlade on the Hunt Targeting the U.S. Aerospace Industry
A new threat actor BlackBerry is tracking as AeroBlade has been targeting an aerospace organization in the United States, with the goal of conducting commercial cyber espionage.
LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks https://thehackernews.com/2023/12/logofail-uefi-vulnerabilities-expose.html
CVE-2021-4102: Chrome incorrect node elision in Turbofan leads to unexpected WriteBarrier elision https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-4102.html
Argument injection vulnerability in multiple Atos Unify OpenScape products https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/
SEC Consult
Argument injection vulnerability in multiple Atos Unify OpenScape products
A critical argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products Session Border Controller, Branch, and BCF. This allows an unauthenticated attacker to gain root access to the appliance…
It's not a Feature, It's a Vulnerability https://blog.solidsnail.com/posts/vscode-shell-integ-rce
solid-snail blog
It’s not a Feature, It’s a Vulnerability
It takes a special kind of person to name a company after their own body part. Fortunately the Microsoft Security Response Center doesn’t seem to have inherited that kind of mentality, because when I have reported not a bug but a feature as a vulnerability…
Multiple Vulnerabilities In Extreme Networks ExtremeXOS https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
Rhino Security Labs
Multiple Vulnerabilities In Extreme Networks ExtremeXOS
Multiple vulnerabilities found in ExtremeNetworks ExtremeXOS by Rhino Security Labs.
Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall https://labs.watchtowr.com/ghost-in-the-wire-sonic-in-the-wall/
watchTowr Labs
Ghost In The Wire, Sonic In The Wall - Adventures With SonicWall
Here at watchTowr, we just love attacking high-privilege devices (and spending hours thinking of awful titles [see above]).
A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning…
A good example of these is the device class of ‘next generation’ firewalls, which usually include VPN termination functionality (meaning…
CVE-2023-4473 & CVE-2023-4474 - Authentication bypass and multiple blind OS command injection vulnerabilities in Zyxel’s NAS326 devices https://bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler/?ref=0xor0ne.xyz
The GitHub Blog
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
In this post, I'll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
CVE-2023-22523: Critical RCE Vulnerability in Assets Discovery https://securityonline.info/cve-2023-22523-critical-rce-vulnerability-in-assets-discovery/
Cybersecurity News
CVE-2023-22523: Critical RCE Vulnerability in Assets Discovery
A critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2023-22523 (CVSS score of 9.8), has been discovered in Assets Discovery
🔥1
Encrypted npm Packages Found Targeting Major Financial Institution https://blog.phylum.io/encrypted-npm-packages-found-targeting-major-financial-institution/
Phylum Research | Software Supply Chain Security
Encrypted npm Packages Found Targeting Major Financial Institution
Determining the intent behind a package publication is notoriously difficult. Is it a legitimate threat actor or a security researcher? We can rarely make this determination, so Phylum generally errs on the side of caution and annotates packages that exhibit…