(CVE-2023-32529) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 10 | 收藏 | Advisories on STAR Labs - starlabs.sg php webapp apex widget

(CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 42 | 收藏 | Advisories on STAR Labs - starlabs.sg php webapp apex widget modtmms

(CVE-2023-38624) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 29 | 收藏 | Advisories on STAR Labs - starlabs.sg ssrf proxy cgiargs serverinfo widget

(CVE-2023-38625) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 13 | 收藏 | Advisories on STAR Labs - starlabs.sg proxy ssrf apex webapp

(CVE-2023-2971) Typora Local File Disclosure (Patch Bypass) Summary:ProductTyporaVendorTyporaSeverityMediumAffected VersionsTypora for Window... 2023-8-19 08:0:0 | 阅读: 8 | 收藏 | Advisories on STAR Labs - starlabs.sg webpage windows typemark malicious payload

(CVE-2023-2316) Typora Local File Disclosure Summary:ProductTyporaVendorTyporaSeverityMediumAffected VersionsTypora for Window... 2023-8-19 08:0:0 | 阅读: 19 | 收藏 | Advisories on STAR Labs - starlabs.sg webpage windows malicious payload attacker

(CVE-2023-2110) Obsidian Local File Disclosure Summary:ProductObsidianVendorObsidianSeverityHighAffected VersionsObsidian < 1.2.... 2023-8-19 08:0:0 | 阅读: 20 | 收藏 | Advisories on STAR Labs - starlabs.sg webpage malicious attacker payload windows

(CVE-2023-2317) Typora DOM-Based Cross-site Scripting leading to Remote Code Execution Summary:ProductTyporaVendorTyporaSeverityHighAffected VersionsTypora for Windows/... 2023-8-19 08:0:0 | 阅读: 8 | 收藏 | Advisories on STAR Labs - starlabs.sg updater payload malicious webpage windows

(CVE-2023-2318) MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution Summary:ProductMarkTextVendorMarkTextSeverityHighAffected VersionsMarkText <= 0.1... 2023-8-19 08:0:0 | 阅读: 9 | 收藏 | Advisories on STAR Labs - starlabs.sg marktext webpage windows payload malicious

Under The Hood - Disassembling of IKEA-Sonos Symfonisk Speaker Lamp We are excited to embark on a series of teardowns to explore the inner workings of various devices.... 2023-8-1 08:0:0 | 阅读: 2 | 收藏 | Blogs on STAR Labs - starlabs.sg circuit voltage symfonisk flyback connector

A new method for container escape using file-based DirtyCred Recently, I was trying out various exploitation techniques against a Linux kernel vulnerability, CVE... 2023-7-25 08:0:0 | 阅读: 1 | 收藏 | Blogs on STAR Labs - starlabs.sg modprobe aio iocb refcount dirtycred

prctl anon_vma_name: An Amusing Linux Kernel Heap Spray TLDRprctl PR_SET_VMA (PR_SET_VMA_ANON_NAME) can be used as a (possibly new!) heap spray method targ... 2023-7-25 08:0:0 | 阅读: 4 | 收藏 | Blogs on STAR Labs - starlabs.sg anon vma prctl kref kmalloc

(CVE-2023-3513) RazerCentralService unsafe deserialization Escalation of Privilege Vulnerability SummaryProductRazer CentralServiceVendorRazerSeverityHigh - Adversaries may exploit s... 2023-7-14 08:0:0 | 阅读: 9 | 收藏 | Advisories on STAR Labs - starlabs.sg razer software rzr

(CVE-2023-3514) RazerCentralSerivce unsafe NamedPipe permission Escalation of Privilege Vulnerability SummaryProductRazer CentralServiceVendorRazerSeverityHigh - Adversaries may exploit s... 2023-7-14 08:0:0 | 阅读: 9 | 收藏 | Advisories on STAR Labs - starlabs.sg razer rid

Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability BackgroundThe discovery and analysis of vulnerabilities is a critical aspect of cybersecurity resea... 2023-6-19 08:0:0 | 阅读: 4 | 收藏 | Blogs on STAR Labs - starlabs.sg netlink exts tcindex rtm tcf

The Old, The New and The Bypass - One-click/Open-redirect to own Samsung S22 at Pwn2Own 2022 TLDR;We began our work on Samsung immediately after the release of the Pwn2Own Toronto 2022 target... 2023-6-14 08:0:0 | 阅读: 2 | 收藏 | Blogs on STAR Labs - starlabs.sg samsung deeplink samsungapps p0

Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707) IntroductionWhile analyzing CVE-2022-41082, also known as ProxyNotShell, we discovered this vulnera... 2023-4-28 08:0:0 | 阅读: 5 | 收藏 | Blogs on STAR Labs - starlabs.sg powershell exchange payload

(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension Summary:ProductShopwareVendorShopware AGSeverityHigh - Users with login access to Sho... 2023-4-17 08:0:0 | 阅读: 16 | 收藏 | Advisories on STAR Labs - starlabs.sg shopware arrow php twig xa9

CS-Cart PDF Plugin Unauthenticated Command Injection SummaryA command injection vulnerability exists in CS-Cart’s HTML to PDF converter (https://github.... 2023-3-3 08:0:0 | 阅读: 2 | 收藏 | Blogs on STAR Labs - starlabs.sg converter php cscart github injection

Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer Upon finding the vulnerability, our team member, Ngo Wei Lin (@Creastery), immediately reported it t... 2023-2-24 08:0:0 | 阅读: 8 | 收藏 | Blogs on STAR Labs - starlabs.sg cosmos heatmap attacker