STAR LABS SG PTE. LTD. has been authorized by the CVE Program as a CVE Numbering Authority (CNA) STAR LABS SG PTE. LTD. (STAR Labs) announced today that it has become a CVE Numbering Authority (CNA... 2023-2-22 08:0:0 | 阅读: 0 | 收藏 | Blogs on STAR Labs - starlabs.sg security cna publishing

Gotta KEP-tcha 'Em All - Bypassing Anti-Debugging methods in KEPServerEX BackgroundLately, my focus has been on discovering any potential vulnerabilities in KEPServerEX.KE... 2023-2-17 08:0:0 | 阅读: 4 | 收藏 | Blogs on STAR Labs - starlabs.sg pwvtdata libua kepua libthread 70h

Dissecting the Vulnerabilities - A Comprehensive Teardown of acmailer's N-Days IntroductionIn this post, one of our recent intern, Wang Hengyue (@w_hy_04) was given the task to a... 2023-2-16 08:0:0 | 阅读: 1 | 收藏 | Blogs on STAR Labs - starlabs.sg acmailer enq subaccount 091 ctl

Deconstructing and Exploiting CVE-2020-6418 As part of my internship at STAR Labs, I conducted n-day analysis of CVE-2020-6418. This vulnerabili... 2022-12-21 08:0:0 | 阅读: 7 | 收藏 | Blogs on STAR Labs - starlabs.sg oob vic doubles receiver jscreate

(CVE-2022-44667) Windows CDirectMusicPortDownload Integer Overflow Vulnerability SummaryProductMicrosoft DirectMusicVendorMicrosoftSeverityHighAffected VersionsMi... 2022-12-13 08:0:0 | 阅读: 3 | 收藏 | Advisories on STAR Labs - starlabs.sg dwsize articdata

(CVE-2022-44668) Windows DirectMusicPortDownload Double Free Vulnerability SummaryProductMicrosoft DirectMusicVendorMicrosoftSeverityHighAffected VersionsMi... 2022-12-13 08:0:0 | 阅读: 3 | 收藏 | Advisories on STAR Labs - starlabs.sg 00000074 00007ffb dsmusic dmusic

The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 BackgroundSome time ago, we were playing with some Netgear routers and we learned so much from this... 2022-12-6 08:0:0 | 阅读: 0 | 收藏 | Blogs on STAR Labs - starlabs.sg fw dhcp lease netgear curlopt

TheHole New World - how a small leak will sink a great browser (CVE-2021-38003) IntroductionCVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerab... 2022-12-6 08:0:0 | 阅读: 3 | 收藏 | Blogs on STAR Labs - starlabs.sg oob victim hole memory thehole

Multiple Vulnerabilities in Proxmox VE & Proxmox Mail Gateway BackgroundProxmox Virtual Environment (Proxmox VE or PVE) is an open-source type-1 hypervisor. It i... 2022-12-2 08:0:0 | 阅读: 5 | 收藏 | Blogs on STAR Labs - starlabs.sg pve pmg authkey backup username

Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerability OverviewDisclaimer: No anime characters or animals were harmed during the research. The bug had bee... 2022-10-25 08:0:0 | 阅读: 9 | 收藏 | Blogs on STAR Labs - starlabs.sg bcsodata microsoft ssrf

Apple CoreText - An Unexpected Journey to Learn about Failure Late last year, I have focused my research on the CoreText framework for 2-3 months. In particular,... 2022-9-29 08:0:0 | 阅读: 0 | 收藏 | Blogs on STAR Labs - starlabs.sg ligature trunglue morx glyphs subtable

Step-by-Step Walkthrough of CVE-2022-32792 - WebKit B3ReduceStrength Out-of-Bounds Write Recently, ZDI released the advisory for a Safari out-of-bounds write vulnerability exploited by Manf... 2022-9-8 08:0:0 | 阅读: 5 | 收藏 | Blogs on STAR Labs - starlabs.sg intrange rangefor lhs rhs timetolive

Exploiting WebKit JSPropertyNameEnumerator Out-of-Bounds Read (CVE-2021-1789) Initially, our team member, Đỗ Minh Tuấn, wanted to write about the RCA (Root Cause Analysis) of CVE... 2022-8-19 08:0:0 | 阅读: 4 | 收藏 | Blogs on STAR Labs - starlabs.sg jsc webkit obj2 memory

Gitlab Project Import RCE Analysis (CVE-2022-2185) At the beginning of this month, GitLab released a security patch for versions 14->15. Interestingly... 2022-7-21 08:0:0 | 阅读: 18 | 收藏 | Blogs on STAR Labs - starlabs.sg gitlab bulk

(CVE-2022-26438) Asus System Control Interface Backup Local Privilege Escalation (LPE) Summary:ProductAsus System Control InterfaceVendorAsusSeverityHigh - Adversaries may... 2022-7-13 08:0:0 | 阅读: 13 | 收藏 | Advisories on STAR Labs - starlabs.sg junction dosdevice keepalive writeline basedir

(CVE-2022-26439) Asus System Control Interface Software Update Arbitrary File Deletion Summary:ProductAsus System Control InterfaceVendorAsusSeverityMedium - Adversaries ma... 2022-7-13 08:0:0 | 阅读: 3 | 收藏 | Advisories on STAR Labs - starlabs.sg asus oi myasus

io_uring - new code, new bugs, and a new exploit technique For the past few weeks, I have been working on conducting N-day analysis and bug hunting in the io_u... 2022-6-24 08:0:0 | 阅读: 7 | 收藏 | Blogs on STAR Labs - starlabs.sg buffers xattr memory attacker kmalloc

Trying To Exploit A Windows Kernel Arbitrary Read Vulnerability IntroductionI recently discovered a very interesting kernel vulnerability that allows the reading o... 2022-6-7 08:0:0 | 阅读: 4 | 收藏 | Blogs on STAR Labs - starlabs.sg ffff8388 fffff805 memory inbuffer afd

New Wine in Old Bottle - Microsoft Sharepoint Post-Auth Deserialization RCE (CVE-2022-29108) Recently, I have had a some work which is related to Sharepoint, so I was learning on how to setup... 2022-5-12 08:0:0 | 阅读: 14 | 收藏 | Blogs on STAR Labs - starlabs.sg 22005 infopath itemid

(CVE-2022-0216) QEMU LSI SCSI Use After Free CVE: CVE-2022-0216Tested Versions:QEMU < v6.0.0Product URL(s):https://www.qemu.org/Technic... 2022-3-28 08:0:0 | 阅读: 1 | 收藏 | Advisories on STAR Labs - starlabs.sg scsi lsi softmmu hw memory