Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation 微软Windows Cloud Minifilter中的一个竞态条件漏洞（CVE-2025-55680）允许攻击者在验证文件名后修改文件名，从而在任意位置创建文件或目录，导致权限提升。该漏洞存在于HsmpOpCreatePlaceholders函数中，在处理IOCTL 0x903BC请求时未正确同步验证和创建操作。... 2025-10-20 18:12:14 | 阅读: 7 | 收藏 | Exodus Intelligence - blog.exodusintel.com placeholder relname cf truncated

Oops Safari, I think You Spilled Something! WebKit的DFG编译器中发现了一个严重漏洞（CVE-2024-44308），该漏洞允许攻击者通过未初始化变量利用实现远程代码执行。苹果于2024年11月修复了此问题。... 2025-8-4 15:58:24 | 阅读: 13 | 收藏 | Exodus Intelligence - blog.exodusintel.com writeobj butterfly dfg

Windows套接字：从注册I/O到SYSTEM权限 这篇文章探讨了Windows系统中一个严重的内核模式use-after-free漏洞（CVE-2024-38193），该漏洞存在于afd.sys驱动中，并且可以通过Registered I/O机制被利用来获取SYSTEM级别的权限。... 2025-4-27 06:39:24 | 阅读: 16 | 收藏 | 玄武实验室每日安全 - blog.exodusintel.com overflow windows vignesh javier jimenez

Windows Sockets: From Registered I/O to SYSTEM Privileges OverviewThis post discusses CVE-2024-38193, a use-after-free vulnerability in the... 2024-12-3 00:49:8 | 阅读: 10 | 收藏 | Exodus Intelligence - blog.exodusintel.com riobuffer rio afd lastidx numbuffer

Softaculous Webuzo Authentication Bypass July 25, 2024... 2024-7-26 05:46:34 | 阅读: 19 | 收藏 | Exodus Intelligence - blog.exodusintel.com webuzo 2024further

Softaculous Webuzo FTP Management Command Injection July 25, 2024... 2024-7-26 05:46:28 | 阅读: 20 | 收藏 | Exodus Intelligence - blog.exodusintel.com webuzo 2024patched

Softaculous Webuzo Password Reset Command Injection July 25, 2024... 2024-7-26 05:46:8 | 阅读: 16 | 收藏 | Exodus Intelligence - blog.exodusintel.com webuzo attacker

Hacking the Future: 12 Years at Exodus and the Next Big Leap Tl;dr – We are hiring engineers, analysts, and researchers.This May marked our 12th year of pr... 2024-5-31 22:18:21 | 阅读: 7 | 收藏 | Exodus Intelligence - blog.exodusintel.com hiring software motivation analysis

Vulnerability Assessment Course – Summer 2024 This course introduces vulnerability analysis and research with a focus on Ndays. We... 2024-4-12 22:31:39 | 阅读: 22 | 收藏 | Exodus Intelligence - blog.exodusintel.com analysis injection debuggers memory

Public Mobile Exploitation Training – Summer 2024 This 4 day course is designed to provide students with both an overview of the Android attack... 2024-4-12 21:55:2 | 阅读: 12 | 收藏 | Exodus Intelligence - blog.exodusintel.com memory baseband mediatek virtualbox modem

Public Browser Exploitation Training – Summer 2024 This 4 day course is designed to provide students with both an overview of the current state... 2024-4-12 21:54:52 | 阅读: 9 | 收藏 | Exodus Intelligence - blog.exodusintel.com chrome memory exercises

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu OverviewThis post discusses a use-after-free vulnerability, CVE-2024-0582, in io_... 2024-3-27 23:47:36 | 阅读: 17 | 收藏 | Exodus Intelligence - blog.exodusintel.com pbuf buffers ioring memory attacker

D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability January 25, 2024... 2024-1-26 07:40:19 | 阅读: 29 | 收藏 | Exodus Intelligence - blog.exodusintel.com exodus cvssv2 13d90c2b gena upnp

D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability January 25, 2024... 2024-1-26 07:40:16 | 阅读: 25 | 收藏 | Exodus Intelligence - blog.exodusintel.com cvssv2 exodus 5a0f4b12 dap 23625

Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability January 25, 2024... 2024-1-26 07:40:12 | 阅读: 21 | 收藏 | Exodus Intelligence - blog.exodusintel.com attacker bypassed

Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability January 25, 2024... 2024-1-26 07:40:9 | 阅读: 16 | 收藏 | Exodus Intelligence - blog.exodusintel.com injection remote ea3ab824a au

Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability January 25, 2024... 2024-1-26 07:40:5 | 阅读: 15 | 收藏 | Exodus Intelligence - blog.exodusintel.com bypassed ccvssv2

Motorola MR2600 Authentication Bypass Vulnerability January 25, 2024... 2024-1-26 07:40:1 | 阅读: 14 | 收藏 | Exodus Intelligence - blog.exodusintel.com 2024further

Motorola MR2600 Arbitrary Firmware Upload Vulnerability January 25, 2024... 2024-1-26 07:39:57 | 阅读: 16 | 收藏 | Exodus Intelligence - blog.exodusintel.com bypassed au ccvssv2

Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability January 25, 2024... 2024-1-26 07:34:53 | 阅读: 17 | 收藏 | Exodus Intelligence - blog.exodusintel.com ccvssv2 7777417aan surfboard