Pwn2Own Miami 2022 Results Pwn2Own Miami for 2022 is underway, and we’ve already se... 2022-4-20 00:55:47 | 阅读: 49 | 收藏 | www.thezdi.com pwn2own miami unified amazing peles

Pwn2Own Miami 2022 Schedule Note: All times subject to change - You can see the results and live updates here once they become a... 2022-4-19 07:14:25 | 阅读: 60 | 收藏 | www.thezdi.com opc claroty aveva genesis64 machine

The April 2022 Security Update Review Another Patch Tuesday is upon, and Adobe and Microsoft have released a bevy of new security updat... 2022-4-13 02:8:27 | 阅读: 41 | 收藏 | www.thezdi.com microsoft windows cves attacker remote

CVE-2022-26381: Gone by others! Triggering a UAF in Firefox Memory corruption vulnerabilities have been well know... 2022-4-7 23:51:30 | 阅读: 76 | 收藏 | www.thezdi.com crash memory mozilla asan dereference

Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks What do you do when you’ve found an arbitrary file delete as NT AUTHORITY\SYSTEM? Probably just sigh... 2022-3-17 23:32:27 | 阅读: 69 | 收藏 | www.thezdi.com windows eop rbs rollback oplock

The March 2022 Security Update Review It’s once again Patch Tuesday, which means the latest security updates from Adobe and Microsoft have... 2022-3-9 02:30:49 | 阅读: 131 | 收藏 | www.thezdi.com microsoft attacker windows cves zdi

Clang Checkers and CodeQL Queries for Detecting Untrusted Pointer Derefs and Tainted Loop Conditions In the first blog of the series, we saw how CodeQL and C... 2022-2-24 01:49:0 | 阅读: 53 | 收藏 | www.thezdi.com tainted memory taint analysis checkers

Static Taint Analysis using Binary Ninja: A Case Study of MySQL Cluster Vulnerabilities Taint analysis is an effective technique for finding vul... 2022-2-16 01:4:39 | 阅读: 44 | 收藏 | www.thezdi.com tainted ssa taint mlil analysis

MindShaRE: When MySQL Cluster Encounters Taint Analysis Recently, the ZDI received multiple submissions of vulne... 2022-2-11 00:51:13 | 阅读: 49 | 收藏 | www.thezdi.com taint analysis propagation sanitizer accesses

The February 2022 Security Update Review It’s the second patch Tuesday of 2022, which means the latest security updates from Adobe and Micros... 2022-2-9 02:28:50 | 阅读: 44 | 收藏 | www.thezdi.com microsoft windows attacker remote cves

CVE-2021-44142: Details on a Samba Code Execution Bug Demonstrated at Pwn2Own Austin Recently, Samba released a patch to address an Out-of-Bounds (OOB) Heap Read/Write vulnerability fou... 2022-2-2 06:27:46 | 阅读: 83 | 收藏 | www.thezdi.com samba fruit attacker netatalk pwn2own

CVE-2021-44790: Code Execution on Apache via an Integer Underflow In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein... 2022-1-26 01:26:6 | 阅读: 48 | 收藏 | www.thezdi.com lua crlf sequences vlen consecutive

Looking Back at the Zero Day Initiative in 2021 Now that we’re almost through the first month of 2022, it’s a good opportunity for us to take a look... 2022-1-21 01:43:50 | 阅读: 23 | 收藏 | www.thezdi.com zdi pwn2own disclosures cwes

CVE-2021-21661: Exposing Database Info via WordPress SQL Injection In October of this year, we received a report from ngocn... 2022-1-19 02:15:17 | 阅读: 81 | 收藏 | www.thezdi.com wp wordpress php phpthe pagination

Pwn2Own Vancouver Returns for the 15th Anniversary of the Contest Jump to the contest rulesStarting in 2007, Pwn2Own has g... 2022-1-12 21:59:31 | 阅读: 22 | 收藏 | www.thezdi.com pwn2own tesla contest tier microsoft

The January 2022 Security Update Review The first patch Tuesday of the year is here, and with it comes the latest security patches from Adob... 2022-1-12 02:24:14 | 阅读: 64 | 收藏 | www.thezdi.com microsoft windows attacker remote exchange

The Top 5 Bugs Submitted in 2021 As the new year begins, we thought it would be fun to look back at some of the best bugs submitted d... 2022-1-7 01:4:58 | 阅读: 45 | 收藏 | www.thezdi.com exchange microsoft ebpf subregister security

CVE-2021-45105: Denial of Service via Uncontrolled Recursion in Log4j StrSubstitutor In this excerpt of a Trend Micro Vulnerability Research... 2021-12-18 17:41:42 | 阅读: 103 | 收藏 | www.thezdi.com substitute apiversion log4j recursive

Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE In this third and final blog in the series, ZDI Vulnerab... 2021-12-16 23:38:25 | 阅读: 32 | 收藏 | www.thezdi.com memory shellcode addrof fakeobj pwn2own

The December 2021 Security Update Review The final second Tuesday of the month is here, and this month, it brings much more than just patches... 2021-12-15 03:37:13 | 阅读: 40 | 收藏 | www.thezdi.com microsoft windows attacker remote cves