unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
252 - Bypassing KASLR and a FortiGate RCE
Home Blog Podcast Vulns About Us Contact...
2024-3-21 08:0:0 | 阅读: 13 |
收藏
|
DAY[0] - dayzerosec.com
github
containers
shells
mte
smm
251 - RCE’ing Mailspring and a .NET CRLF Injection
Some research from Martin Doyhenard at Portswigger, presenting an option to escalate a request...
2024-3-19 20:0:0 | 阅读: 5 |
收藏
|
DAY[0] - dayzerosec.com
verb
smuggled
martin
doyhenard
portswigger
250 - Future of Exploit Dev
Home Blog Podcast Vulns About Us Contact...
2024-3-16 07:19:0 | 阅读: 10 |
收藏
|
DAY[0] - dayzerosec.com
windows
youtube
github
hk9nh8s1m
twitch
249 - libXPC to Root and Digital Lockpicking
Additional Links:https://alephsecurity.com/2024/02/20/kontrol-lux-lock-1/...
2024-3-12 20:0:0 | 阅读: 10 |
收藏
|
DAY[0] - dayzerosec.com
kontrol
lux
248 - Binary Ninja Free and K-LEAK
Additional Links:https://binary.ninja/free/https://binary.ninja...
2024-3-6 20:0:0 | 阅读: 9 |
收藏
|
DAY[0] - dayzerosec.com
windows
dorsai
247 - Hacking Google AI and SAML
Additional Links:https://www.aleksey.com/xmlsec/xmlsec-man.html...
2024-3-5 20:0:0 | 阅读: 10 |
收藏
|
DAY[0] - dayzerosec.com
xmlsec
github
aleksey
246 - Rust Memory Corruption???
Silly vulnerability where the assert statement was written backwards, so the function only “wor...
2024-2-28 20:30:0 | 阅读: 11 |
收藏
|
DAY[0] - dayzerosec.com
vlan
uvlanid
virtionet
memory
payload
245 - A PHP and Joomla Bug and some DOM Clobbering
Just another caching issue, this time we’ve got a GraphQL API...
2024-2-27 20:0:0 | 阅读: 10 |
收藏
|
DAY[0] - dayzerosec.com
lucee
mura
cfml
indicating
244 - Linux Burns Down CVEs
A common code pattern for double free (and other issues) is incorrect life-time management alon...
2024-2-22 07:5:0 | 阅读: 12 |
收藏
|
DAY[0] - dayzerosec.com
ownership
dcm
believing
strcpy
incorrect
243 - GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023
XSS delivered via profile image upload of an SVG containing the X...
2024-2-20 21:0:0 | 阅读: 13 |
收藏
|
DAY[0] - dayzerosec.com
security
clamd
lowest
lands
injection
242 - kCTF Changes, LogMeIn, and wlan VFS Bugs
The primitive in play here is a handle duplication attack, and basically the LogMeIn device dri...
2024-2-14 20:0:0 | 阅读: 6 |
收藏
|
DAY[0] - dayzerosec.com
overflow
privileged
necessarily
elevation
mediatek
241 - The End of a DEFCON Era and Flipper Zero Woes
An arbitrary file leak (restricted read) in Jenkins that can be used to leak sensitive informat...
2024-2-13 20:0:0 | 阅读: 8 |
收藏
|
DAY[0] - dayzerosec.com
jenkins
attacker
headless
ssrf
args4j
240 - The Syslog Special
Qualys at it again this time with a skipped initialization code path leading to a small allocat...
2024-2-7 20:0:0 | 阅读: 9 |
收藏
|
DAY[0] - dayzerosec.com
syslog
bufsize
bufs
overflow
knows
239 - Public Private Android Keys and Docker Escapes
The issue itself is fairly easy to describe, Meta found that of 14 reputable brands seven had r...
2024-2-6 20:0:0 | 阅读: 7 |
收藏
|
DAY[0] - dayzerosec.com
apex
aosp
apks
ota
coded
238 - Busted ASLR, PixieFail, and Bypassing HVCI
A very interesting bug that impacts most common Linux-based distros (Ubuntu, Arch, Fedora) with...
2024-2-1 08:0:0 | 阅读: 14 |
收藏
|
DAY[0] - dayzerosec.com
memory
hvci
rwx
aslr
regions
237 - Reborn Homograph Attacks and Ransacking Passwords
Two core issues here, first is an auth-bypass due to incorr...
2024-1-31 01:33:49 | 阅读: 8 |
收藏
|
DAY[0] - dayzerosec.com
bypass
attacker
invite
injection
236 - Bypassing Chromecast Secure-Boot and Exploiting Factorio
The key vulnerability discovered is a relative heap out-of-bounds...
2024-1-17 21:0:0 | 阅读: 21 |
收藏
|
DAY[0] - dayzerosec.com
memory
contiguous
avb
mdl
235 - A GitLab Account Takeover and a Coldfusion RCE
Authentication Bypass in Apache’s OFBiz by including a the GET param requirePasswordChange=Y us...
2024-1-16 21:0:0 | 阅读: 24 |
收藏
|
DAY[0] - dayzerosec.com
coldfusion
bypass
cfexecute
234 - Allocator MTE, libwebp, and Operation Triangulation
An integer underflow in GPSd (GPS daemon) in the parsing...
2024-1-10 21:0:0 | 阅读: 6 |
收藏
|
DAY[0] - dayzerosec.com
getline
overflow
corrupt
inbuflen
233 - Spoofing Emails, PandoraFMS, and Keycloak
Client-side traversals as a cool attack class I overlooked...
2024-1-10 07:17:44 | 阅读: 10 |
收藏
|
DAY[0] - dayzerosec.com
outbound
307
keycloak
draft
Previous
-1
0
1
2
3
4
5
6
Next