244 - Linux Burns Down CVEs A common code pattern for double free (and other issues) is incorrect life-time management alon... 2024-2-22 07:5:0 | 阅读: 15 | 收藏 | DAY[0] - dayzerosec.com ownership dcm believing strcpy incorrect

243 - GhostCMS, ClamAV, and the Top Web Hacking Techniques of 2023 XSS delivered via profile image upload of an SVG containing the X... 2024-2-20 21:0:0 | 阅读: 16 | 收藏 | DAY[0] - dayzerosec.com security clamd lowest lands injection

242 - kCTF Changes, LogMeIn, and wlan VFS Bugs The primitive in play here is a handle duplication attack, and basically the LogMeIn device dri... 2024-2-14 20:0:0 | 阅读: 7 | 收藏 | DAY[0] - dayzerosec.com overflow privileged necessarily elevation mediatek

241 - The End of a DEFCON Era and Flipper Zero Woes An arbitrary file leak (restricted read) in Jenkins that can be used to leak sensitive informat... 2024-2-13 20:0:0 | 阅读: 9 | 收藏 | DAY[0] - dayzerosec.com jenkins attacker headless ssrf args4j

240 - The Syslog Special Qualys at it again this time with a skipped initialization code path leading to a small allocat... 2024-2-7 20:0:0 | 阅读: 10 | 收藏 | DAY[0] - dayzerosec.com syslog bufsize bufs overflow knows

239 - Public Private Android Keys and Docker Escapes The issue itself is fairly easy to describe, Meta found that of 14 reputable brands seven had r... 2024-2-6 20:0:0 | 阅读: 8 | 收藏 | DAY[0] - dayzerosec.com apex aosp apks ota coded

238 - Busted ASLR, PixieFail, and Bypassing HVCI A very interesting bug that impacts most common Linux-based distros (Ubuntu, Arch, Fedora) with... 2024-2-1 08:0:0 | 阅读: 15 | 收藏 | DAY[0] - dayzerosec.com memory hvci rwx aslr regions

237 - Reborn Homograph Attacks and Ransacking Passwords Two core issues here, first is an auth-bypass due to incorr... 2024-1-31 01:33:49 | 阅读: 9 | 收藏 | DAY[0] - dayzerosec.com bypass attacker invite injection

236 - Bypassing Chromecast Secure-Boot and Exploiting Factorio The key vulnerability discovered is a relative heap out-of-bounds... 2024-1-17 21:0:0 | 阅读: 22 | 收藏 | DAY[0] - dayzerosec.com memory contiguous avb mdl

235 - A GitLab Account Takeover and a Coldfusion RCE Authentication Bypass in Apache’s OFBiz by including a the GET param requirePasswordChange=Y us... 2024-1-16 21:0:0 | 阅读: 25 | 收藏 | DAY[0] - dayzerosec.com coldfusion bypass cfexecute

234 - Allocator MTE, libwebp, and Operation Triangulation An integer underflow in GPSd (GPS daemon) in the parsing... 2024-1-10 21:0:0 | 阅读: 6 | 收藏 | DAY[0] - dayzerosec.com getline overflow corrupt inbuflen

233 - Spoofing Emails, PandoraFMS, and Keycloak Client-side traversals as a cool attack class I overlooked... 2024-1-10 07:17:44 | 阅读: 10 | 收藏 | DAY[0] - dayzerosec.com outbound 307 keycloak draft

232 - RetSpill, A Safari Vuln, and Steam RCE 22 December 2023Show Notes 00:02:00RetSpill - Igniting... 2023-12-22 21:0:0 | 阅读: 4 | 收藏 | DAY[0] - dayzerosec.com remote protections qnap libqcloud guidelines

231 - IOT Issues and DNS Rebinding Multiple vulns detailed in ExtremeXOS, the operating system used for Extreme Networks managed s... 2023-12-19 21:0:0 | 阅读: 6 | 收藏 | DAY[0] - dayzerosec.com speaker bootcmd attacker firmware bootargs

230 - Samsung Baseband and GPU Vulns [Kagi Summary]The root cause of the vulnerability is a buffer overflow error in the CdmaSmsPar... 2023-12-6 21:0:0 | 阅读: 2 | 收藏 | DAY[0] - dayzerosec.com overflow baseband payload overly

229 - Buggy Cookies and a macOS TCC Bypass This post details a prompt-based exploit that c... 2023-12-5 21:0:0 | 阅读: 2 | 收藏 | DAY[0] - dayzerosec.com metal divergence bypassing ends repeat

228 - Hypervisor Bugs and a FAR-out iOS bug Kinda a cool bug dealing with an improper optimization and... 2023-11-29 21:0:0 | 阅读: 5 | 收藏 | DAY[0] - dayzerosec.com hole overflow attacker kinda memory

227 - Kubernetes Code Exec and There Is No Spoon Honestly, this is a simple bug, a react website, wiht sourc... 2023-11-28 21:0:0 | 阅读: 6 | 收藏 | DAY[0] - dayzerosec.com ingress lua copying attacker served

226 - A Heap of Linux Bugs One vulnerability a use-after-free in the Linux nftable sub... 2023-11-23 02:10:45 | 阅读: 5 | 收藏 | DAY[0] - dayzerosec.com compound memory folio contiguous buffers

225 - Prompting for Secrets and Malicious Extensions There is a lot going on in this post, the novel aspect are... 2023-11-21 21:0:0 | 阅读: 5 | 收藏 | DAY[0] - dayzerosec.com chrome motw bypasses chromeos