Revealing the Targets and Rules for the First Pwn2Own Automotive If you just want to read the rules, you can find them... 2023-8-29 23:4:17 | 阅读: 34 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com automotive pwn2own contest vehicle ev

CVE-2023-35150: Arbitrary Code Injection in XWiki.org XWiki In this excerpt of a Trend Micro Vulnerability Researc... 2023-8-23 23:46:33 | 阅读: 95 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com xwiki invitation wiki injection attacker

The August 2023 Security Update Review Greetings from hacker summer camp! Black Hat and DEFCON start this week, but let’s kick everythin... 2023-8-9 01:30:16 | 阅读: 61 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker cves queuing exchange

Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers In this guest blog from researcher Marcin Wiązowski, h... 2023-8-3 00:9:6 | 阅读: 48 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com surfobj umso printer win32kfull

CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability MOVEit supports the encryption of sensitive HTTP query parameters when generating redirection URLs.... 2023-7-20 23:55:23 | 阅读: 57 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com moveit silglobals decrypted dmz classlib

The SOHO Smashup Returns for Pwn2Own Toronto 2023 If you just want to read the rules, you can find them... 2023-7-13 23:9:50 | 阅读: 42 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com contest pwn2own network toronto contestants

The July 2023 Security Update Review It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest s... 2023-7-12 01:30:6 | 阅读: 62 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker remote windows bypass

CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs In this excerpt of a Trend Micro Vulnerability Researc... 2023-6-29 23:58:49 | 阅读: 79 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com serialized aria loginsight lang3

CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE Last year we published our patch gap analysis of ESXi’s... 2023-6-23 00:0:0 | 阅读: 54 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com freebsd timers memory callout vmkernel

The June 2023 Security Update Review It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest... 2023-6-14 01:28:34 | 阅读: 38 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker bypass exchange remote

Adventures in Disclosure: When Reporting Bugs Goes Wrong The Zero Day Initiative (ZDI) is the world’s largest vendor-agnostic bug bounty program. That mea... 2023-6-8 23:46:1 | 阅读: 38 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com zdi disclose psirt disclosing hopefully

CVE-2023-24941: Microsoft Network File System Remote Code Execution In this excerpt of a Trend Micro Vulnerability Researc... 2023-6-1 23:0:0 | 阅读: 94 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com remote network nfs onc nfsv4

Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight During Pwn2Own Toronto 2022, three different teams su... 2023-5-25 23:57:44 | 阅读: 46 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com smb2 pdu sonos speaker client

CVE-2023-20869/20870: Exploiting VMware Workstation at Pwn2Own Vancouver This post covers an exploit chain demonstrated by Nguy... 2023-5-18 23:50:51 | 阅读: 67 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com urb pwn2own sdp vmx attacker

The May 2023 Security Update Review It’s patch Tuesday once again, and Adobe and Microsoft have released their monthly batch of secur... 2023-5-10 01:26:34 | 阅读: 44 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows bypass remote

CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service In this excerpt of a Trend Micro Vulnerability Research... 2023-5-3 00:9:19 | 阅读: 59 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com dhcpv6 dhcp network client microsoft

TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal Last week, the Zero Day Initiative (ZDI) threat-huntin... 2023-4-24 23:3:16 | 阅读: 109 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com 251 225 contest pwn2own security

CVE-2022-29844: A Classic Buffer Overflow on the Western Digital My Cloud Pro Series PR4100 This post covers an exploit chain demonstrated by Luca Moro (@johncool__) during Pwn2Own Toronto 202... 2023-4-20 23:0:0 | 阅读: 72 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com wd attacker western username

The April 2023 Security Update Review It’s the second Tuesday of the month, which means Adobe and Microsoft (and others) have released t... 2023-4-12 01:25:9 | 阅读: 46 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows cves privileges

Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOS In the last few years, we have seen multiple vulnerabili... 2023-4-7 00:8:23 | 阅读: 38 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com privileged cdpath setuid privileges upstream