unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
197 - Popping Azure Web Services and Apollo Config Bugs
When using the ssrfFilter library in conjunction with the Request...
2023-3-22 03:51:43 | 阅读: 21 |
收藏
|
DAY[0] - dayzerosec.com
library
attacker
truncate
vuln
bypass
196 - An OpenBSD overflow and TPM bugs
Yet another case of bad syncronization or just performing operations in the wrong order. IIn th...
2023-3-16 07:55:45 | 阅读: 11 |
收藏
|
DAY[0] - dayzerosec.com
tpm
isr
ciphersize
ipopt
optlen
195 - Stealing Secrets with Security Advisories and CorePlague
A nice use of the a CRLF Injection to exploit a seemingly unex...
2023-3-15 03:49:54 | 阅读: 13 |
收藏
|
DAY[0] - dayzerosec.com
jenkins
attacker
github
forgot
codespace
194 - Hacking the DSi and some Fuzzing Tips
Additional Links: https://www.fuzzingbook.org/ ...
2023-3-9 08:50:52 | 阅读: 19 |
收藏
|
DAY[0] - dayzerosec.com
fuzzingbook
193 - ImageMagick, Cracking SmartLocks, and Broken OAuth
Relatively straight forward oauth hijack/account takeover flow wi...
2023-3-8 04:49:19 | 阅读: 17 |
收藏
|
DAY[0] - dayzerosec.com
booking
facebook
jaas
datahub
192 - A GPU Bug and the World’s Worst Fuzzer Findings
A bug was found sort of accidentally in Adreno/KGSL GPU for Android devices. The post covers a...
2023-3-2 08:48:45 | 阅读: 14 |
收藏
|
DAY[0] - dayzerosec.com
mapped
kgsl
buffers
memory
userspace
191 - Param Pollution in Golang, OpenEMR, and CRLF Injection
A couple interesting issues in OpenEMR leading to unauthenticated...
2023-3-1 04:52:8 | 阅读: 15 |
收藏
|
DAY[0] - dayzerosec.com
sequelize
payload
feathers
injection
bypass
190 - Fuzzing cURL, Netatalk, and an Emulator Escape
22 February 2023Show Notes 00:00:27Spot the Vuln - Ins...
2023-2-23 08:49:47 | 阅读: 18 |
收藏
|
DAY[0] - dayzerosec.com
memory
joke
overflows
escaping
189 - Compromising Azure, Password Verification Fails, and Readline Crime
Some malformed hashes will “validate” with any value compared using password_verify. This is du...
2023-2-22 04:49:17 | 阅读: 19 |
收藏
|
DAY[0] - dayzerosec.com
readline
malformed
haproxy
finger
encountered
188 - Rusty Kernel Bugs, mast1c0re, and OpenSSH
A use-after-free (UAF) yielding double free in OpenSSH that’s hittable pre-authentication. The...
2023-2-16 07:45:0 | 阅读: 16 |
收藏
|
DAY[0] - dayzerosec.com
kex
ps2
vuln
openssh
overflow
187 - Top 2022 Web Hacking Techniques and a Binance Bug
A small bug in processing/validating the entries in the Merkel tree resulting in the theft of 2...
2023-2-15 04:45:51 | 阅读: 21 |
收藏
|
DAY[0] - dayzerosec.com
bsc
windows
remote
separators
tackle
186 - An XNU Exploit and a Chrome Heap Overflow
A 19-year-old bug in XNUs Data Link Interface Layer o...
2023-2-9 08:45:59 | 阅读: 18 |
收藏
|
DAY[0] - dayzerosec.com
ifnet
texture
addrs
comparing
infos
185 - Facebook Account Takeovers and a vBulletin RCE
A bit of research on leaking access tokens from OAuth2/OIDC flows...
2023-2-8 04:45:9 | 阅读: 37 |
收藏
|
DAY[0] - dayzerosec.com
attacker
compat
getprotocol
facebook
victim
184 - KASAN comes to Windows and Shuffling ROP Gadgets
Home Blog Podcast Vulns About Us Contact...
2023-2-2 08:45:3 | 阅读: 22 |
收藏
|
DAY[0] - dayzerosec.com
twitch
enhancement
pwning
loader
183 - CSS Injection and a Google Cloud Project Takeover Bug
Fun little CSS injection turned full-read SSRF thanks to an (imo)...
2023-2-1 04:45:26 | 阅读: 40 |
收藏
|
DAY[0] - dayzerosec.com
injection
ssrf
inject
proxy
kayak
182 - Exploiting Null Derefs and Windows Type COM-fusion
The last time we covered a “how to exploit a null-deref in...
2023-1-26 08:45:49 | 阅读: 15 |
收藏
|
DAY[0] - dayzerosec.com
overflow
memory
oops
overflows
network
181 - Cloud Bugs and More Vulns in Galaxy App Store
Cool, yet simple finding from the DataDog security team where cal...
2023-1-25 04:55:32 | 阅读: 18 |
收藏
|
DAY[0] - dayzerosec.com
ssh
username
attacker
cloud
samsung
180 - An iPod Nano Bug, XNU Vuln, and a WebKit UAF
A trivial out of bounds access in the iPod nano 3rd-5th generation’s USB stack in the bootRO...
2023-1-19 08:45:16 | 阅读: 18 |
收藏
|
DAY[0] - dayzerosec.com
unaligned
attacker
aligned
memory
179 - Client-Side Path Traversal and Hiding Your Entitlement(s)
Some funny vulns in an undisclosed forum’s “teams” feature where...
2023-1-18 04:45:8 | 阅读: 20 |
收藏
|
DAY[0] - dayzerosec.com
parcel
memory
parcels
lazyvalue
178 - Attacking Bhyves and a Kernel UAF
An out-of-bounds read/write in FreeBSD’s bhyve hypervisor....
2023-1-12 08:45:14 | 阅读: 19 |
收藏
|
DAY[0] - dayzerosec.com
dynset
e82545
descriptors
infoleak
netfilter
Previous
4
5
6
7
8
9
10
11
Next