-
We have identified a critical security vulnerability (CVE-2023-42366) present in our Docker image. This vulnerability poses a significant risk to our system's security and integrity. Immediate action …
-
Especially with glibc heap exploitation challenges, it's important for CTF challenge authors to have control over which base image is used. This will also help address the issue where a challenge is l…
-
**Name**: edk2-ovmf-bin
**CVEs**: [CVE-2022-36763](https://nvd.nist.gov/vuln/detail/CVE-2022-36763), [CVE-2022-36764](https://nvd.nist.gov/vuln/detail/CVE-2022-36764), [CVE-2022-36765](https://nvd.ni…
-
### Description
Currently, PHP's heap implementation is ~trivial to exploit:
- [BlackAlps 2022: Generic Remote Exploit Techniques For The PHP Allocator, And 0days by Charles Fol](https://www.you…
-
- [Malware Samples](https://github.com/jstrosch/malware-samples)
- [LKVM Escape](https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/)
- [Recon Weekly #1 : Attack Surface Basics](https://www.ss…
-
This signature keeps crashing on my cuckoo-setup. The signature tries to access the "process_identifier" key, which is not there.
I also printed the call-dictionary just before it tried to access ca…
-
```yaml
{
"id": 1412,
"title": "RVD#1412: Integer overflow in the get_data function, zipimport.c in Python 2.7",
"type": "vulnerabitity",
"description": "Integer overflow in the g…
-
I can press any address in arena like
`arena 0xaabbcc ` even there is no arena there .
I think it's possible to check some sanity on some fields like `mutex = -494075892` is not possible or `flags =…
-
The following paper gives a good overview of several attack vectors through the memory allocator of an application: https://arxiv.org/pdf/1903.00503.pdf (Automatic Techniques to Systematically Discove…
-
## CVE-2021-0427 - High Severity Vulnerability
Vulnerable Library - baseandroid-10.0.0_r44
Android framework classes and services
Library home page: https://android.googlesource.com/platform/framew…