-
```
There is an obvious path traversal in Kaspersky Virtual Keyboard, a hosting
website can simply do element.GetGraphics("../../../../whatever") to read any
png file on the victims computer.
x = d…
-
```
The fusermount binary calls setuid(geteuid()) to reset the ruid when
it invokes /bin/mount so that it can use privileged mount options that
are normally restricted if ruid != euid. That's acceptab…
-
```
The fusermount binary calls setuid(geteuid()) to reset the ruid when
it invokes /bin/mount so that it can use privileged mount options that
are normally restricted if ruid != euid. That's acceptab…
-
```
When Kaspersky https inspection is enabled, temporary certificates are created
in %PROGRAMDATA% for validation. I observed that the naming pattern is
{CN}.cer.
I created a certificate with CN=…
-
-
```
There is an obvious path traversal in Kaspersky Virtual Keyboard, a hosting
website can simply do element.GetGraphics("../../../../whatever") to read any
png file on the victims computer.
x = d…
-
```
A component of Kaspersky Internet Security that’s enabled by default is
called the “Network Attack Blocker”, described as “protects the computer
against dangerous network activity”. I examined t…
-
```
When Kaspersky https inspection is enabled, temporary certificates are created
in %PROGRAMDATA% for validation. I observed that the naming pattern is
{CN}.cer.
I created a certificate with CN=…
-
```
The ACL on %PROGRAMDATA%\Kaspersky Lab allows BUILTIN\Users to create new
files. This can be abused to create new plugins and modules during update, and
other filesystem races to gain elevated p…
-
```
When Kaspersky https inspection is enabled, temporary certificates are created
in %PROGRAMDATA% for validation. I observed that the naming pattern is
{CN}.cer.
I created a certificate with CN=…