The October 2023 Security Update Review Twenty years ago this month, Microsoft introduced the concept of “Patch Tuesday” – although the m... 2023-10-11 01:29:38 | 阅读: 27 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker cves queuing windows

Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit Last month, we looked at the attack surface of the Sony XAV-AX5500 – one of the targets in the upc... 2023-10-5 23:37:8 | 阅读: 22 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com sony xav ax5500 handset weblink

Finding Deserialization Bugs in the SolarWind Platform It’s been a while since I have written a blog post, p... 2023-9-22 00:12:53 | 阅读: 35 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com retrieved attacker payload amqp

The September 2023 Security Update Review Hello and welcome to another patch Tuesday in what continues to be a hot 0-day summer, with new e... 2023-9-13 01:28:21 | 阅读: 28 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker exchange cves remote

Looking at the ChargePoint Home Flex Threat Landscape We recently announced the rules and targets for the upcoming Pwn2Own Automotive competition. As we... 2023-9-8 00:9:40 | 阅读: 21 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com chargepoint charger network hardware

Revealing the Targets and Rules for the First Pwn2Own Automotive If you just want to read the rules, you can find them... 2023-8-29 23:4:17 | 阅读: 22 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com automotive pwn2own contest vehicle ev

CVE-2023-35150: Arbitrary Code Injection in XWiki.org XWiki In this excerpt of a Trend Micro Vulnerability Researc... 2023-8-23 23:46:33 | 阅读: 76 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com xwiki invitation wiki injection attacker

The August 2023 Security Update Review Greetings from hacker summer camp! Black Hat and DEFCON start this week, but let’s kick everythin... 2023-8-9 01:30:16 | 阅读: 44 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker cves queuing exchange

Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers In this guest blog from researcher Marcin Wiązowski, h... 2023-8-3 00:9:6 | 阅读: 27 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com surfobj umso printer win32kfull

CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability MOVEit supports the encryption of sensitive HTTP query parameters when generating redirection URLs.... 2023-7-20 23:55:23 | 阅读: 44 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com moveit silglobals decrypted dmz classlib

The SOHO Smashup Returns for Pwn2Own Toronto 2023 If you just want to read the rules, you can find them... 2023-7-13 23:9:50 | 阅读: 27 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com contest pwn2own network toronto contestants

The July 2023 Security Update Review It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest s... 2023-7-12 01:30:6 | 阅读: 46 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker remote windows bypass

CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs In this excerpt of a Trend Micro Vulnerability Researc... 2023-6-29 23:58:49 | 阅读: 61 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com serialized aria loginsight lang3

CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE Last year we published our patch gap analysis of ESXi’s... 2023-6-23 00:0:0 | 阅读: 41 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com freebsd timers memory callout vmkernel

The June 2023 Security Update Review It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest... 2023-6-14 01:28:34 | 阅读: 25 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker bypass exchange remote

Adventures in Disclosure: When Reporting Bugs Goes Wrong The Zero Day Initiative (ZDI) is the world’s largest vendor-agnostic bug bounty program. That mea... 2023-6-8 23:46:1 | 阅读: 26 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com zdi disclose psirt disclosing hopefully

CVE-2023-24941: Microsoft Network File System Remote Code Execution In this excerpt of a Trend Micro Vulnerability Researc... 2023-6-1 23:0:0 | 阅读: 81 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com remote network nfs onc nfsv4

Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight During Pwn2Own Toronto 2022, three different teams su... 2023-5-25 23:57:44 | 阅读: 30 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com smb2 pdu sonos speaker client

CVE-2023-20869/20870: Exploiting VMware Workstation at Pwn2Own Vancouver This post covers an exploit chain demonstrated by Nguy... 2023-5-18 23:50:51 | 阅读: 56 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com urb pwn2own sdp vmx attacker

The May 2023 Security Update Review It’s patch Tuesday once again, and Adobe and Microsoft have released their monthly batch of secur... 2023-5-10 01:26:34 | 阅读: 32 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows bypass remote