CVE-2021-45105: Denial of Service via Uncontrolled Recursion in Log4j StrSubstitutor In this excerpt of a Trend Micro Vulnerability Research... 2021-12-18 17:41:42 | 阅读: 100 | 收藏 | www.thezdi.com substitute apiversion log4j recursive

Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE In this third and final blog in the series, ZDI Vulnerab... 2021-12-16 23:38:25 | 阅读: 29 | 收藏 | www.thezdi.com memory shellcode addrof fakeobj pwn2own

The December 2021 Security Update Review The final second Tuesday of the month is here, and this month, it brings much more than just patches... 2021-12-15 03:37:13 | 阅读: 37 | 收藏 | www.thezdi.com microsoft windows attacker remote cves

Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021 In this second blog in the series, ZDI Vulnerability Res... 2021-12-10 01:59:52 | 阅读: 31 | 收藏 | www.thezdi.com word32xor 0x80000000 signed32 kx64movsxlq

Two Birds with One Stone: An Introduction to V8 and JIT Exploitation In this special blog series, ZDI Vulnerability Researche... 2021-12-7 17:30:36 | 阅读: 20 | 收藏 | www.thezdi.com chrome interpreter pwn2own chromium

MindShaRE: Using IO Ninja to Analyze NPFS In this installment of our MindShaRE series, ZDI vulnerability researcher Michael DePlante describes... 2021-11-19 02:14:55 | 阅读: 22 | 收藏 | www.thezdi.com client privileged npfs pipelist

The November 2021 Security Update Review The second Tuesday of the month is upon us, and with it comes the latest security patches from Adobe... 2021-11-10 03:30:16 | 阅读: 37 | 收藏 | www.thezdi.com microsoft windows exchange cves security

Pwn2Own Austin 2021 - Schedule and Live Results Welcome to Pwn2Own Austin 2021! This year’s consumer-focused event is our largest ever with 58 total... 2021-11-02 10:53:01 | 阅读: 67 | 收藏 | www.thezdi.com cloud netgear r6700v3 printer orange

Our ICS-Themed Pwn2Own Contest Returns to Miami in 2022 ¡Bienvenidos de nuevo a Miami!Our inaugural Pwn2Own Miami was held back in January 2020 at the S4 Co... 2021-10-25 22:14:44 | 阅读: 33 | 收藏 | www.thezdi.com opc contest miami pwn2own contestant

CVE-2021-28632 & CVE-2021-39840: Bypassing Locks in Adobe Reader Over the past few months, Adobe has patched several remo... 2021-10-21 16:12:17 | 阅读: 22 | 收藏 | www.thezdi.com cpdfield fieldparent fieldchild unlocked locking

Adding a Beta NAS Device to Pwn2Own Austin Today, we are announcing the inclusion of the beta version of the Western Digital 3TB My Cloud Home... 2021-10-15 05:26:39 | 阅读: 27 | 收藏 | www.thezdi.com cloud software western 3tb austin

The October 2021 Security Update Review The second Tuesday of the month is here, and that means the latest security updates from Adobe and M... 2021-10-13 02:28:00 | 阅读: 27 | 收藏 | www.thezdi.com microsoft exchange windows attacker cves

CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation In June of 2021, Microsoft released a patch to correct C... 2021-10-07 01:30:49 | 阅读: 28 | 收藏 | www.thezdi.com xoml attacker wf02 attck

CVE-2021-26084: Details on the Recently Exploited Atlassian Confluence OGNL Injection Bug In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein... 2021-9-22 15:28:22 | 阅读: 18 | 收藏 | www.thezdi.com webwork velocity evaluated atlassian xwork

The September 2021 Security Update Review It’s the second Tuesday of the month, and that means the latest security updates from Adobe and Micr... 2021-09-15 02:37:46 | 阅读: 55 | 收藏 | www.thezdi.com microsoft attacker windows chromium cves

Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja Parallels Desktop uses a paravirtual PCI device called t... 2021-9-9 14:59:23 | 阅读: 15 | 收藏 | www.thezdi.com darwin chkstk paged clash pwn2own

CVE-2021-2429: A Heap-based Buffer Overflow Bug in the MySQL InnoDB memcached Plugin In April 2021, the ZDI received a submission of a vulner... 2021-9-2 16:5:34 | 阅读: 15 | 收藏 | www.thezdi.com memcached innodb overflow database zdi

ProxyToken: An Authentication Bypass in Microsoft Exchange Server Continuing with the theme of serious vulnerabilities tha... 2021-08-30 21:59:23 | 阅读: 73 | 收藏 | www.thezdi.com exchange ecp attacker

From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange - ProxyShell! In April 2021, Orange Tsai from DEVCORE Research Team de... 2021-08-18 23:54:16 | 阅读: 67 | 收藏 | www.thezdi.com exchange powershell mailbox microsoft payload

Pwn2Own Austin 2021: Phones, Printers, NAS, and more! 2021-08-13 00:00:06 | 阅读: 33 | 收藏 | www.thezdi.com