271 - Unicode Troubles, Bypassing CFG, and Racey Pointer Updates

271 - Unicode Troubles, Bypassing CFG, and Racey Pointer Updates
本文讨论了信息安全中的几个关键问题，包括利用Unicode溢出绕过字符限制、OAuth常见漏洞、Windows电话服务的安全缺陷（CVE-2024-26230）以及TRAVERTINE漏洞（CVE-2025-24118）。 2025-2-11 09:15:58 Author: dayzerosec.com(查看原文) 阅读量:39 收藏

11 February 2025

Show Notes

Bypassing character blocklists with unicode overflows

Additional Links: https://portswigger.net/research/splitting-the-email-atom#unicode-overflows https://infosecwriteups.com/6000-with-microsoft-hall-of-fame-microsoft-firewall-bypass-crlf-to-xss-microsoft-bug-bounty-8f6615c47922 https://portswigger.net/research/splitting-the-email-atom#unicode-overflows

Common OAuth Vulnerabilities

Windows Telephony Service - It's Got Some Call-ing Issues [CVE-2024-26230]

TRAVERTINE (CVE-2025-24118)

Additional Links: https://jprx.io/cve-2025-24118/# https://hardwear.io/usa-2025/training/attacking-hypervisors-from-kvm.php

文章来源: https://dayzerosec.com/podcast/271.html
如有侵权请联系:admin#unsafe.sh