vulns

Good afternoon to every security researcher. I would like to share my experience of finding announced vulnerability by internal F5 security team and writing the exploit for CVE-2022-1388. You can read more about this vulnerability on thehackernews or helpnetsecurity. iControl REST is an API for interaction between scripts and F5 device, used to manage and control that device automatically. Based on the details of the mitigation, the problem should be somewhere in the Connection: header....

NOTICE: Educational purposes only! Hi, I want to show you how easy it is to find a vulnerable server on the internet. Okey guys, so now, firstly we need to have some TOR client for anonymity ;) Before we begin, look at the following tools tor nyx proxychains-ng shodan curl nmap $ tor & $ nyx -i 127.0.0.1:9052 Then we can test, if the tor is working correctly with proxychains...

I think you sure know linux kernel patches from grsecurity. In follow tweet you can read about size overflow in patch from grsec. Tweet was in the meanwhile deleted. So what is the problem in this patch? When you change int (signed value) to size_t (unsigned value), you have to be sure you are saving unsigned value. room = N_TTY_BUF_SIZE - (ldata->read_head - tail); And what happens when the right site will have negative value?...