CVE-2018-8015: Denial of Service in Apache ORC

A malformed ORC file can trigger an endlessly recursive function call in the C++ parser which results in a segmentation fault. The impact of this bug is most likely denial-of-service against software that uses the C++ ORC file parser but may lead to possible code execution. In ad…
Read more...

CVE-2018-7889: Code execution when importing bookmarks into an Ebook

A malicious pickle file can be used to trigger remote code execution in Calibre E-book Manager. Affected Versions This vulnerability affects all operating systems Calibre supports and is present in the latest version (3.18) of the application. Description Calibre E-book Manag…
Read more...

Unauthenticated JSON-RPC API allows takeover of CryptoNote RPC wallets

The reference implementation of CryptoNote wallets start a JSON-RPC server listening on a localhost port that allows an attacker to execute wallet functions due to a lack of authentication. An attacker may exploit this vulnerability to steal cryptocurrency from vulnerable wallet…
Read more...

Nebula Walkthrough

Nebula is a virtual machine from Exploit Exercises that goes through basic local Linux exploitation. Quoting from the website, Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at SUID files …
Read more...

A DNSSEC Primer

DNSSEC is a hugely complex protocol. The current specification is defined in three RFCs: RFC4033, RFC4034 and RFC4035. This post will attempt to explain the core of the protocol and what is required to sign a DNS zone with DNSSEC. The process of validating DNSSEC records shall be…
Read more...