Protostar Walkthrough - Format Strings

Protostar is a virtual machine from Exploit Exercises that goes through basic memory corruption issues. This blog post is a continuation from my previous writeup on the stack exploitation stages of Protostar and will deal with the format string exercises. scut's Exploiting Format…
Read more...

Protostar Walkthrough - Stack

Protostar is a virtual machine from Exploit Exercises that goes through basic memory corruption issues. It is a step up from Nebula, another virtual machine from Exploit Exercises that I have written about previously. Quoting from the website, Protostar introduces the following …
Read more...

CVE-2018-8015: Denial of Service in Apache ORC

A malformed ORC file can trigger an endlessly recursive function call in the C++ parser which results in a segmentation fault. The impact of this bug is most likely denial-of-service against software that uses the C++ ORC file parser but may lead to possible code execution. In ad…
Read more...

CVE-2018-7889: Code execution when importing bookmarks into an Ebook

A malicious pickle file can be used to trigger remote code execution in Calibre E-book Manager. Affected Versions This vulnerability affects all operating systems Calibre supports and is present in the latest version (3.18) of the application. Description Calibre E-book Manag…
Read more...

Unauthenticated JSON-RPC API allows takeover of CryptoNote RPC wallets

The reference implementation of CryptoNote wallets start a JSON-RPC server listening on a localhost port that allows an attacker to execute wallet functions due to a lack of authentication. An attacker may exploit this vulnerability to steal cryptocurrency from vulnerable wallet…
Read more...