Archive

2023  15

September  1

(CVE-2023-2315) Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2

September 18, 2023 · 6 min · Poh Jia Hao (@Chocologicall)

August  11

(CVE-2023-32523) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE

August 22, 2023 · 8 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-32524) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE

August 22, 2023 · 8 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-32529) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE

August 22, 2023 · 6 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE

August 22, 2023 · 7 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-38624) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF

August 22, 2023 · 7 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-38625) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF

August 22, 2023 · 7 min · Poh Jia Hao (@Chocologicall)

(CVE-2023-2110) Obsidian Local File Disclosure

August 19, 2023 · 6 min · Li Jiantao (@CurseRed)

(CVE-2023-2316) Typora Local File Disclosure

August 19, 2023 · 5 min · Li Jiantao (@CurseRed)

(CVE-2023-2317) Typora DOM-Based Cross-site Scripting leading to Remote Code Execution

August 19, 2023 · 5 min · Li Jiantao (@CurseRed)

(CVE-2023-2318) MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution

August 19, 2023 · 4 min · Li Jiantao (@CurseRed)

(CVE-2023-2971) Typora Local File Disclosure (Patch Bypass)

August 19, 2023 · 5 min · Li Jiantao (@CurseRed)

July  2

(CVE-2023-3513) RazerCentralService unsafe deserialization Escalation of Privilege Vulnerability

July 14, 2023 · 4 min · Phan Thanh Duy (@PTDuy)

(CVE-2023-3514) RazerCentralSerivce unsafe NamedPipe permission Escalation of Privilege Vulnerability

July 14, 2023 · 5 min · Phan Thanh Duy (@PTDuy)

April  1

(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension

April 17, 2023 · 8 min · Ngo Wei Lin (@Creastery)

2022  11

December  2

(CVE-2022-44667) Windows CDirectMusicPortDownload Integer Overflow Vulnerability

December 13, 2022 · 10 min · Lê Hữu Quang Linh (@linhlhq)

(CVE-2022-44668) Windows DirectMusicPortDownload Double Free Vulnerability

December 13, 2022 · 5 min · Lê Hữu Quang Linh (@linhlhq)

July  2

(CVE-2022-26438) Asus System Control Interface Backup Local Privilege Escalation (LPE)

July 13, 2022 · 39 min · Schuyler Tay

(CVE-2022-26439) Asus System Control Interface Software Update Arbitrary File Deletion

July 13, 2022 · 3 min · Schuyler Tay

March  6

(CVE-2021-4206) QEMU QXL Integer overflow leads to Heap Overflow

March 28, 2022 · 3 min · Billy Jheng Bing Jhong (@st424204)

(CVE-2021-4207) QEMU QXL Integer overflow leads to Heap Overflow

March 28, 2022 · 3 min · Billy Jheng Bing Jhong (@st424204)

(CVE-2022-0168) Linux Kernel smb2_ioctl_query_info NULL Pointer Dereference

March 28, 2022 · 4 min · Billy Jheng Bing Jhong (@st424204)

(CVE-2022-0216) QEMU LSI SCSI Use After Free

March 28, 2022 · 7 min · Muhammad Alifa Ramdhan (@n0psledbyte)

(CVE-2022-28730) Apache JSPWiki v2.11.1 - Reflected XSS in AjaxPreview.jsp

March 14, 2022 · 1 min · Poh Jia Hao

(CVE-2022-26718) macOS smbfs Out-of-Bounds Read due to parse nic info

March 4, 2022 · 4 min · Peter Nguyễn Vũ Hoàng

January  1

(CVE-2022-21877) Storage Spaces Controller Information Disclosure Vulnerability

January 11, 2022 · 10 min · Lê Hữu Quang Linh (@linhlhq)

2021  30

September  2

(CVE-2021-30844) macOS smbfs Out-of-Bounds Read

September 13, 2021 · 3 min · Peter Nguyễn Vũ Hoàng

(CVE-2021-30845) macOS smbfs Out-of-Bounds Read

September 13, 2021 · 3 min · Peter Nguyễn Vũ Hoàng

June  12

(CVE-2021-30868) macOS smbfs Race Condition leading to Use-After-Free Vulnerability

June 18, 2021 · 12 min · Peter Nguyễn Vũ Hoàng

(CVE-20221-35400) Prolink PRC2402M mesh.cgi get_extender_page Un-authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35401) Prolink PRC2402M login.cgi sys_login Un-authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35403) Prolink PRC2402M touchlist_sync.cgi main Un-authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35404) Prolink PRC2402M applogin.cgi sys_login1 Authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35406) Prolink PRC2402M login.cgi sys_login1 Authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35406) Prolink PRC2402M qos.cgi qos_settings Un-authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35407) Prolink PRC2402M mesh.cgi get_upgrade_page Un-authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-20221-35409) Prolink PRC2402M nightled.cgi SetNightLed Un-authenticated Command Injection Vulnerability

June 10, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-2021-30836) WebKit WebCore::AudioNode::disconnect null pointer reference

June 9, 2021 · 3 min · Ta Dinh Sung

(CVE-20221-35402) Prolink PRC2402M live_api.cgi satellist_list Un-authenticated Command Injection Vulnerability

June 9, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

(CVE-2021-35408) Prolink PRC2402M qos.cgi qos_sta_settings Un-authenticated Command Injection Vulnerability

June 8, 2021 · 2 min · Daniel Lim Wee Soong (@daniellimws)

May  2

(CVE-2021-0956) Android NFC Out-Of-Bounds Write due to increase mNumTechList without bounds checking

May 28, 2021 · 4 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-30745) Apple macOS QuartzCore Type Confusion Vulnerability

May 20, 2021 · 3 min · Peter Nguyễn Vũ Hoàng

April  6

(CVE-2021-0204) Juniper Junos OS Local Privilege Escalation vulnerability in dexp

April 14, 2021 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0223) Juniper Junos OS Local Privilege Escalation vulnerability in telnetd

April 14, 2021 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0254) Junos OS overlayd service bss Buffer Overflow

April 14, 2021 · 7 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0255) Juniper Junos OS Local Privilege Escalation vulnerability in ethtraceroute

April 14, 2021 · 3 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0256) Juniper Junos OS Local Privilege Escalation vulnerability in mosquitto

April 14, 2021 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-2321) Oracle VirtualBox E1000 BSS Out-Of-Bounds Read

April 6, 2021 · 8 min · Muhammad Alifa Ramdhan (@n0psledbyte)

March  4

(CVE-2021-3409) QEMU Heap Overflow in SDHCI Component

March 23, 2021 · 20 min · Muhammad Alifa Ramdhan (@n0psledbyte)

(CVE-2021-34978) NETGEAR R6260 setupwizard.cgi Buffer Overflow Unauthenticated Remote Code Execution

March 22, 2021 · 2 min · Sherman Chann Zhi Shen & Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-34979) NETGEAR R6260 mini_httpd Buffer Overflow Unauthenticated Remote Code Execution

March 22, 2021 · 5 min · Sherman Chann Zhi Shen & Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0950) Android NFC [email protected] Writer mode Out-Of-Bounds Write leading to Information Disclosure

March 5, 2021 · 7 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

February  4

(CVE-2021-33760) Windows Media Foundation Integer Overflow Vulnerability

February 27, 2021 · 3 min · Phan Thanh Duy (@PTDuy), Brandon Chong, Cao Yi Tian

(CVE-2021-34503) Windows Media Foundation Type Confusion Vulnerability

February 27, 2021 · 4 min · Phan Thanh Duy (@PTDuy)

(CVE-2021-1758) macOS/iOS CoreText Out-Of-Bounds Read

February 10, 2021 · 6 min · Peter Nguyễn Vũ Hoàng

(CVE-2021-1790) macOS/iOS CoreText libhvf Out-Of-Bounds Read

February 10, 2021 · 7 min · Peter Nguyễn Vũ Hoàng

2020  20

August  1

(CVE-2020-24430) Adobe Acrobat Pro DC FDF.addContact Use-After-Free Vulnerability

August 21, 2020 · 5 min · Alan Chang Enze

July  1

(CVE-2020-13937) Apache Kylin - Unauthenticated Configuration Disclosure

July 17, 2020 · 3 min · Ngo Wei Lin (@Creastery)

June  5

(CVE-2020-0634) Windows CLFS UAF Memory Corruption Vulnerability

June 12, 2020 · 5 min · Meysam Firouzi

(CVE-2020-1664) Juniper Junos OS dcd create_debug_data() buffer overflow

June 12, 2020 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0218) Junos OS lc_fetch_license_keys() command injection

June 12, 2020 · 4 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0219) Juniper Junos OS validate package mgd_package_real() command injection

June 12, 2020 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-1485) Cisco IOS XR CLI Arbitrary Command Injection

June 12, 2020 · 2 min · Darell Tan

May  3

(CVE-2020-15357) Askey AP5100W Authenticated Command Injection in web Interface

May 22, 2020 · 2 min · Li Bailin

(CVE-2020-25545) Askey AP5100W Information Leak through Insecure backups

May 22, 2020 · 2 min · Li Bailin

(CVE-2020-25546) Askey AP5100W Logic Error allowing Web Admin authentication bypass

May 22, 2020 · 2 min · Li Bailin

April  5

(CVE-2020-2575) Oracle VirtualBox OHCI Uninitialized Heap Variable - Pwn2Own

April 30, 2020 · 3 min · Pham Hong Phi (@anhdaden)

(CVE-2020-2748) Oracle VirtualBox SVGA Out-of-Bounds Read in vmsvgaR3FifoUpdateCursor

April 30, 2020 · 3 min · Pham Hong Phi (@anhdaden), Calvin Fong

(CVE-2020-2758) Oracle VirtualBox VHWA Use-After-Free Privilege Escalation

April 30, 2020 · 4 min · Calvin Fong

(CVE-2020-2894) Oracle VirtualBox e1kInsertChecksum Out-of-Bounds Read - Pwn2Own

April 30, 2020 · 2 min · Pham Hong Phi (@anhdaden)

(CVE-2020-10907) Foxit Reader XFA Widget Use-After-Free Code Execution

April 16, 2020 · 4 min · Peter Nguyễn Vũ Hoàng

March  3

(CVE-2020-3800) Adobe Reader xfa.loadXML Use-after-Free

March 17, 2020 · 3 min · Phan Thanh Duy (@PTDuy)

(CVE-2020-3801) Adobe Reader XFA Heap Address Leak

March 17, 2020 · 1 min · Phan Thanh Duy (@PTDuy)

(CVE-2020-9816) macOS libFontParser HeapOverflow Vulnerability

March 17, 2020 · 3 min · Peter Nguyễn Vũ Hoàng

January  2

(CVE-2020-2682) Oracle VirtualBox VBoxVHWAHandleTable Out-Of-Bounds Access Privilege Escalation

January 15, 2020 · 5 min · Pham Hong Phi (@hanhdaden)

(CVE-2020-2674) Oracle VirtualBox OHCI Use-After-Free

January 14, 2020 · 5 min · Pham Hong Phi (@hanhdaden)

2019  35

December  3

(CVE-2019-16452) Adobe Acrobat/Reader getSound JSObject Use-after-Free - TianFu Cup 2019

December 10, 2019 · 4 min · Phan Thanh Duy (@PTDuy)

(CVE-2020-0889) Microsoft Jet Database Format Record Length Memory Corruption

December 4, 2019 · 4 min · Shi Ji (@Puzzorsj), Meysam Firouzi

(CVE-2020-2902) Oracle VirtualBox Direct3D 9 Shader Out-of-Bounds Write Remote Code Execution Vulnerability

December 4, 2019 · 5 min · Pham Hong Phi (@anhdaden)

November  2

(CVE-2020-0961) Microsoft Jet Database file position integer overflow Memory Corruption

November 13, 2019 · 4 min · Shi Ji (@Puzzorsj), Meysam Firouzi

(CVE-2019-1406) Microsoft Jet Engine ColumnLvText Type Confusion

November 12, 2019 · 3 min · Shi Ji (@Puzzorsj) & Meysam Firouzi

October  7

(CVE-2019-2984) Oracle VirtualBox Video Hardware Acceleration NULL Pointer Dereferences

October 20, 2019 · 5 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3002) Oracle VirtualBox Integer Divide by Zero in hdaR3StreamInit

October 20, 2019 · 3 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3005) Oracle VirtualBox NULL Pointer Dereference in hdaR3WalClkSet

October 20, 2019 · 3 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3026) Oracle VirtualBox VBoxSVGA Invalid Check in vmsvgaFIFOLoop

October 20, 2019 · 4 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3031) Oracle VirtualBox VMSVGA Out-of-Bounds Read in vmsvga3dSetLightEnabled

October 20, 2019 · 3 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-8220) Adobe Reader CLstBxField Use-after-Free

October 15, 2019 · 4 min · Ta Dinh Sung

(CVE-2019-8221) Adobe Reader Type Confusion in getColorConvertAction

October 15, 2019 · 3 min · Ta Dinh Sung

September  1

(CVE-2019-1250) Microsoft Jet database Record::IsNull Memory Corruption

September 10, 2019 · 5 min · Shi Ji (@Puzzorsj) & Meysam Firouzi

August  2

(CVE-2019-8011) Acrobat Reader DC 2d.x3d!_LoadTIFF() Out-of-Bounds Read

August 13, 2019 · 4 min · Wei Lei

(CVE-2019-8018) Acrobat Reader DC 2d.x3d!_LoadRGB() OOB Read in TRGB::expandrow()

August 13, 2019 · 5 min · Wei Lei

June  2

(CVE-2019-8038) Adobe Acrobat/Reader CTextWidget Use-after-Free

June 20, 2019 · 5 min · Phan Thanh Duy (@PTDuy)

(CVE-2019-8039) Adobe Acrobat/Reader CTextField Use-after-Free

June 20, 2019 · 3 min · Phan Thanh Duy (@PTDuy)

May  2

(CVE-2019-7142) Acrobat Reader DC 2d.x3d!_LoadRGB() Out-of-Bounds Read/Write in TRGB::expandrow()

May 14, 2019 · 5 min · Wei Lei

(CVE-2019-8010) Acrobat Reader DC 2d.x3d!_LoadTIFF() Out-of-Bounds Read

May 7, 2019 · 4 min · Wei Lei

April  6

(CVE-2019-7118) Acrobat Reader DC 2d.x3d!_LoadRGB() Out-of-Bounds Write in TRGB::Read()

April 9, 2019 · 5 min · Wei Lei

(CVE-2019-7119) Acrobat Reader DC 2d.x3d!_LoadRGB() Out-of-Bounds Write in TRGB::Read()

April 9, 2019 · 5 min · Wei Lei

(CVE-2019-7120) Acrobat Reader DC 2d.x3d!_LoadILBM() Out-of-Bounds Read in TIF::Read()

April 9, 2019 · 5 min · Wei Lei

(CVE-2019-7121) Acrobat Reader DC 2d.x3d!_LoadILBM() Out-of-Bounds Read in TIF::Read()

April 9, 2019 · 5 min · Wei Lei

(CVE-2019-7122) Acrobat Reader DC 2d.x3d!_LoadTIFF() Out-of-Bounds Read in TTIFFread::TifReadChunkyRGB()

April 9, 2019 · 5 min · Wei Lei

(CVE-2019-7123) Acrobat Reader DC 2d.x3d!_LoadRGB() Memory Corruption in TRGB::expandrow()

April 9, 2019 · 5 min · Wei Lei

March  2

(CVE-2019-2722) Oracle VirtualBox e1000 Integer Underflow - Pwn2Own

March 20, 2019 · 5 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-9133) KMPlayer Subtitles Parser Integer Overflow Vulnerability

March 7, 2019 · 7 min · Phạm Hồng Phi (@anhdaden)

February  5

(CVE-2018-20334) ASUSWRT Command Injection in start_apply.htm

February 19, 2019 · 1 min · Shi Ji (@Puzzorsj)

(CVE-2018-20335) ASUSWRT Denial of Service of HTTP Service

February 19, 2019 · 1 min · Shi Ji (@Puzzorsj)

(CVE-2018-20336) ASUSWRT Stack Overflow in wanduck.c

February 19, 2019 · 5 min · Shi Ji (@Puzzorsj)

(CVE-2019-16340) Linksys Velop Authentication Bypass

February 19, 2019 · 3 min · Shi Ji (@Puzzorsj)

(CVE-2019-7035) Acrobat Reader DC 2d.x3d!_LoadGIF() Arbitrary Write in TGIF::PutPixel()

February 12, 2019 · 5 min · Wei Lei

January  3

(CVE-2019-16337) Hancom Office Use-after-Free in HncBD90

January 10, 2019 · 5 min · Shi Ji (@Puzzorsj)

(CVE-2019-16338) Hancom Office tfo_common Object Use-after-Free in HwordApp

January 10, 2019 · 3 min · Shi Ji (@Puzzorsj)

(CVE-2019-16339) Hancom Hcell Unspecified Memory Corruption

January 9, 2019 · 3 min · Shi Ji (@Puzzorsj)

2018  5

December  1

(CVE-2018-20333) ASUSWRT Information Disclosure on update_applist.asp

December 21, 2018 · 1 min · Shi Ji (@Puzzorsj)

November  4

(CVE-2019-6984) Foxit Reader U3D Shading Modifier Block Integer Overflow Vulnerability

November 28, 2018 · 4 min · Wei Lei

(CVE-2019-6985) Foxit Reader U3D 2D Glyph Modifier Block Use-after-Free Vulnerability

November 28, 2018 · 5 min · Wei Lei

(CVE-2019-6982) Foxit Reader U3D CLOD Mesh Declaration OOB Write

November 27, 2018 · 3 min · Wei Lei

(CVE-2019-6983) Foxit Reader U3D File Header Block Heap Overflow

November 27, 2018 · 5 min · Wei Lei