Questions tagged [vulnerability]
A weakness or flaw in computer software and hardware which allows an attacker to take advantage of (exploit) a targeted system.
1,045
questions
2
votes
0
answers
49
views
How to scan and sanitize STL files?
Is there any tools to scan and/or sanitize .stl files?
I maintain a security-critical GitHub repo. A contributor recently created a PR that includes changes to .md, .scad, and .stl files.
The changes ...
- 1,050
5
votes
2
answers
4k
views
Can trusted timestamping be faked by altering some bytes within the document?
Consider the following scenario:
I prepare a document with a "Lorem ipsum bla bla" content (Document_A) and get a trusted timestamp for this document (Timestamp_of_document_A).
After some ...
- 169
5
votes
2
answers
2k
views
What exactly is the Randstorm vulnerability?
I've read the article from Unciphered about it, multiple times, and still fail to understand it.
It basically says that wallets generated by the BitcoinJS front-end library from 2011 to 2015 are ...
- 51
1
vote
1
answer
159
views
Understanding how to correctly migitate CVE-2024-38095
I am trying to understand under which circumstances CVE-2024-38095 applies. When reading the advisory (https://github.com/dotnet/runtime/security/advisories/GHSA-447r-wph3-92pm), one finds the ...
- 273
1
vote
0
answers
22
views
Why is the "Scope Changed" CVSS Metric for Kernel Crash Vectors always "Unchanged"? [closed]
Looking at all the recent Linux kernel crash CVEs I see that the "Scope Changed" metric is always "Unchanged" indicating that "The vulnerable component is the affected ...
- 1,259
4
votes
2
answers
914
views
How to tell if RegreSSHion was exploited (CVE-2024-6387)
I have a VM with a Cloud Provider that I am able to SSH into. I've recently read about RegreSSHion (the reappearance of CVE-2006-5051, as CVE-2024-6387), and I'm wanting to make sure that I wasn't ...
- 143
-1
votes
1
answer
80
views
If a vulnerability is discovered on a website, is it better to contact the business owner or site designer/owner? [closed]
There are plenty of questions on this site about how to report a vulnerability (such as SQLi or XSS,) but none of them really answer my question of who to.
I understand for a big corporation (although ...
- 1,129
0
votes
1
answer
55
views
Under which situations is open redirection possible?
I am searching about the open redirection attack. When I look at websites that try to explain the situation, they generally say to test the URLs in the form of www.example.com?redirection=... to see ...
0
votes
1
answer
130
views
Is an isolated VM (Hyper-V) still safe despite the fact that the host uses RDP to view/control the VM?
This question is directed towards creating an isolated environment for a reverse engineering VM, where malicious programs will be disassembled, debugged by executing them, so static and dynamic ...
1
vote
0
answers
83
views
Is it possible to exploit this supposedly boolean-based blind and time-based blind SQLi (sqlmap)?
I recently found a boolean-based blind SQLi and since I'm new to the bug bounty scene - I don't understand what impact I can extract from it.
There is a website like example.com/tarif?tableId=136&...
- 11
0
votes
1
answer
82
views
Are all stateless authentication systems vulnerable to IDOR?
I have recently been introduced to the Insecure Direct Object Reference vulnerability (https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html) with ...
- 1
0
votes
0
answers
74
views
How can I safely write in my resume that I have written a MetaSploit exploit module without making employers nervous?
I have asked this question on The WorkPlace SE site and did not receive any comprehensive answers over there. I have around 10 years of cybersecurity industry experience and have gained proficiency ...
- 1,756
0
votes
1
answer
110
views
why is an allocated buffer stored on the stack and the heap?
I have this code which has a format string vulnerability in it:
#include <stdio.h>
int main() {
char buf[1024];
char secret1[64];
char flag[64];
char secret2[64];
// Read in first ...
- 103
0
votes
2
answers
75
views
Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?
I've found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?
0
votes
0
answers
80
views
how to exploit CVE-2023-1613
I am trying to understand the vulnerability in Rebuild in chromium which is identified as CVE-2023-1613.
I found this poc online: https://github.com/getrebuild/rebuild/issues/596
What I understood so ...
- 67