Questions tagged [vulnerability]
A weakness or flaw in computer software and hardware which allows an attacker to take advantage of (exploit) a targeted system.
1,042
questions
1
vote
1
answer
137
views
Understanding how to correctly migitate CVE-2024-38095
I am trying to understand under which circumstances CVE-2024-38095 applies. When reading the advisory (https://github.com/dotnet/runtime/security/advisories/GHSA-447r-wph3-92pm), one finds the ...
- 273
1
vote
0
answers
22
views
Why is the "Scope Changed" CVSS Metric for Kernel Crash Vectors always "Unchanged"? [closed]
Looking at all the recent Linux kernel crash CVEs I see that the "Scope Changed" metric is always "Unchanged" indicating that "The vulnerable component is the affected ...
- 1,259
4
votes
2
answers
881
views
How to tell if RegreSSHion was exploited (CVE-2024-6387)
I have a VM with a Cloud Provider that I am able to SSH into. I've recently read about RegreSSHion (the reappearance of CVE-2006-5051, as CVE-2024-6387), and I'm wanting to make sure that I wasn't ...
- 143
-1
votes
1
answer
80
views
If a vulnerability is discovered on a website, is it better to contact the business owner or site designer/owner? [closed]
There are plenty of questions on this site about how to report a vulnerability (such as SQLi or XSS,) but none of them really answer my question of who to.
I understand for a big corporation (although ...
- 1,021
0
votes
1
answer
53
views
Under which situations is open redirection possible?
I am searching about the open redirection attack. When I look at websites that try to explain the situation, they generally say to test the URLs in the form of www.example.com?redirection=... to see ...
0
votes
1
answer
122
views
Is an isolated VM (Hyper-V) still safe despite the fact that the host uses RDP to view/control the VM?
This question is directed towards creating an isolated environment for a reverse engineering VM, where malicious programs will be disassembled, debugged by executing them, so static and dynamic ...
1
vote
0
answers
82
views
Is it possible to exploit this supposedly boolean-based blind and time-based blind SQLi (sqlmap)?
I recently found a boolean-based blind SQLi and since I'm new to the bug bounty scene - I don't understand what impact I can extract from it.
There is a website like example.com/tarif?tableId=136&...
- 11
0
votes
1
answer
82
views
Are all stateless authentication systems vulnerable to IDOR?
I have recently been introduced to the Insecure Direct Object Reference vulnerability (https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html) with ...
- 1
0
votes
0
answers
73
views
How can I safely write in my resume that I have written a MetaSploit exploit module without making employers nervous?
I have asked this question on The WorkPlace SE site and did not receive any comprehensive answers over there. I have around 10 years of cybersecurity industry experience and have gained proficiency ...
- 1,756
0
votes
1
answer
110
views
why is an allocated buffer stored on the stack and the heap?
I have this code which has a format string vulnerability in it:
#include <stdio.h>
int main() {
char buf[1024];
char secret1[64];
char flag[64];
char secret2[64];
// Read in first ...
- 103
0
votes
2
answers
74
views
Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?
I've found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?
0
votes
0
answers
80
views
how to exploit CVE-2023-1613
I am trying to understand the vulnerability in Rebuild in chromium which is identified as CVE-2023-1613.
I found this poc online: https://github.com/getrebuild/rebuild/issues/596
What I understood so ...
- 67
2
votes
1
answer
285
views
How to report related findings in a pentest report
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So ...
- 67
0
votes
0
answers
91
views
Bash deletes null bytes in exploit input for ROP/returntolibc
I am trying to do a returntolibc exploit. The goal is to gain a shell with root privilege by calling setuid(0) and then system("/bin/sh"). I have been agonizing over trying to get this thing ...
- 1
0
votes
1
answer
184
views
If a library has a vulnerable function, but my code doesn't call it, is my code at risk? Do I need to update?
I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java.
In a huge ...
- 67