Low Level Learning

A deep dive into a vulnerability found in the szip program, highlighting the steps taken to identify and triage over a thousand crashes. The author explains the process of fuzzing, the details of the integer underflow vulnerability, and the resulting potential for remote code execution. The bug was fixed in 7zip version 2407, and users are advised to update to this or a newer version to mitigate the security risk.

i found thousands of errors in this program. (you've probably used it)

Spring

Broadcom and third-party partners utilize cookies and similar technology to analyze site usage, enhance user experience, and assist with advertising. Visiting their site implies consent to their cookie policy.

CVE-2024-38827: Spring Security Authorization Bypass for Case Sensitive Comparisons

ThePrimeTime

A 15-year-old programmer discovered a vulnerability in Zendesk that allowed remote attackers to read ticket histories via email spoofing. Despite the severity of the issue, Zendesk initially dismissed the report, leading the teenager to disclose the bug to affected companies directly. This eventually pressured Zendesk to fix the issue, but they did not reward the programmer, citing a breach of disclosure guidelines.

Zendesk Mega Backdoor

Explore cybersecurity vulnerabilities and threats, including common security weaknesses and attack vectors. Learn about vulnerability assessment techniques, penetration testing, and security best practices. Whether you're a cybersecurity professional, developer, or system administrator,  secure your systems and applications.

Best of Vulnerability — November 2024