Questions tagged [vulnerability]
A weakness or flaw in computer software and hardware which allows an attacker to take advantage of (exploit) a targeted system.
1,063 questions
1 vote
0 answers
45 views
How can I restrict IFEO vulnerability?
I have an application, myapplication.exe. Through IFEO registry I can attach a debugger, which can be a malicious piece of software for a attacker. Only someone having access to Windows registry can ...
1 vote
0 answers
93 views
The security of HSM keys and various scenarios, Is iCloud Permanently Deleted Data Safe with ADP Enabled?
I’m trying to understand the privacy implications of iCloud’s Advanced Data Protection (ADP), Hardware Security Module (HSM) keys, and permanently deleted data. My concern is that, from a user's ...
- 11
1 vote
0 answers
47 views
why would arena_get() function from malloc return the arena_key in house of prime
I'm trying to understand how in glibc 2.3.5 arena_get function (called by public_mALLOc) will return the arena_key in house of prime exploit, where the arena_key is first overridden to the value of ...
- 11
15 votes
2 answers
5k views
Web application contains a link to a non-existing domain, is this a vulnerability?
I got a Dynamic Application Security Testing (DAST) scan that reports an issue on a web application. It says "The web application contains a link to a non-existing domain" and it's marked ...
- 559
1 vote
0 answers
277 views
could XXE vulnerability lead to an RCE
I have identified an XXE vulnerability in an XML parser of an application that allows external entities. I used the below crafted xml to do a get request on localhost on port 9090, and on the same ...
- 559
5 votes
3 answers
2k views
Which external vulnerabilities remain for a web server secured with mTLS?
Scenario: A web server with a web app for remote staff. The web server is behind a reverse proxy (traefik) The web server has a host based firewall configured to allow connections only from the proxy ...
- 802
0 votes
0 answers
91 views
Does this vulnerability related to general purpose registers exist?
Does anyone know any type of vulnerability that affects CPU registers that allows an attacker overwrite registers with specific values that remain fixed for example for a few instructions and only ...
- 3
1 vote
0 answers
77 views
Do common centralized IT access policies create any security risks, and are there alternatives? [closed]
Many large companies have IT policies where even low-level IT employees have privileges such as remote access to any company computer (often automatic, able to override user denial, or even silent), ...
- 111