code execution – Page 7 – WindowsTechs.com

Amazon Kindle, Embedded Devices Open to Code-Execution

Posted on November 7, 2019 by Tara Seals

Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component. Continue reading Amazon Kindle, Embedded Devices Open to Code-Execution→

Explanation of persistent full-chain kernel code execution

Posted on November 5, 2019 by pov

My question

Meaning of persistent full-chain — ?
What is the difference between OS-level CE and Kernel level CE?

How do OS-level CE and Kernel level CE differentiate in impacting a system?
Rarity and difficulty when it c… Continue reading Explanation of persistent full-chain kernel code execution→

HP Touchpoint Analytics Opens PCs to Code Execution Attack

Posted on October 10, 2019 by Lindsey O'Donnell

The vulnerability stems from an issue with DLL loading in Open Source Hardware, used by tens of millions of computers, researchers say. Continue reading HP Touchpoint Analytics Opens PCs to Code Execution Attack→

Securing Code Secrets – What is the relevance if the host gets compromised?

Posted on September 12, 2019 by R. StackUser

I’ve been researching and testing different approaches when it comes to securing code secrets, and am unsure what the best options are, and if they even have any relevance once a host gets compromised.

Some standard approac… Continue reading Securing Code Secrets – What is the relevance if the host gets compromised?→

Critical Cisco VM Bug Allows Remote Takeover of Routers

Posted on August 29, 2019 by Tara Seals

CVE-2019-12643 has been given the highest possible severity rating. Continue reading Critical Cisco VM Bug Allows Remote Takeover of Routers→

DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door

Posted on August 8, 2019 by Tara Seals

A raft of bugs in six popular models can allow a hacker to wreak havoc on a corporate network. Continue reading DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door→

How does buffer overread cause arbitrary code execution?

Posted on July 24, 2019 by user212957

Referenced in the recent VLC vulnerability and other places, apparently buffer overreads can cause arbitrary code execution. How does it do that? Suppose in the following toy example

void badcpy(const char* src, char* dst, i… Continue reading How does buffer overread cause arbitrary code execution?→

How much protection does sandbox software provide against malicious .exe?

Posted on July 23, 2019 by kite

I need to review a large number of .exe game files. I recently had an incident where I got infected by an .exe that passed all my ‘checks’: virus scan, Virustotal, reviews, community feedback, uploader history, uploader motiv… Continue reading How much protection does sandbox software provide against malicious .exe?→

What is the risk of allowing user input in Python’s ‘re’ module

Posted on June 13, 2019 by Paradoxis

Some context

I’m currently building an application which lets user’s set up dynamic, queries they can execute later. A great addition to this seems like a regex module, in which users can filter based on a given regular expr… Continue reading What is the risk of allowing user input in Python’s ‘re’ module→

Is php code with such features vulnerable to RCE?

Posted on May 9, 2019 by Alex Velickiy

I’m participating in one bugbounty program.
This site runs on php (Apache) and uses amfphp library.

Here are the things I found I can make this library do for me:

Include (include_once call) any file on disk that ends with… Continue reading Is php code with such features vulnerable to RCE?→