Collaborate Disseminate
WPA3 for Wi-Fi systems is generally acknowledged to be more secure than WPA2. For example, it introduces SAE with the Dragonfly handshake, in an attempt to close the door on the kind of brute force dictionary attacks that WPA2 could be sus… Continue reading What should we do in practice to mitigate vulnerabilities in WPA3?
I’m trying to find a list to help find out if particular ASP.NET version has known vulnerabilities by version-build number. Googling doesn’t help. Is there a list by Microsoft that can help me, containing all existing build numbers (like “… Continue reading How to determine if particular .NET/ASP.NET build has known vulnerabilities?
How do I demo a CVE I’ve chosen?
For the CVEs that are in .java, can I just download the files and compile it as an app?
For the CVE that are in .c or .cpp I have to work with it since its kernel level?
I am new to working with CVE and … Continue reading How do you test a android CVE? [closed]
Is there any evidence or research into the likelihood, as well as damage, via vulnerabilities in previous versions compared to following iterations of software?
For example, with every software version, there is the likelihood of new sec… Continue reading Upgrading Software Version: risk of an unknown vs known vulnerabilities
It’s been almost three years since Mar 2017 leak of CIA stash of exploits known as “Vault 7”
Can we assume that all the exploits have been fixed by now?
iOS 11, 12, and later offer an autofill function from the iOS keyboard for specific apps enabled for the function. I have read Apple’s documentation and it appears that the passwords are stored in the app and then recalled to… Continue reading What are the vulnerabilities of the autofill feature in iOS 11 and later?
I have set up a server running Linux Kernel 4.4. How can I exploit this, preferably not a DoS attack? I have opened port 80(https), however I would rather do it in an elegant fashion so I can actually learn something instead … Continue reading Remotely exploit Linux kernel with CVE-2017-18017?
When looking at the Oracle Java JRE vulnerability list on cvedetails, they list the affected versions in the text, and usually also in a table below the description.
However, I’m not confident that the vulnerability is only c… Continue reading Can I trust that the Java CVE’s contain only the affected versions?
Our hosting provider wants to update our legacy application server (Plesk).
We usually place older PHP projects (PHP 5.3 – 5.6) there, so they can sit in a stable environment until their unknown EOL.
Now the thing is, our p… Continue reading Does it really improve security to update PHP interpreter version without any code changes at all?
I’ve noticed that the subject in one of the spam emails looks like this in source:
Subject: Offe=?UTF-8?Q?=EF=BB=BF?=r fr=?UTF-8?Q?=EF=BB=BF?=om C=?UTF-8?Q?=EF=BB=BF?=redi=?UTF-8?Q?=EF=BB=BF?=t On=?UTF-8?Q?=EF=BB=BF?=e Ba=?UTF-8?Q?=EF=BB=… Continue reading Weird character sequence in email subject