Questions tagged [vulnerability]
A weakness or flaw in computer software and hardware which allows an attacker to take advantage of (exploit) a targeted system.
1,065 questions
19
votes
8
answers
3k
views
Plausibility of a write-only hack of an employee database
I am writing a book, and in it, a character has hacked an employee database. They want to do two things: read and write. They want to see all the employees, but they also want to insert a new employee ...
- 291
-2
votes
0
answers
39
views
How do privilege escalation techniques differ between Windows and Linux systems? [closed]
I encountered privilege escalation modules while preparing for Certified Ethical Hacker Exam, but the exam material is often shallow. Most resources like Pass4Future give high-level explanations in ...
1
vote
0
answers
55
views
How can I restrict IFEO vulnerability?
I have an application, myapplication.exe. Through IFEO registry I can attach a debugger, which can be a malicious piece of software for a attacker.
Only someone having access to Windows registry can ...
0
votes
1
answer
68
views
Is unterminated escape sequence message at response with 500 status code refer to a vulnerability [closed]
In one bug bounty program, when I tried to send HTTP request where the path ended with character (%) like the following example:
GET /resources/% HTTP/2
Host: www.example.com
Content-Length: 160
...
- 3
1
vote
0
answers
102
views
The security of HSM keys and various scenarios, Is iCloud Permanently Deleted Data Safe with ADP Enabled?
I’m trying to understand the privacy implications of iCloud’s Advanced Data Protection (ADP), Hardware Security Module (HSM) keys, and permanently deleted data. My concern is that, from a user's ...
- 11
0
votes
1
answer
180
views
risk assessment vs threat modelling
I want to have a definitive understanding of the terms risk assessment and threat modelling. I read different articles, but I still can't grasp the difference.
How do I know which exercise I should do?...
- 559
1
vote
0
answers
50
views
why would arena_get() function from malloc return the arena_key in house of prime
I'm trying to understand how in glibc 2.3.5 arena_get function (called by public_mALLOc) will return the arena_key in house of prime exploit, where the arena_key is first overridden to the value of ...
- 11
-2
votes
1
answer
148
views
what is the recommended xml secure configuration to prevent xxe
I want to write down as a security requirements, the recommended security configurations that should be applied to any xml parser.
I checked the OWASP cheatsheet (https://cheatsheetseries.owasp.org/...
- 559
15
votes
2
answers
5k
views
Web application contains a link to a non-existing domain, is this a vulnerability?
I got a Dynamic Application Security Testing (DAST) scan that reports an issue on a web application.
It says "The web application contains a link to a non-existing domain" and it's marked ...
- 559
1
vote
1
answer
197
views
What's the deal with CISA adding CVE-2024-49035 (Microsoft Partner Center vulnerability) to its catalog of exploited vulnerabilities?
Two weeks ago (Feb 25, 2025), CISA added CVE-2024-49035 to its catalog of actively exploited vulnerabilities.
Now, the thing is: CVE-2024-49035 is not a "classic" vulnerability in a software ...
- 3,960
1
vote
0
answers
285
views
could XXE vulnerability lead to an RCE
I have identified an XXE vulnerability in an XML parser of an application that allows external entities.
I used the below crafted xml to do a get request on localhost on port 9090, and on the same ...
- 559
12
votes
10
answers
2k
views
Best Practices for Managing Open-Source Vulnerabilities in Enterprise Deployments
We are facing a challenge with managing vulnerabilities in certain open-source libraries used in our enterprise product. The current versions of these libraries have known vulnerabilities flagged by ...
- 229
5
votes
3
answers
2k
views
Which external vulnerabilities remain for a web server secured with mTLS?
Scenario:
A web server with a web app for remote staff.
The web server is behind a reverse proxy (traefik)
The web server has a host based firewall configured to allow connections only from the proxy ...
- 802
3
votes
1
answer
150
views
how is CVE-2021-22044 risky
I am looking at this CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-22044
The description says:
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to
2.2.9.RELEASE, and older unsupported ...
- 559
0
votes
0
answers
94
views
Does this vulnerability related to general purpose registers exist?
Does anyone know any type of vulnerability that affects CPU registers that allows an attacker overwrite registers with specific values that remain fixed for example for a few instructions and only ...
- 3
