All Articles

Page 1 of 5
Tech Editorials #Vulnerability #Windows #Advisory #CVE

From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11

terrynini

2025-02-12

Windows 11's KB5031455 update adds RAR and 7z support via libarchive, but DEVCORE discovered multiple vulnerabilities, including Heap Buffer Overflow and arbitrary file operations. Delayed patching also enables “Half-day” attacks, putting projects like ClickHouse at risk. A step forward in convenience—or a hidden security threat?

Tech Editorials #CVE #Vulnerability #RCE #Advisory #Apache

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!

orange

2024-08-09

This article explores architectural issues within the Apache HTTP Server, highlighting several technical debts within Httpd, including 3 types of Confusion Attacks, 9 new vulnerabilities, 20 exploitation techniques, and over 30 case studies. The content includes, but is not limited to: 1. How a single ? can bypass Httpd's built-in access control and authentication. 2. How unsafe RewriteRules can escape the Web Root and access the entire filesystem. 3. How to leverage a piece of code from 1996 to transform an XSS into RCE.