Get all the news first.
Découvrez comment nous avons identifié plusieurs vulnérabilités critiques lors de l'audit d'une application bancaire, incluant SQL Injection permettant le dump de la base de données, contournement du 2FA et IDOR sur API AWS...
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. This vulnerability allows local privilege escalation...
A global memory corruption vulnerability exists in the upnpd server. A specially-crafted SUBSCRIBE request can lead to a stack buffer overflow and remote code execution...
This vulnerability can be remotely exploited by an attacker on the WAN side of the router, without authentication. The aws_json daemon fetches JSON data from a webserver and a buffer overflow can be triggered when parsing this content...
A local security vulnerability in Skype for macOS allows unsigned shared library injection due to improper entitlements configuration and Hardened Runtime bypass...
Implementing high-speed in-process fuzzing techniques on Foxit Reader's ConvertToPDF plugin to discover multiple crashes and potential security vulnerabilities...
Exploitation of CVE-2015-0057, a local privilege escalation vulnerability in win32k on Windows, with detailed analysis of ASLR and SMEP bypass techniques...
This vulnerability is based on a use-after-free in version 10 of Internet Explorer and allows the execution of arbitrary code when a user visits a maliciously crafted website...
I was recently looking for an opensource cpp lightweight PDF and XPS viewer to play with and I found MuPDF. Here is how I discovered a remote code execution vulnerability...
+33 (0) 1 87 65 16 48
contact@hdwsec.fr
Our PGP Key
178 Boulevard Haussmann
75008 Paris , FRANCE