Tweets

You blocked @pozdnychev

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @pozdnychev

  1. Jan 28

    Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"

    Undo
  2. 11 Dec 2019

    Qualys Security Advisory Team: Local Privilege Escalation in OpenBSD's loader (, CVE-2019-19726). Getting root on default install (i386/amd64), by tweaking the environment variables. Exploit and more details at:

    Undo
  3. 4 Dec 2019

    Qualys Security Advisory: Authentication vulnerabilities in OpenBSD's auth system (CVE-2019-19521). LPE on default install via xlock (CVE-2019-19520) and su (CVE-2019-19519). Local root if S/Key or yubikey is enabled (CVE-2019-19522). More details at

    Undo
  4. Undo
  5. 6 Jun 2019

    Qualys Security Advisory Team: "The return of the WIZard", now the full advisory (CVE-2019-10149) is available at

    Show this thread
    Undo
  6. 5 Jun 2019

    Qualys Security Advisory Team: "The return of the WIZard" (CVE-2019-10149). Instant LPE in Exim (4.87 to 4.91). Seven days to trigger a RCE. No memory corruption or ROP involved. Bypass NX/ASLR/SSP/PIE/full RELRO/etc. Architecture independent. More at

    Show this thread
    Undo
  7. 10 May 2019
    Show this thread
    Undo
  8. 9 May 2019

    If your distribution is pretty close to the ones mentioned above, you might want to edit target.c and change the md5sum to give a shot. It should take, as the advisories says, about 10min on i386 and 70+min on amd64, with a quite big variance.

    Show this thread
    Undo
  9. 9 May 2019

    Qualys Security Advisory Team: "System Down" (systemd-journald) exploit for CVE-2018-16865 and CVE-2018-16866 is released. It should work at least on Debian Stretch (i386/amd64), Ubuntu 18.04.1 (amd64) and CentOS 7.5 (amd64). More at

    Show this thread
    Undo
  10. 9 Jan 2019

    s/memory leak/information leak/.

    Show this thread
    Undo
  11. 9 Jan 2019

    Qualys Security Advisory team: "System Down: a systemd-journald exploit". Memory corruptions (CVE-2018-1686{4,5}) and one memory leak (CVE-2018-16866) in systemd. LPE on most Linux distros (except those compiled with -fstack-clash-protection). Details at

    Show this thread
    Undo
  12. 25 Sep 2018

    Qualys Security Advisory Team - Mutagen Astronomy: Integer overflow in Linux's create_elf_tables(), CVE-2018-14634. LPE (full root) from a suid-root binary. RHEL, CentOS and Debian 8 are vulnerable. Advisory, PoC and exploit at:

    Undo
  13. 27 Aug 2018

    Qualys Security Advisory Team: another OpenSSH "user enumeration". From OpenSSH 5.9 to 7.8 (august 24th, 2018). "PoC" (well, a 2-liners) provided. More details on

    Undo
  14. 15 Aug 2018

    Qualys Security Advisory Team: OpenSSH Username Enumeration, in all versions (Linux, *BSD, ...) since november 2000. Fixed in 7.8p1 but not tagged as a security issue. More details in

    Undo
  15. 17 May 2018

    Qualys Security Advisory team: Procps-ng audit; 127 proposed patches, from minor bugs to security ones; 7 CVEs; 2 Denials of service; One process-hiding method; 2 LPEs; Userland vulnerability leading to escape from a container.

    Undo
  16. 13 Dec 2017

    Qualys Security Advisory Team: various bugs in iscsiuio,

    Undo
  17. 11 Dec 2017

    QSA Team: memory leak (CVE-2017-1000408 appeared in 1999) and buffer overflow in ld.so (CVE-2017-1000409, 2006) to gain full root if protected_hardlinks is disabled and not patched against CVE-2017-1000366:

    Undo
  18. 3 Oct 2017

    Qualys Security Advisory Team: CVE-2017-1000253 (PIE/stack corruption) exploit for CentOS 7

    Undo
  19. 26 Sep 2017

    QSA Team: Linux PIE/stack Corruption (CVE-2017-1000253), LPE for CentOS 7 (< 1708), CentOS 6, RHEL 7 (< 7.4):

    Undo
  20. 28 Jun 2017

    Qualys Security Advisory Team: Stack Clash exploits and PoCs released:

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·