NEWS > Research Blog

nginx DNS Resolver Off-by-One Heap Write Vulnerability
An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer.
QR Code reconstruction
Reconstructing a QR Code from partially censored images.
Advisory X41-2021-001: Multiple Vulnerabilities in YARA
Luis Merino of X41 discovered multiple vulnerabilities in YARA
Microsoft Exchange Remote Code Execution - CVE-2020-16875
The patch for CVE-2020-16875 in Microsoft Exchange can bypassed to gain remote code execution again.
Pro-bono Pentests for COVID-19-related Apps & Software
COVID-19 pro-bono program finished
Background Image