U.S. Dept Of Defense: [█████] Get all tickets (IDOR)

In this report I want to describe an interesting vulnerability that allows you to extract tickets with personal data on the site. When user registering a new entry, the user receives a link with a ticket number and a random 4-digit code. The vulnerability is that this code can be easily bruted, s...

GNU glibc denial of service vulnerability (CNVD-2015-01962)

glibc is the libc library, or c runtime library, released by GNU. glibc is the lowest level api in the linux system, and almost any other runtime library will depend on glibc. Name Service Switch NSS's file backend fails to isolate the entire database iteration from key-based query API calls, and...