Search results
1 maj 2015 · You can only get buffer overflows if you use certain unsafe constructs, not with "normal" C# code. Memory corrupting code shouldn't be possible at all, when your code is running with lowered trust. A few possibilities for buffer overflows:
21 maj 2014 · It is not possible to have a buffer overflow vulnerability in a managed memory environment such as Java, .Net, or Python provide. Since the runtime, not the developers manage memory allocations and deallocations, this class of vulnerability is non-existent.
12 sty 2020 · And this is what we’ll focus on today: gaining arbitrary code execution using an insecure deserialization bug in a Java application. In order to understand how to exploit deserialization...
8 sty 2024 · Some deserialization exploits allow an attacker to execute custom Java code that could lead to denial of service attacks, stealing of user session or unauthorized access to resources. As each deserialization vulnerability is different and each system set up is different, what an attacker can achieve varies widely.
Play .NET Labs on this vulnerability with SecureFlag! The .NET framework offers several instances of deserialization. Developers will likely be familiar with the following example, where some untrusted binary data is deserialized to create some objects:
15 gru 2021 · A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications. The vulnerability CVE-2021-44228, also known as Log4Shell, permits a Remote Code Execution (RCE), allowing the attackers to execute arbitrary code on the host.
There are “deserialization” not “serialization” vulnerabilities because objects in memory are usually safe for serialization. Users however can provide malicious data for deserialization. Only deserialize “simple” objects. Questions?
