Project Moon

Chakra JIT Loop LandingPad ImplicitCall Bypass

Author: Qixun Zhao(aka @S0rryMybad && 大宝) of Qihoo 360 Vulcan Team 前言在第一篇文章的时候,我们提到过关于回调的漏洞一般分为三种情况,其中第一种是GlobOpt阶段的|BailOutOnImplicitCall ...

Oracle WebLogic Two RCE Deserialization Vulnerabilities

Author: Zhiyi Zhang of 360 ESG Codesafe Team 前言Oracle 官方在7月份发布关键补丁更新之后,我在当月随后陆续提交了一些weblogic的不同类型漏洞,由于官方并 没有全部修复完成,本次的补丁修复了我报送的6个漏洞,其中有3个漏洞由于某些原因合 ...

Use After Free in mDNSOffloadUserClient.kext

Both Qixun Zhao of Qihoo 360 Vulcan Team and Liang Zhuo of Qihoo 360 Nirvan Team found this issue independently. BackgroundIOKit UserClient classe ...

Edge Inline Segment Use After Free

Author:Qixun Zhao(aka @S0rryMybad && 大宝) of Qihoo 360 Vulcan Team 在今个月的微软补丁里,修复了我报告的4个漏洞,我将会一一讲解这些漏洞.因为我写的这些文章都是用我的空余时间写的,因为每天还有大量的工作和需要休息 ...

Edge InlineArrayPush Remote Code Execution

Note:Sorry for my poor English, to express exactly what I mean and avoid misunderstand,I need to write in Chinese.If someone want to translate to ...