locus-x64@pwn:/posts$
-
CVE-2025-61765: RCE in Socket.IO via Pickle Deserialization
Vulnerability I came across this CVE while looking into pickle deserialization vulnerabilities in Python applications. CVE-2025-61765 is a Remote Code Execution (RCE) vulnerability in python-socketio library. It affects multi-server setups that use message brokers like Redis, Kafka, or RabbitMQ. The root cause is unsafe use of Python’s pickle module, the...
-
Elixir Cross Referencer: Indexing and Auditing Source Code
Elixir Elixir is a source code cross-referencer inspired by LXR. It’s written in Python, and its main purpose is to index every release of a C or C++ project (like the Linux kernel) while keeping a minimal footprint. It uses Git as a source-code file store and Berkeley DB for...
-
CVE-2024-22857: Arbitrary Code Execution in zlog
Vulnerability Heap-based buffer flow in zlog versions v1.1.0 to v1.2.17 in zlog_rule_new(). The size of record_name is MAXLEN_PATH(1024) + 1, but file_path may have data up to MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. A check was missing in zlog_rule_new() when copying the record_name from file_path + 1, which caused the buffer overflow. An...
-
Linux Kernel Compilation and Adding a Custom System Call
Prerequisites Please make sure you have a good amount of free space. As for Virtual Machines, people had issues when they allocated only 20GB of storage space. So, allocate at least 50GB to avoid issues. Install the following packages before moving to the next step: sudo apt install gcc make...