V12
81 posts


@v12sec Are you able to say what versions of postgres this impacts yet?
English

And here's postgres bidirectional RCE
no admin required, client infects server, server infects client ♻️🐛
V12@v12sec
found another one! redis 8.8.0 bidirectional RCE we will release poc after the patch
English

Iroh is a P2P networking Rust library used by (among others) Paycode and Nous.
We found a preauth DoS in iroh-relay where malformed messages could crash relays.
The iroh team fixed it in iroh-relay 1.0.2 and patched public relays. Thanks to @n0computer for the fast response!
English

@sdd1218215 @YogSoth0 No. This is a different bug. that one is logical and has a bunch of weird preconditions. This is a clean memory corruption.
English

@YogSoth0 @v12sec looks a little different but github.com/bikini/exploit… rce here as well in latest version
English
V12 retweetledi

Using V12 has been such a smooth experience auditing my projects.
I recommend it a lot if you want something between the very expensive manual audits by established companies and just saying "Hey Claude, find any bugs in my repo". The team behind it is making improvements daily!
V12@v12sec
comment "v12 pls audit" on any PR to get it audited
English

Premarket is now in public beta.
We build markets for things that haven’t happened yet, and now the doors are open for you to trade them
-> app.premarket.xyz
GIF
English
V12 retweetledi


found another one! redis 8.8.0 bidirectional RCE
we will release poc after the patch
V12@v12sec
we have server RCE now too. with client + server, this is now wormable 😄 we have some other wormables too :D stay tuned
English

this is not accurate. Windows is affected by the vulnerability. Use through relays is also affected


AnyDesk Software@anydesk
We are aware of this vulnerability. To summarize our current impact assessment: this is limited to direct connections on Linux (connections that do not go through our relays). Windows and macOS are not affected. Based on our initial assessment, we have identified no evidence of exploitation against our infrastructure or customer environments. A patch is expected to be released within 48 hours.
English

since this is now patched, it is now safe to repost the video
V12@v12sec
it's fixed now :) github.com/mozilla-mobile…
English



