Qualys Research Nominated for Pwnie Awards 2021

The Qualys Research team has been nominated for five Pwnie Awards this year in three different categories. In addition to nominations for Best Privilege Escalation Bug (2 nominations) and Best Server-Side Bug (2 nominations), the team is also nominated for Most Under-Hyped Research.

Qualys is honored for the second time in a row after being nominated for five Pwnie Awards in 2020.



The Pwnie Awards are an annual recognition celebrating the achievements of security researchers and the security community. Nominations are taken from the security community at large, and a panel of respected security researchers are reviewing the Active Nominations and will announce winners in each category at Black Hat USA 2021 on August 4, 2021 at 5:30pm PT.

The Qualys Research team is nominated in these categories:

Best Privilege Escalation Bug

Heap-based buffer overflow in Sudo!

A heap-based buffer overflow vulnerability was discovered in Sudo and is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user’s password). Read more

Sequoia: A deep root in Linux’s filesystem layer

The Qualys Research Team discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. Read more

Best Server-Side Bug

21Nails (too many to list)

Multiple critical vulnerabilities were discovered in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Read more

15 years later: Remote Code Execution in qmail (CVE-2005-1513)

In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. We recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation. Read more

Most Under-Hyped Research

21 Nails

Multiple critical vulnerabilities were discovered in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Read more

Join Our Research Team

The Qualys Research team engages in innovative vulnerability research and has multiple open positions within our vulnerability research team. If you are a security researcher looking for new opportunities, we invite you to apply for our open research and engineering positions worldwide.