2015 Pwnie Award Nominees

Best Client-Side Bug

It’s ESET Up!

Sandworm (CVE-2014-4114)

W3TotalFail

Will it BLEND? (CVE-2015-0093, CVE-2015-3052)

Best Privilege Escalation Bug

PingPongRoot (CVE-2015-3636)

Rowhammer

UEFI SMM Privilege Escalation

Wild TTF Overflow

Will it BLEND? (CVE-2015-0093, CVE-2015-3052)

Best Server-Side Bug

Clobberin’ Time (CVE-2014-9293, CVE-2014-9295)

Magento(CVE-2015-1397)

SAP LZC LZH Compression Multiple Vulnerabilities (CVE-2015-2278, CVE-2015-2282)

Best Song

“Clean Slate”

“Integer Overflow”

“Spierdalaj Kurwa”

“Try Harder!”

Epic 0wnage

Hacking Team

Kaspersky Lab

Samsung Swiftkey Keyboard Bugdoor

The World

U.S. Office of Personnel Management

Lamest Vendor Response

“A Peek Under The Blue Coat”

Samsung Swift Keyboard MITM RCE

Seagate NAS RCE

Lifetime Achievement Award

Gera Richarte

Halvar Flake

Ivan Arce

Rolf Rolles

Wu Shi

Most Epic Fail

Aviator

ManageEngine

Oh, Pleaseā€¦ Man!

Peepin’ on the Creepin’

We’re Not Quite Sure

Most Innovative Research

Abusing Silent Mitigations

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Modern Platform-Supported Rootkits

Threatbutt Advanced Enterprise Platform

ret2dir

Most Over-Hyped Bug

Shellshock (CVE-2014-6271)

VENOM (CVE-2015-3456)

iOS CoreText DoS (CVE-2015-1157)