Adam Kues (@Hash_kitten)

Title	Vulnerabilities	Programs	Authors
Chaining Three Bugs to Access All Your ServiceNow Data	RCE SSTI Security Code Review	ServiceNow	Adam Kues (@Hash_kitten)
Why nested deserialization is harmful: Magento XXE (CVE-2024-34102)	Insecure Deserialization XXE Patch Diffing Security Code Review	Magento	Adam Kues (@Hash_kitten) Shubham Shah (@Infosec_au)
Digging for SSRF in NextJS apps	SSRF Security Code Review	Vercel (NextJS)	Adam Kues (@Hash_kitten) Shubham Shah (@Infosec_au)
Continuing the Citrix Saga: CVE-2023-5914 & CVE-2023-6184	Reflected XSS SSO RCE .NET Remoting Insecure Deserialization Security Code Review	Citrix Systems	Dylan Pindur Shubham Shah (@Infosec_au) Adam Kues (@Hash_kitten)
Leaking File Contents with a Blind File Oracle in Flarum	PHP Filter Chain Arbitrary File Read LFI Security Code Review	Flarum	Adam Kues (@Hash_kitten)

Page 1 of 1