Dylan Pindur | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762	RCE Out-of-Bounds Write Memory Corruption Patch Diffing	Fortinet	Dylan Pindur
Continuing the Citrix Saga: CVE-2023-5914 & CVE-2023-6184	Reflected XSS SSO RCE .NET Remoting Insecure Deserialization Security Code Review	Citrix Systems	Dylan Pindur Shubham Shah (@Infosec_au) Adam Kues (@Hash_kitten)
Auth Bypass Round Two	SAML SSRF RCE Authentication Bypass Security Code Review	Ivanti	Dylan Pindur
High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE (CVE-2023-46805 & CVE-2024-21887)	RCE Authentication Bypass Path Traversal OS Command Injection Security Code Review	Ivanti	Shubham Shah (@Infosec_au) Dylan Pindur
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966	Buffer Over-Read Memory Corruption Security Code Review	Citrix Systems	Dylan Pindur
Finding and Exploiting Citrix NetScaler Buffer Overflow (CVE-2023-3519) (Part 3)	Buffer Overflow Memory Corruption	Citrix Systems (NetScaler)	Dylan Pindur
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway	RCE Code Injection SAML Security Code Review	Citrix Systems	Dylan Pindur Shubham Shah (@Infosec_au)
Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)	RCE Path Traversal Cryptographic Issues Security Code Review	Citrix (ShareFile)	Dylan Pindur
Reversing Citrix Gateway for XSS	Reflected XSS Open Redirect Reverse Engineering	Citrix Systems	Dylan Pindur
Patch Diffing Progress MOVEIt Transfer	RCE SQL Injection Security Code Review	Progress (MOVEit Transfer)	Dylan Pindur
Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3	RCE Authorization Bypass Security Code Review	Sitecore	Dylan Pindur
RCE in Avaya Aura Device Services	RCE Security Code Review XSS WebDAV	Avaya	Dylan Pindur
Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)	SSRF	Atlassian	Shubham Shah (@Infosec_au) Dylan Pindur

Page 1 of 1