Florian Hauser (@Frycos)

Title	Vulnerabilities	Programs	Authors
Dynamics 365 Business Central - A Journey With Ups and Downs	Insecure Deserialization Missing Authentication	Microsoft	Florian Hauser (@Frycos)
Tableau Server - There Ain't No Vulns	SSRF	Salesforce (Tableau)	Florian Hauser (@Frycos)
From Blackbox .NET Remoting to Unauthenticated Remote Code Execution	RCE .NET Remoting Insecure Deserialization	Act!	Florian Hauser (@Frycos)
FortiNAC - Just a few more RCEs	RCE XXE Insecure Deserialization OS Command Injection Argument Injection Security Code Review	Fortinet	Florian Hauser (@Frycos)
Java Exploitation Restrictions in Modern JDK Times	Insecure Deserialization	Undisclosed	Florian Hauser (@Frycos)
XXE with Auto-Update in install4j	XXE Security Code Review	Prosys OPC	Florian Hauser (@Frycos)
GoAnywhere MFT - A Forgotten Bug	Insecure Deserialization Security Code Review	Fortra (GoAnywhere)	Florian Hauser (@Frycos)
Using 0days to Protect the United Nations	RCE Authentication Bypass Path Traversal	United Nations	Florian Hauser (@Frycos)
Pre-Auth RCE with CodeQL in Under 20 Minutes	Security Code Review RCE Command Injection Broken Authorization	PgAdmin	Florian Hauser (@Frycos)
Skype for Business Audit Part 2 - SKYPErimeterleak	SSRF Security Code Review	Microsoft	Florian Hauser (@Frycos)
Skype for Business Audit Part 1 - SKYPErsistence	Local Privilege Escalation Windows Security Code Review	Microsoft	Florian Hauser (@Frycos)
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969)	Insecure Deserialization	Microsoft	Florian Hauser (@Frycos)
Another Zoho ManageEngine Story	Authentication Bypass	Zoho	Florian Hauser (@Frycos)
Finding SQL injections fast with white-box analysis — a recent bug example	SQL Injection	Zoho	Florian Hauser (@Frycos)

Page 1 of 1