Michael Stepankin (@Artsploit)

Title	Vulnerabilities	Programs	Authors
3 ways to get Remote Code Execution in Kafka UI	RCE Insecure Deserialization Groovy Scripting JMX	Kafka UI	Michael Stepankin (@Artsploit)
mTLS: When certificate authentication is done wrong	MTLS Improper Certificate Validation LDAP Injection SSRF	Keycloak Bouncy Castle Apereo CAS	Michael Stepankin (@Artsploit)
GitHub Security Lab audited DataHub: Here’s what they found	SSRF Insecure Deserialization Cypher Injection Authentication Bypass Authorization Bypass XSS Open Redirect JWT JSON Injection Cryptographic Issues Session Expiration Issue Security Code Review	DataHub	Alvaro Muñoz (@Pwntester) Michael Stepankin (@Artsploit) Peter Stöckli (@Ulldma) Kevin Stubbings Jorge Rosillo (@Jorge_ctf) Sylwia Budzynska
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)	RCE Insecure Deserialization	Undisclosed	Michael Stepankin (@Artsploit)
[demo.paypal.com] Node.js code injection (RCE)	RCE	Paypal	Michael Stepankin (@Artsploit)
[manager.paypal.com] Remote Code Execution Vulnerability	RCE	Paypal	Michael Stepankin (@Artsploit)

Page 1 of 1