writeups.xyz writeups.xyz / Piotr Bazydło (@Chudypb)

Title Vulnerabilities Programs Authors
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/deletion Vulnerability
Finding Deserialization Bugs In The Solarwind Platform
CVE-2022-38108: RCE In Solarwinds Network Performance Monitor
Pwn2Owning Two Hosts At The Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization
Control Your Types Or Get Pwned: Remote Code Execution In Exchange Powershell Backend
Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class Loading
Riding The Inforail To Exploit Ivanti Avalanche
Riding The Inforail To Exploit Ivanti Avalanche Part 2