| From open redirect to RCE in one week |
|
|
|
| Finding vulnerabilities in Swiss Post's future e-voting system - Part 2 |
|
|
|
| CVE-2022-21404: Another Story Of Developers Fixing Vulnerabilities Unknowingly Because Of CodeQL |
|
|
|
| New Wine in Old Bottle - Microsoft Sharepoint Post-Auth Deserialization RCE (CVE-2022-29108) |
|
|
|
| CVE-2022-26133 - Bitbucket Data Center - Java Deserialization Vulnerability |
|
|
|
| Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM) |
|
|
|
| Ruby Deserialization - Gadget on Rails |
|
|
|
| HigherLogic Community RCE Vulnerability |
|
|
|
| The Story of a RCE on a Java Web Application |
|
|
|
| The Story of an RCE on a Java Web Application |
|
|
|
| Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 |
|
|
|
| Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969) |
|
|
|
| Diving into Open-source LMS Codebases |
|
|
|
| Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 |
|
|
|
| Shells And SOAP: Websphere Deserialization To RCE |
|
|
|
| Riding The Inforail To Exploit Ivanti Avalanche Part 2 |
|
|
|
| The Nomulus rift |
|
|
|
| Detecting Jackson deserialization vulnerabilities with CodeQL |
|
|
|
| Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) |
|
|
|
| Basic recon to RCE |
|
|
|
| Remote code execution through unsafe unserialize in PHP |
|
|
|
| CVE-2021-27076: A Replay-style Deserialization Attack Against Sharepoint |
|
|
|
| Applying Offensive Reverse Engineering to Facebook Gameroom |
|
|
|
| GoCD Multiple Vulnerabilities |
|
|
|
| Universal Deserialisation Gadget for Ruby 2.x-3.x |
|
|
|
writeups.xyz
/
Insecure Deserialization