| Directory Traversal, SQL Injection and Server-Side Request Forgery |
|
|
|
| Traccar 5 Remote Code Execution Vulnerabilities |
|
|
|
| Oracle Retail Xstore Suite: Pre-authenticated Path Traversal |
|
|
|
| Path Traversal and Code Execution in CSLA.NET (CVE-2024-28698) |
|
|
|
| Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2) |
|
|
|
| Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough |
|
|
|
| WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive (CVE-2024-4885) |
|
|
|
| WhatsUp Gold Pre-Auth RCE WriteDataFile Primitive (CVE-2024-4883) |
|
|
|
| CVE-2024-27292: docAssembling exploits for RCE |
|
|
|
| Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations |
|
|
|
| Zip Slip meets Artifactory: A Bug Bounty Story |
|
|
|
| Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages |
|
|
|
| Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973) |
|
|
|
| Devfile file write vulnerability in GitLab |
|
|
|
| Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices |
|
|
|
| Broken access control in GoAnywhere Admin portal |
|
|
|
| Hacking the Dutch Government |
|
|
|
| Exploiting Empire C2 Framework |
|
|
|
| Null Byte on Steroids |
|
|
|
| ChatGPT Account Takeover - Wildcard Web Cache Deception |
|
|
|
| Jumpserver Preauth RCE Exploit Chain |
|
|
|
| CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive |
|
|
|
| High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE (CVE-2023-46805 & CVE-2024-21887) |
|
|
|
| I found 2 Zero-Days in popular Linux distros that includes Mint, Kali, Parrot |
|
|
|
| Multiple vulnerabilities in Ivanti Connect Secure |
|
|
|
writeups.xyz
/
Path Traversal