| [2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package |
|
|
|
| Attacking PowerShell CLIXML Deserialization |
|
|
|
| Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS |
|
|
|
| We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI |
|
|
|
| Getting code execution on Veeam through CVE-2023-27532 |
|
|
|
| Spip Preauth RCE 2024: Part 2, A Big Upload |
|
|
|
| 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways |
|
|
|
| Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents |
|
|
|
| $15k RCE Through Monitoring Debug Mode |
|
|
|
| Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle |
|
|
|
| WordPress GiveWP POP to RCE (CVE-2024-5932) |
|
|
|
| Hitting the jackpot with RCE! |
|
|
|
| How I got $24000 Bounty from a Log4j RCE in Apple App Store. |
|
|
|
| Hidden in Plain Sight: Uncovering RCE on a Forgotten Axis2 Instance |
|
|
|
| Traccar 5 Remote Code Execution Vulnerabilities |
|
|
|
| Vulnerabilities in Homepage Dashboard |
|
|
|
| WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI) |
|
|
|
| From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms |
|
|
|
| $4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin |
|
|
|
| Spip Preauth RCE 2024: Part 1, The Feather |
|
|
|
| How i hacked NASA? at NASA VDP |
|
|
|
| Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources |
|
|
|
| Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! |
|
|
|
| Exploiting authorization by nonce in WordPress plugins |
|
|
|
| Unveiling Remote Code Execution in AI chatbot workflows 💵 |
|
|
|
writeups.xyz
/
RCE