RCE | writeups.xyz

Title	Vulnerabilities	Programs	Authors
KnowBe4 RCE and LPE	RCE Local Privilege Escalation DLL Hijacking	KnowBe4	Ceri Coburn
Pwn2Own Miami: Aveva Edge Arbitrary DLL Loading Vulnerability	Arbitrary DLL Loading RCE	AVEVA	Piffd0s (@Piffd0s)
MITMing the Xbox 360 Dashboard for Fun and RCE	MiTM RCE	Microsoft (Xbox)	Lander (@Landaire)
Path Traversal and Code Execution in CSLA.NET (CVE-2024-28698)	Path Traversal RCE Security Code Review	CSLA.NET	Sam Pizzey
Studying 0days: How we hacked Anki, the world's most popular flashcard app	RCE Components With Known Vulnerabilities Arbitrary File Read Arbitrary File Write XSS Security Code Review	Anki	Jacob Autumn Skerritt
3 ways to get Remote Code Execution in Kafka UI	RCE Insecure Deserialization Groovy Scripting JMX	Kafka UI	Michael Stepankin (@Artsploit)
JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory	RCE JNDI Injection Security Code Review	Undisclosed	Steven Seeley (@Steventseeley)
SSD Advisory – XenForo RCE Via CSRF	RCE CSRF Security Code Review	XenForo	Egidio Romano / EgiX
SSD Advisory – SonicWall SMA100 Stored XSS To RCE	RCE OS Command Injection Stored XSS	SonicWall	SeongJoon Cho
Chaining Three Bugs to Access All Your ServiceNow Data	RCE SSTI Security Code Review	ServiceNow	Adam Kues (@Hash_kitten)
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution	RCE XSS Electron Thick Client	Evernote	Patrick Peng (@Retr0reg)
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough	AI LLM RCE SSRF Insecure Deserialization Zip Slip Attack Path Traversal	PyTorch AWS Google Meta TorchServe SnakeYAML	Gal Elbaz Uri Katz Guy Kaplan Avi Lumelsky
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive (CVE-2024-4885)	RCE Path Traversal Security Code Review	Progress (WhatsUp Gold)	Sina Kheirkhah (@SinSinology)
WhatsUp Gold Pre-Auth RCE WriteDataFile Primitive (CVE-2024-4883)	RCE Path Traversal Security Code Review	Progress (WhatsUp Gold)	Sina Kheirkhah (@SinSinology)
Universal Code Execution by Chaining Messages in Browser Extensions	Universal XSS SOP Bypass PostMessage RCE Browser Extension Hacking	Undisclosed	Eugene Lim (@Spaceraccoonsec)
CVE-2024-29510 – Exploiting Ghostscript using format strings	RCE Format String Vulnerability Memory Corruption	Ghostscript	Thomas Rinsma (@Thomasrinsma)
From Limited file read to full access on Jenkins (CVE-2024-23897)	RCE Arbitrary File Read	Undisclosed	Ahmed Sherif
CVE-2024-27292: docAssembling exploits for RCE	RCE SSTI Path Traversal Privilege Escalation	Docassemble	Riyush Ghimire
Getting Unauthenticated Remote Code Execution On The Logsign Unified Secops Platform	RCE Authentication Bypass OS Command Injection Security Code Review	Logsign	Yulin Sung Mehmet INCE (@Mdisec)
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server	RCE Race Condition	OpenSSH	Qualys Threat Research Unit (TRU)
Vulnerabilities In CocoaPods Open The Door To Supply Chain Attacks Against Thousands Of iOS And MacOS Applications	RCE Account Takeover Supply Chain Attack IOS MacOS	CocoaPods	Reef Spektor Eran Vaknin
Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws	RCE Memory Corruption	Factorio	Memory Corruption
Inside Xerox WorkCentre: Two Unauthenticated RCEs	RCE Local Privilege Escalation Printer Hacking Security Code Review	Xerox	Arseniy Sharoglazov (@_Mohemiv)
17 vulnerabilities in Sharp Multi-Function Printers	Printer Hacking RCE Information Disclosure Memory Corruption Buffer Overflow DoS LFI XSS Hardcoded API Keys Default Credentials Missing Authentication Directory Listing Authentication Bypass LDAP	Sharp Toshiba	Pierre Kim (@PierreKimSec)
Exploiting Steam: Usual and Unusual Ways in the CEF Framework	Browser Hacking Thick Client RCE OS Command Injection Arbitrary File Read Arbitrary File Creation Components With Known Vulnerabilities	Valve (Steam) Google (Chromium)	DARKNAVY (@DarkNavyOrg)

Page 2 of 35