RCE | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Jumpserver Preauth RCE Exploit Chain	RCE Password Reset Authentication Bypass Path Traversal Cryptographic Issues Security Code Review	JumpServer	Zhiniang Peng (@Edwardzpeng)
Relution Remote Code Execution via Java Deserialization Vulnerability	RCE Insecure Deserialization Security Code Review	Relution	Adam Crosser
Analysis Of Multiple Vulnerabilities In Ofbiz	Authentication Bypass RCE Groovy Scripting Security Code Review	Ofbiz	SecureLayer7 (@SecureLayer7)
CVE-2023-5372 - Post-auth blind Python code injection vulnerabilities in Zyxel’s NAS326 and NAS542 devices	Code Injection RCE Security Code Review	Zyxel	Gábor Selján (@GaborSeljan)
Hunting for Unauthenticated n-days in Asus Routers	RCE Format String Vulnerability Reverse Engineering Patch Diffing	Asus	TheZero (@Th3Zer0) Suidpit (@Suidpit)
Who are you? The Importance of Verifying Message Origins	XSS PostMessage Arbitrary File Write RCE Security Code Review	Squidex	Stefan Schiller (@Scryh_)
SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution	RCE Security Code Review	Zyxel	-
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2	RCE Memory Corruption Heap Buffer Overflow Security Code Review	X.Org (LibX11)	Yair Mizrahi
Multiple vulnerabilities in Cisco Unified Communications Manager version 11.5.1	Insecure Deserialization RCE Local Privilege Escalation	Cisco	Julien Egloff
A christmas tale: pwning GTB Central Console (CVE-2024-22107 & CVE-2024-22108)	DLP Software SQL Injection OS Command Injection RCE Security Code Review	GTB Technologies	X-C3LL (@TheXC3LL)
Atlassian Confluence - Remote Code Execution (CVE-2023-22527)	RCE OGNL Injection Security Code Review	Atlassian	Rahul Maini (@Iamnoooob) Harsh Jaiswal (@Rootxharsh)
Gambio 4.9.2.0 - Insecure Deserialization	RCE Insecure Deserialization Security Code Review	Gambio	Christian Poeschl Lukas Schraven
High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE (CVE-2023-46805 & CVE-2024-21887)	RCE Authentication Bypass Path Traversal OS Command Injection Security Code Review	Ivanti	Shubham Shah (@Infosec_au) Dylan Pindur
Nokia vBMC — BMC Log Scanner Remote Code Execution	RCE OS Command Injection	Nokia	Matthew Gregory
I found 2 Zero-Days in popular Linux distros that includes Mint, Kali, Parrot	RCE Argument Injection Path Traversal Arbitrary File Write	Linux Mint (Xreader) MATE Desktop (Atril)	Febin Mon Saji
Multiple vulnerabilities in Ivanti Connect Secure	Path Traversal RCE Local Privilege Escalation Security Code Review	Ivanti	Jérôme Mampianinazakason
“MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser	RCE CSP Bypass Browser Extension Hacking Browser Hacking	Opera	Oleg Zaytsev
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability	WebDAV Path Traversal RCE Security Code Review	PaperCut	Naveen Sunkavally
CVE-2023–50220 — Inductive Automation Ignition XML Deserialization to RCE	Insecure Deserialization RCE Security Code Review	Inductive Automation Ignition	Petrus Viet (@VietPetrus)
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360	RCE Insecure Deserialization Arbitrary File Read Patch Diffing Security Code Review	Adobe (ColdFusion)	SecureLayer7 (@SecureLayer7)
MobSF Remote code execution (via CVE-2024-21633)	Arbitrary File Write RCE	MobSF IBotPeaches (Apktool)	0x33c0unt (@Cybaqkebm)
Panic!! At the YAML	Insecure Deserialization RCE	SnakeYAML	Ron Bowes (@Iagox86)
Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise	Account Takeover Information Disclosure RCE Unrestricted File Upload Stored XSS Arbitrary File Read Local Privilege Escalation Path Traversal DoS IDOR Hardcoded Credentials	PandoraFMS	Oliver Brooks
How I made 7K on Epic Games Bug Bounty	RCE Websockets	Epic Games	SynapticSpace
Finding Insecure TrustManagers and Disabled Hostname Verification with CodeQL	Security Code Review MiTM RCE	Apache Software Foundation Opencast Ballerina-Platform OpenMF	Intrigus (@Intrigus_)

Page 5 of 35