| Getting code execution on Veeam through CVE-2023-27532 |
|
|
|
| Spip Preauth RCE 2024: Part 2, A Big Upload |
|
|
|
| Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities |
|
|
|
| IIS welcome page to source code review to LFI! |
|
|
|
| Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670 |
|
|
|
| Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle |
|
|
|
| WordPress GiveWP POP to RCE (CVE-2024-5932) |
|
|
|
| NTLM Credential Theft in Python Windows Applications |
|
|
|
| Traccar 5 Remote Code Execution Vulnerabilities |
|
|
|
| WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI) |
|
|
|
| $4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin |
|
|
|
| Spip Preauth RCE 2024: Part 1, The Feather |
|
|
|
| Vulnerabilities in NodeJS C/C++ add-on extensions |
|
|
|
| Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire |
|
|
|
| CVE-2024-38428 Wget Vulnerability: All you need to know |
|
|
|
| Github Actions Exploitation: Dependabot |
|
|
|
| Exploiting authorization by nonce in WordPress plugins |
|
|
|
| Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail |
|
|
|
| Oracle Retail Xstore Suite: Pre-authenticated Path Traversal |
|
|
|
| Hacking Moodle Apps Via External Functions |
|
|
|
| Path Traversal and Code Execution in CSLA.NET (CVE-2024-28698) |
|
|
|
| Studying 0days: How we hacked Anki, the world's most popular flashcard app |
|
|
|
| JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory |
|
|
|
| SSD Advisory – XenForo RCE Via CSRF |
|
|
|
| How to Bypass Golang SSL Verification |
|
|
|
writeups.xyz
/
Security Code Review