| Unauthenticated SSRF on Havoc C2 teamserver via spoofed demon agent |
|
|
|
| Chaining Three Bugs to Access All Your ServiceNow Data |
|
|
|
| CVE-2024-29511 – Abusing Ghostscript’s OCR device |
|
|
|
| Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (2/2) |
|
|
|
| WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive (CVE-2024-4885) |
|
|
|
| WhatsUp Gold Pre-Auth RCE WriteDataFile Primitive (CVE-2024-4883) |
|
|
|
| WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009) |
|
|
|
| SSD Advisory – Foscam R4M UDTMediaServer Buffer Overflow |
|
|
|
| Github Actions Exploitation: Untrusted Input |
|
|
|
| Securing Developer Tools: Unpatched Code Vulnerabilities in Gogs (1/2) |
|
|
|
| Getting Unauthenticated Remote Code Execution On The Logsign Unified Secops Platform |
|
|
|
| Inside Xerox WorkCentre: Two Unauthenticated RCEs |
|
|
|
| Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) |
|
|
|
| Looking for vulnerabilities in Strapi (CVE-2024-34065) |
|
|
|
| Zip Slip meets Artifactory: A Bug Bounty Story |
|
|
|
| From a GLPI patch bypass to RCE |
|
|
|
| Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages |
|
|
|
| CVE-2024-31735: LibEvent Library Memory Leak |
|
|
|
| Molding Lies Into Reality || Exploiting CVE-2024-4358 |
|
|
|
| Wikimedia/svgtranslate 2.0.1 Remote Code Execution |
|
|
|
| CVE-2024-21115: An Oracle Virtualbox LPE Used To Win Pwn2Own |
|
|
|
| Digging for SSRF in NextJS apps |
|
|
|
| Hacking Apple - SQL Injection to Remote Code Execution |
|
|
|
| Send()-ing Myself Belated Christmas Gifts - GitHub.com's Environment Variables & GHES Shell |
|
|
|
| 20 Security Issues Found in Xiaomi Devices |
|
|
|
writeups.xyz
/
Security Code Review