Security Code Review | writeups.xyz

Title	Vulnerabilities	Programs	Authors
CVE-2024-2448: Authenticated Command Injection In Progress Kemp LoadMaster	OS Command Injection CSRF Security Code Review	Progress (Kemp LoadMaster)	David Yesland (@Daveysec)
Dangerous Import: SourceForge Patches Critical Code Vulnerability	Arbitrary File Read RCE Security Code Review	SourceForge Apache Allura	Stefan Schiller (@Scryh_)
Hacking Swisscom’s End-to-End Encrypted Cloud Storage for $4,000	Password Reset Security Code Review	Swisscom	Thomas Houhou (@Th0h0)
Apache Dubbo Consumer Risks: The Road Not Taken	Insecure Deserialization Security Code Review	Apache Dubbo	Yaniv Nizry (@YNizry)
Micro Services, Major Headaches: Detecting Vulnerabilities in Erxes' Microservices	RCE Path Traversal Authentication Bypass Arbitrary File Overwrite GraphQL SSRF Security Code Review	Erxes	Paul Gerste
Java Deserialization Tricks	Insecure Deserialization RCE Security Code Review	Undisclosed	Clément Amic (@Loadlow)
Broken access control in GoAnywhere Admin portal	Broken Access Control Privilege Escalation Path Traversal Security Code Review	Fortra (GoAnywhere)	Vu Chi Thanh
OpenOlat - XML external entity (XXE) injection (CVE-2024-28198)	XXE Security Code Review	OpenOlat	Maik
Security Implications of net/textproto.Reader Misuse	Out of Memory Crash Memory Leak Security Code Review	Golang	Bartek Nowotarski (@Bartn_)
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities	Authentication Bypass Security Code Review	JetBrains (TeamCity)	Rapid7
Judge0 Sandbox Escape	Sandbox Escape SSRF Security Code Review	Judge0	Daniel Cooper
OpenNMS Vulnerabilities: Securing Code against Attackers’ Unexpected Ways	XSS OS Command Injection SNMP Security Code Review	OpenNMS	Stefan Schiller (@Scryh_)
Leaking ObjRefs to Exploit HTTP .NET Remoting	Information Disclosure RCE .NET Remoting ASP.NET Security Code Review	Microsoft (.NET Framework)	Markus Wulftange (@Mwulftange)
SSD Advisory – TP-LINK NCXXX Authentication Bypass	Authentication Bypass Stack Overflow Memory Corruption Security Code Review	TP-Link	-
Continuing the Citrix Saga: CVE-2023-5914 & CVE-2023-6184	Reflected XSS SSO RCE .NET Remoting Insecure Deserialization Security Code Review	Citrix Systems	Dylan Pindur Shubham Shah (@Infosec_au) Adam Kues (@Hash_kitten)
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities (CVE-2024-21726)	XSS Regex Security Code Review	Joomla!	Stefan Schiller (@Scryh_)
Hello Lucee! Let us hack Apple again?	RCE Insecure Deserialization ColdFusion Security Code Review	Apple Lucee	Harsh Jaiswal (@Rootxharsh) Rahul Maini (@Iamnoooob)
CVE-2024-0685 Ninja Contact Forms Data Export SQLi	SQL Injection Security Code Review	Wordfence	Matthew Rollings (@Stealthcopter)
Form Tools Remote Code Execution: We Need To Talk About PHP	RCE LFI Security Code Review	Undisclosed	WatchTowr (@Watchtowrcyber)
Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service	XXE Privilege Escalation ReDoS Security Code Review	Microsoft (Azure HDInsight)	Lidor Ben Shitrit
Pitfalls of Desanitization: Leaking Customer Data from osTicket	Stored XSS Security Code Review	Enhancesoft (OsTicket)	Oskar Zeino-Mahmalat
Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)	XSS Security Code Review	Meta / Facebook Microsoft (Whiteboard) Excalidraw	Eugene Lim (@Spaceraccoonsec)
Auth Bypass Round Two	SAML SSRF RCE Authentication Bypass Security Code Review	Ivanti	Dylan Pindur
Jumpserver Preauth RCE Exploit Chain	RCE Password Reset Authentication Bypass Path Traversal Cryptographic Issues Security Code Review	JumpServer	Zhiniang Peng (@Edwardzpeng)
Relution Remote Code Execution via Java Deserialization Vulnerability	RCE Insecure Deserialization Security Code Review	Relution	Adam Crosser

Page 3 of 12