writeups.xyz writeups.xyz / Security Code Review

Title Vulnerabilities Programs Authors
Analysis Of Multiple Vulnerabilities In Ofbiz
CVE-2023-5372 - Post-auth blind Python code injection vulnerabilities in Zyxel’s NAS326 and NAS542 devices
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
Who are you? The Importance of Verifying Message Origins
Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients
Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins (CVE-2024-23897 & CVE-2024-23898)
SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2
A christmas tale: pwning GTB Central Console (CVE-2024-22107 & CVE-2024-22108)
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive
Atlassian Confluence - Remote Code Execution (CVE-2023-22527)
Multiple Vulnerabilities On GestSup 3.2.44
Gambio 4.9.2.0 - Insecure Deserialization
High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE (CVE-2023-46805 & CVE-2024-21887)
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2
Finding vulnerabilities in Swiss Post's e-voting system: part 3
Multiple vulnerabilities in Ivanti Connect Secure
Android-based PAX POS vulnerabilities (Part 1)
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
CVE-2023–50220 — Inductive Automation Ignition XML Deserialization to RCE
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
Exploring Counter-strike: Global Offensive Attack Surface
SonicWall Discovers Critical Apache OFBiz Zero-day -AuthBiz
Finding Insecure TrustManagers and Disabled Hostname Verification with CodeQL
DoubleTrouble