| [P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) |
|
|
|
| Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813) |
|
|
|
| Rooting Xiaomi WiFi Routers |
|
|
|
| DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution |
|
|
|
| Finding Deserialization Bugs In The Solarwind Platform |
|
|
|
| Remote Code Execution in Tutanota Desktop due to Code Flaw |
|
|
|
| Wind River VxWorks tarExtract directory traversal vulnerability (CVE-2023-38346) |
|
|
|
| CraftCMS RCE |
|
|
|
| Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes |
|
|
|
| Blog: OmniSpace, from automated 0day XSS to RCE |
|
|
|
| Code Vulnerabilities Put Skiff Emails at Risk |
|
|
|
| Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet |
|
|
|
| Finding A Pop Chain On A Common Symfony Bundle: Part 1 |
|
|
|
| MyBB Admin Panel RCE CVE-2023-41362 |
|
|
|
| Paranoids Vulnerability Research: Ivanti Issues Security Alert |
|
|
|
| Kirby < 3.9.6 XML External Entity (XXE) vulnerability — CVE-2023-38490 |
|
|
|
| Blog: CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick |
|
|
|
| When URL parsers disagree (CVE-2023-38633) |
|
|
|
| ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal |
|
|
|
| Hacking GTA V RP Servers Using Web Exploitation Techniques |
|
|
|
| Leaking File Contents with a Blind File Oracle in Flarum |
|
|
|
| Playing Dominos with Moodle's Security (2/2) |
|
|
|
| CVE-2023-36844 And Friends: RCE In Juniper Devices |
|
|
|
| CVE-2023-35150: Arbitrary Code Injection In XWiki.Org XWiki |
|
|
|
| (CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE |
|
|
|
writeups.xyz
/
Security Code Review