![]() Simone Margaritelli flaw, Networking issues Reverse Engineering the Apple Multipeer Connectivity Framework The Curious Case Of The Password Database How I Found Three Credentials Leak on One Google Dork on Bugcrowd programīroken Link Hijacking - My Second Finding on Hackerone! Missing Authentication in ZKTeco ZEM/ZMM Web Interface Snap Sec RCE, Information disclosure, Broken Access Control, Privilege escalation Remote Code Execution by Abusing Apache Spark SQLĥ000$ for Apple Stored Xss And Another Blind Xss Still under reviewĪtlassian Jira Align, Version 10.107.4 Advisoryįinding Multiple Security Issues on Agorapulse Memory corruption bug, Buffer Overflow, DoS Stranger Strings: An exploitable flaw in SQLite The Logging Dead: Two Event Log Vulnerabilities Haunting Windows Sina Kheirkhah / SinSin & Steven Seeley Insecure deserialization Mechboy engineering, Spoofing, Authorization flaw, Account takeoverĮat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager Li Jiantao multiple vulnerabilities for credential stealing Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerability Olivier Laflamme command injection, Arbitrary file read, Information disclosure, Account takeover, Stored XSS, Lack of rate limiting, Weak credentials, Password policy bypass GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown ![]() SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction Guilherme Rambo bug, MacOS bug, Bluetooth hacking, Local Privilege Escalation, TCC bypassĪttacking The Software Supply Chain With A Simple RenameĪviad Gershon & Elad Rapoport Supply chain attack SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri James Forshaw MiTM, Local Privilege Escalation, Downgrade attack Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover) Paulos Yibelo Phar deserialization, Reflected XSS, XPATH injection, Path traversal, LFIĪbusing Windows’ tokens to compromise Active Directory without touching LSASSĪWS SSRF to Root on production instance - A bug worth 1.75LacsĪ 250$ CSS Injection - My First Finding on Hackerone! How i was able to get free money via sending negative tokensĬVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis & Part 2: Exploit Analysis Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class LoadingĢFA Bypass due to information disclosure & Improper access control.Įxploiting Static Site Generators: When Static Is Not Actually Static Safari is hot-linking images to semi-random websites Stefan Schiller SSRF, Line Feed injection Urlscan.io’s SOAR spot: Chatty security tools leaking private dataĬheckmk: Remote Code Execution by Chaining Multiple Bugs (1/3) Gregor Samsa: Exploiting Java’s XML Signature Verification Naeem Ahmed Sayed XSS, Directory listing, Default credentials, Information disclosure How 403 Forbidden Bypass got me NOKIA Hall Of Fame (HOF) Mehedishakeel disclosure, Broken Access Control ![]() Improper Access Control - My Third Finding on Hackerone! Rohit Soni registration page, Exposed Jenkins instance, Weak credentials, RCE And still can be…Ĭhaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE) on One of the Payment Service Companies. How I could have been the administrator for all Dutch companies and create invoices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |