After a long break from challenges and CTFs, I felt it was time to start training again. The urge came earlier this month, following some introspection on how little I had been dedicating to such exercises, a realization that left me with a sense of.. guilt? I then visited the Intigriti Discord server, hoping to find an ongoing challenge, but nothing was happening at that time. So, I was eagerly awaiting this one, let’s dive in.| zhero_web_security
How a €5 MT02 Wi-Fi repeater let me pop a root shell with nothing more than a cheeky SSID.| Chocapikk's Cybersecurity Blog 🛡️
SAP NetWeaver vulnerability CVE-2025-31324 is a vulnerability that may lead to server hijacking and RCE via unrestricted file uploads.| CIP Blog
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at GMO Flatt Security Inc. A while ago, I reported a remote code execution vulnerability that chains multiple problems in Chatwork, a popular communication tool in Japan. In the report that I sent to the bug bounty platform, I used an obsolete feature of Electron to escalate to the preload context. As the vulnerability was interesting, I’m writing this article to share the details of it.| GMO Flatt Security Research
| pspaul's blog
| pspaul's blog
| pspaul's blog
Oracle WebLogic vulnerability CVE-2020-2883, demonstrates its potential dangers through a proof of concept (PoC), and emphasizes...| CIP Blog
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s| evilsocket
マイクロソフトは火曜、月例セキュリティ更新プログラムにおいてWindows TCP/IPスタックにおける重大な脆弱性CVE-2024-38063について開示。このゼロクリックRCEの脆弱性は、8月の月例パッチで修正された88件の脆弱性の中でもその深刻度や潜在的影響といった点で飛び抜けているという。| Windows TCP/IPにゼロクリックRCEの脆弱性、IPv6有効化された...
Learn how to identify and exploit a Local File Inclusion vulnerability in a PHP application to achieve Remote Code Execution.| Ales Brelih
Unsafe File Upload and Directory Traversal in Fortra FileCatalyst Workflow and Direct allow an unauthenticated attacker to gain RCE.| LRQA Nettitude Labs
Regression turned into RCE| Vin01’s Blog
Earlier this year I had an opportunity to spend some time looking at Squiz Matrix, a Content Management System (CMS) used across a number of sectors including higher eduction, media and publishing, goverment, finance, health, and utilities. With a huge number of features, a massive PHP codebase, and a numbr of high profile sectors as clients, I set out to see if I could find any interesting little bugs hidden away.| /dev/alias – Hack. Dev. Transcend.
At the end of last month, McAfee published a fix for a remote code execution vulnerability in its Security Scan Plus software. Beyond Security, who we worked with for vulnerability coordination published the details of the issue and our PoC exploit on their blog. While the vulnerability itself got some attention due to its frightening simplicity, this is not the first time SSP contained similarly dangerous problems, and it’s certainly not the last. In this post, I’d like to share some add...| Silent Signal Techblog
Today we release the details of CVE-2014-3440, a remote code execution vulnerability in Symantec Critical System Protection. You can get the detailed advisory on the following link:| Silent Signal Techblog
Preface OctoPrint is an open source 3D printer controller application that provides a web interface for connected printers. It displays printer status and key parameters, and supports scheduling print jobs and controlling the printer remotely. Description Numen Security Labs vulnerability researchers have discovered in OctoPrint version less than or equal to 1.9.2 that print job […] The post OctoPrint Remote Code Execution Vulnerability (CVE-2023–41047) appeared first on Numen.| Numen
How many programmers does it take to filter out 36 characters? You may think this is an opening to a joke, but it’s not.| solid-snail blog
Published on| offsec.almond.consulting
Published on| offsec.almond.consulting
It takes a special kind of person to name a company after their own body part. Fortunately the Microsoft Security Response Center doesn’t seem to have inherited that kind of mentality, because when I have reported not a bug but a feature as a vulnerability - they accepted it.| solid-snail blog
Apache lanza una actualización de seguridad que corrige una vulnerabilidad que permitiría a un atacante ejecutar comandos en forma remota. (CVE-2020-17530) Producto afectado: Apache Struts, versión 2.5.30. Se puede realizar una doble evaluación si el desarrollador fuerza una evaluación Object Graph Navigation Library (OGNL) usando la sintaxis: “ %{. . .} ”. Hacer una evaluación […]| LACNIC CSIRT
A vulnerability in the handling of CSV data import allows authenticated users to inject arbitrary PHP code thus achieving RCE on the server hosting the web application.| cardaci.xyz
Reviewing the "production" build of CyberAlarm. Good grief - you couldn't make it up.| Paul Moore
Online compilers are a handy tool to save time and resources for coders, and are freely available for a variety of programming languages. But what's happen if they aren't built so secure?| SerHack – Security Research