Introducing D-Modem: A software SIP modem
October 29, 2021 | Dan Bastone
Connect to dialup modems over VoIP using SIP, no modem hardware required.
CVE-2021-1825: Inadequate Input Encoding in WebKit
October 25, 2021 | Alex Camboe
In August 2020, Aon discovered and reported to Apple an issue relating to the ...
Missing Critical Vulnerabilities Through Narrow Scoping
September 16, 2021 | John Anderson
The typical process when scoping a penetration test is to get a list of targets ...
PRISM attacks fly under the radar
August 23, 2021 | Fernando Dominguez
LevelBlue SpiderLabs has recently discovered a cluster of Linux ELF executables ...
Unauthenticated XXE in Multiple Mitsubishi Electric Air Conditioner Control Systems
July 06, 2021 | Howard McGreehan
CVE-2021-20595: Unauthenticated XXE affecting multiple Mitsubishi Electric Air ...
Red Team Case Study: Bypassing CloudFlare WAF for Successful OGNL Injection
April 17, 2020 | Faisal Tameesh
Bypassing CloudFlare's WAF to exploit an OGNL injection vulnerability in a red ...
CVE-2020-2551: Unauthenticated RCE In Oracle WebLogic
February 04, 2020
Unauthenticated Remote Code Execution in IIOP protocol via Malicious JNDI ...
Remote Code Execution and other Vulnerabilities in WS_FTP Server
September 18, 2019 | Dan Bastone and Devon Greene
CVE-2019-12143, CVE-2019-12144, CVE-2019-12145, CVE-2019-12146: Multiple ...
Hyper-V’s Guest/Host Attack Surface: A Quick Look
August 20, 2019 | Drew Noel
An overview of Hyper-V’s guest/host communications and attack surface.
Unauthenticated Remote Code Execution In Kentico CMS
April 15, 2019 | Manoj Cherukuri
CVE-2019-10068: RCE as Administrator via deserialization vulnerability in ...
Remote Code Execution In BlogEngine.NET
March 28, 2019 | Dustin Cobb
CVE-2019-6714: RCE via path traversal in BlogEngine.NET 3.3.6.0.
CUPS Local Privilege Escalation And Sandbox Escapes
July 11, 2018 | Dan Bastone
CVE-2018-4180, CVE-2018-4182, CVE-2018-4183, CVE-2018-6553, CVE-2018-4181: ...
Jolokia Vulnerabilities – RCE & XSS
April 18, 2018 | Olga Barinova
CVE-2018-1000130, CVE-2018-1000129: Remote Code Execution via JNDI injection ...
Linux Based Inter-Process Code Injection Without Ptrace (2)
September 05, 2017 | Rory McNamara
This article shows a technique to inject code into a Linux process without ...
A Backdoor in Skype for Mac OS X
December 12, 2016 | SpiderLabs Pen Testing LAC
Trustwave recently reported a locally exploitable issue in the Skype Desktop ...
Exploiting Padding Oracle To Gain Encryption Keys
October 26, 2015 | Georg Chalupar
Practical tricks on exploiting a padding oracle vulnerability.
WebLogic SSRF And XSS (CVE-2014-4241, CVE-2014-4210, CVE-2014-4242)
March 30, 2015 | Toby Clarke
CVE-2014-4241, CVE-2014-4210, and CVE-2014-4242: Server-Side Request Forgery ...
Exploiting Integer Based SQL Injection In Nested SQL Queries
October 08, 2013 | Sasha Zivojinovic
SQL injection involving nested queries and arithmetic evaluation.
An Analysis Of CVE-2017-5638
March 27, 2013 | Eric Rafaloff
A detailed analysis of the Apache Struts server-side template injection ...