![]() ![]() Simone Margaritelli flaw, Networking issues ![]() ![]() Reverse Engineering the Apple Multipeer Connectivity Framework The Curious Case Of The Password Database Missing Authentication in ZKTeco ZEM/ZMM Web Interfaceīroken Link Hijacking - My Second Finding on Hackerone! Snap Sec RCE, Information disclosure, Broken Access Control, Privilege escalation Remote Code Execution by Abusing Apache Spark SQLĥ000$ for Apple Stored Xss And Another Blind Xss Still under reviewĪtlassian Jira Align, Version 10.107.4 Advisoryįinding Multiple Security Issues on Agorapulse Memory corruption bug, Buffer Overflow, DoS Stranger Strings: An exploitable flaw in SQLite The Logging Dead: Two Event Log Vulnerabilities Haunting Windows Sina Kheirkhah / SinSin & Steven Seeley Insecure deserialization Mechboy engineering, Spoofing, Authorization flaw, Account takeoverĮat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager Li Jiantao multiple vulnerabilities for credential stealing Microsoft SharePoint Server Post-Authentication Server-Side Request Forgery vulnerability Olivier Laflamme command injection, Arbitrary file read, Information disclosure, Account takeover, Stored XSS, Lack of rate limiting, Weak credentials, Password policy bypass GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction Guilherme Rambo bug, MacOS bug, Bluetooth hacking, Local Privilege Escalation, TCC bypassĪttacking The Software Supply Chain With A Simple RenameĪviad Gershon & Elad Rapoport Supply chain attack SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri James Forshaw MiTM, Local Privilege Escalation, Downgrade attack Misconfigured AWS S3 Bucket (Information Disclosure & Subdomain Takeover) Paulos Yibelo Phar deserialization, Reflected XSS, XPATH injection, Path traversal, LFIĪbusing Windows’ tokens to compromise Active Directory without touching LSASSĪWS SSRF to Root on production instance - A bug worth 1.75LacsĪ 250$ CSS Injection - My First Finding on Hackerone! How i was able to get free money via sending negative tokensĬVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 - Part 1: Root Cause Analysis & Part 2: Exploit Analysis Vulnerabilities In Apache Batik Default Security Controls – SSRF And RCE Through Remote Class LoadingĢFA Bypass due to information disclosure & Improper access control.Įxploiting Static Site Generators: When Static Is Not Actually Static Safari is hot-linking images to semi-random websites ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |