Search for a command to run...
Articles tagged with #infosec-cjbi6apo9015yaywu2micx2eo
Introduction I was scrolling through Twitter a few days ago and saw that ZDI posted a notice about SolarWinds Security Event Manager AMF deserialization RCE, so I prepared to do a brief analysis: https://www.zerodayinitiative.com/advisories/ZDI-24-2...
Recently, the Threat Research Unit of Qualys Company disclosed a Glibc vulnerability. The Glibc library has a buffer overflow vulnerability when processing environment variables, which can lead to local privilege escalation. This vulnerability affect...
https://tutorialboy24.blogspot.com/2023/11/an-in-depth-analysis-of-google-chrome.html Introduction Create a directory that has automatically synced and beautified the source code of Google Chrome extensions hosted in the Chrome Web Store. Search f...
https://tutorialboy24.blogspot.com/2023/11/unveiling-unauthenticated-command.html This article will analyze and summarize the recent critical CVEs (CVE-2023-20198, CVE-2023-20273) in Cisco IOS XE. Environment Setup A Cisco ISR 4300 router for resea...
Overview Recently, a security team disclosed a vulnerability in Confluence called SafeParameterFilter, which allows an unauthenticated remote attacker to bypass XWork functionality to create new administrative user accounts. We took this opportunity ...
Preface I have been looking at Intigriti, yeswehack, HackerOne and Bugcrowd bounty platforms recently. It is really uncomfortable to bypass WAF. I will record the bypass scenario. Preliminary testing When I first tried XSS, I found that the user's in...
