Even though JMX exploitation is well understood, Markus Wulftange and Tobias Neitzel found new universal exploitation techniques & one of them allows to gain instant Remote Code Execution using TemplatesImpl (which is now implemented in #beanshooter) codewhitesec.blogspot.com/2023/03/jmx-ex…

CVE-2023-28432 Minio information leakage leads to RCE y4er.com/posts/minio-cv…

testbnull.medium.com/ph%C3%A2n-t%C3…

It's TGIF and we have a new blog post by our team member, Janggggg Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707) Thanks to all the other team members for reviewing it as well. starlabs.sg/blog/2023/04-m…

MXsecurity Command Injection and Hardcoded Credential Vulnerabilities y4er.com/posts/mxsecuri…

need one MOVEit license activation key :( Most of the time in security research is spent looking for product installation packages and trial certificates.

Nacos Hessian RCE y4er.com/posts/nacos-he…

Finally released the patch, patch it immediately!

Great article! But I think you are missing a very critical part, CVE-2023-20887 is actually a patch bypass for CVE-2022-31702. This is an analysis article I wrote, please read it and correct me. xz.aliyun.com/t/12608

一直没怎么用中文发过推，但是这次必须用中文发。 testbnull.medium.com/linh-tinh-vi%E…

fuck js,fuck frontend.

Actually, I can still use the `init` attack vector like this

Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP .NET Framework (CVE-2023-36899) soroush.me/blog/2023/08/c… #Appsec #bugbountytips

After two days, I finally reproduced the CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization RCE vulnerability submitted to ZDI by ϻг_ϻε

CVE-2023-39476 Inductive Automation Ignition JavaSerializationCodec Deserialization RCE xz.aliyun.com/t/12813

fuck js

SysAid On-Prem Software CVE-2023-47246 Reproduced

公开了一些文章 VMware vROPS RCE of java bean y4er.com/posts/vmware-v… VMware vROPS 文件读取到反序列化RCE y4er.com/posts/vmware-v… Apache Geode/VMware GemFire Deserialize RCE y4er.com/posts/apache-g… Trend Micro Mobile Security 认证绕过/文件上传/文件包含 RCE y4er.com/posts/trend-mi…

demo

This is friend’s analysis of the SolarWinds SEM RCE I discovered.