See you in Munich 😉

As promised, here's how you can attack Roundcube using CVE-2024-2961. Not to be redundant with my @offensivecon talk, I go for a data-only attack, giving more insight into the PHP engine.

Apache HTTP Server just fixed 7 of my vulnerabilities! I'll be covering 5 of them in my Black Hat USA #BHUSA talk next month! (Still no hope for the VISA, tho 🤷‍♂️) Anyway, stay tuned! 🔥 > httpd.apache.org/security/vulne…

Fun Fact: I found those signal bugs (sendmail and openssh) while writing the chapter on signals for TAOSSA. Writing stuff you think you know well helps you to discover your blind spots, and also consider new ideas!

We’re honoured to welcome the new team to the Gecko family 🦎

The OWASP Top 10 includes nine vulnerability categories (such as 'injection') and one specific vulnerability ('SSRF'). My personal wish for the 2024 release is to remove SSRF and add the 'parsing differentials' category instead. hashtag #owasp #top10

#CVE-2024-21007 Weblogic Server Remote Code Execution

Here is the PoC for MS SharePoint bugs fixed in this month's patch :) Responsible Disclosure is a joke github.com/testanull/MS-S… youtu.be/u8mccaakISw

My blog post about several findings in Dynamics 365 Business Central. I tried writing in a .NET primer style for code audit beginners. frycos.github.io/vulns4free/202…

We just added a new item to our bug parade a.k.a security advisory page: Unauthenticated remote code execution in Visual Planning 8: mogwailabs.de/en/advisories/…

We have a long history of yearly artworks Orange Cyberdefense's SensePost Team, and this year I got to carry the baton forward. I'm excited to reveal our 2024 artwork: "make pr's, not war". An art piece almost literally from my heart. 🧵

Is there an existing smbserver implementation, that provides a different file on request X (similar to DNS rebinding)?

In their latest blogpost, Hugow and Load. developed in-memory post-exploitation payloads to inject and hook common Java applications. Come and see the Java shenanigans involved to interact with the apps from the inside! synacktiv.com/publications/i…

Another product, another deserialization vulnerability, another RCE from Markus Wulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…

Following on from our #GitHub action exploitation series, Hugow discovered a new exploitation technique that allowed us to push arbitrary code onto the spring-security project using the Dependabot GitHub app. synacktiv.com/publications/g…

We just added a new vulnerability to our "bug parade" page (CVE-2024-37361). If you are using Pentaho Data Integration, please ensure that you are on the latest patch level to avoid potential security risks. mogwailabs.de/en/advisories/…

First part which covers the bug and finishes off with code allowing us for a controlled overflow in the Paged Pool is up: 3sjay.github.io/2024/09/08/Win…

Happy Monday! watchTowr Labs member SinSinology deep dives into Veeam Backup & Response CVE-2024-40711 in our latest post 🚀 labs.watchtowr.com/veeam-backup-r… We hope you enjoy it! (as always, where there's smoke - there is fire 😉 for next time..)

Some time ago, I found a vulnerability in a customer's remote access (Citrix) configuration that allowed bypassing MFA under certain conditions. If you're interested, here are the details: edermi.github.io/post/2024/mfa_…

Do you work with Entra? You *need* to read and understand the content of this post.