In a previous analysis blog, I explained how the Apache DolphinScheduler CVE-2022-45875 happens. in this, I'm explaining how to get remote access through RCE by exploiting Apache DolphinScheduler CVE-2022-45875 😈
By Mohammad Hussam Alzeyyat
Apr 26, 2023
CVE-2021-45456: Apache Kylin RCE PoC
Command injection in Apache Kylin has been found and registered as CVE-2021-45456, in vsociety we managed to leverage it to RCE and create PoC.
In this analysis, we are going to break down CVE-2020-17519. Understand how the directory traversal vulnerability happened, how the apache flink software decodes the URL encoding, also understand how it accesses and processes the file, and finally, see the patch diffing, and understand how they patched the vulnerability.
By Noa Machter
Apr 16, 2023
TOPIA's new CVE Trend Screen is out!
Viewing your protection journey with TOPIA has never been easier!
By Mohammad Hussam Alzeyyat
Apr 14, 2023
CVE-2022-45875: Apache DolphinScheduler vulnerable to Improper Input Validation leads to RCE
In this analysis, we are going to break down CVE-2022-45875. Understand how the command injection happened, see the patch diffing, understand how they patched, and finally give it a try to bypass the patch 😬
In this blog, we are going to analyze the information disclosure in Joomla that allows an attacker to exploit it to gain unauthorized access. we will dive deep inside the flow of Joomla, how it works, and how the vulnerability happened.
By Mudassar Zafar
Mar 22, 2023
Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891)
The Apache Spark command injection vulnerability (CVE-2022-33891) was discovered by the Sangfor FarSight Labs team and reported to the Apache Spark project team on July 18, 2022. The vulnerability was classified as high severity, with a CVSS (Common Vulnerability Scaling System) Base Score of 8.8, indicating a high potential impact.
By j00sean (https://twitter.com/j00sean)
Mar 01, 2023
CVE-2022-44666: Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability
My thoughts and more on this bug!
By Youssef Muhammad
Mar 01, 2023
KeePass Passwords Theft CVE-2023-240550
Analysis in-details for CVE-2023-240550-KeePass Passwords Theft and how to exfiltrate the data
By Mohammad Hussam Alzeyyat
Feb 28, 2023
CVE-2022–44267: Denial Of Service in ImageMagick
In this blog, we are going to take a ride check on the DoS that has been found in ImageMagick CVE-2022-44267. We will not be diving too much into the details, but make no mistake we will be having fun :D.
By Mohammad Hussam Alzeyyat
Feb 26, 2023
CVE-2022–44268: Arbitrary Remote Leak in ImageMagick
In this blog, I want to dive deep as much as I can to understand the execution details and how the vulnerability is achieved.
This is CVE-2022-4426 a very interesting vulnerability where it leads to LFI and also it can be used for privilege escalation.