Written by
Kent Weigle
Recent Posts
1
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)
j00sean (https://twitter.com/j00sean) July 11, 20232
CVE-2021-38294: Apache Storm Nimbus Command Injection
Sebôk Rezsx June 20, 20233
CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization
Charles Hanley June 19, 20234
Have you missed them? The new reports feature is here!
Noa Machter May 14, 20235
CVE-2021-45456 Apache Kylin RCE Exploit
Charles Hanley April 30, 2023
Related Posts
By j00sean (https://twitter.com/j00sean)
Jul 11, 2023
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day)
Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.
By Sebôk Rezsx
Jun 20, 2023
CVE-2021-38294: Apache Storm Nimbus Command Injection
Command Injection vulnerability that affects Nimbus server in apache storm.
By Charles Hanley
Jun 19, 2023
CVE-2023-21931 & CVE-2023-21839 RCE via post-deserialization
RCE via post-deserialization was found in Weblogic Server and has been found and registered as CVE-2023-21839 & CVE-2023-21931 both have the same idea.
We are going to go through some of the code, reproduce the vulnerability, explain the exploitation and do some network traffic analysis
Start Closing Security Gaps
- Risk reduction from Day 1
- Fast set-up and deployment
- Unified platform
- Full-featured 14-day trial