unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Eat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager
This blog post was authored by Sina Kheirkhah. Sina is a past student of...
2022-10-25 22:0:0 | 阅读: 28 |
收藏
|
srcincite.io
proxy
hashcode
expando
IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit
On March 2nd, I reported several security vulnerabilities to VMWare impactin...
2022-8-11 22:0:0 | 阅读: 27 |
收藏
|
srcincite.io
client
jdbcurl
remote
activation
From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
On May 27th, I reported a handful of security vulnerabilities to VMWare impa...
2022-8-9 22:0:0 | 阅读: 168 |
收藏
|
srcincite.io
vcops
vcopssuite
ZohOwned :: A Critical Authentication Bypass on Zoho ManageEngine Desktop Central
On December 3, 2021, Zoho released a security advisory under CVE-2021-44515...
2022-1-20 22:0:0 | 阅读: 26 |
收藏
|
srcincite.io
statefilter
forwardpath
Unlocking the Vault :: Unauthenticated Remote Code Execution against CommVault Command Center
When Justin Kennedy and Brandon Perry asked me if I was interested in performi...
2021-11-23 01:18:19 | 阅读: 64 |
收藏
|
srcincite.io
commvault
filestream
Chasing a Dream :: Pre-authenticated Remote Code Execution in Dedecms
In this blog post, I’m going to share a technical review of Dedecms (or “Cha...
2021-09-30 23:00:00 | 阅读: 57 |
收藏
|
srcincite.io
php
svar
gourl
globals
dedecms
Pwn2Own Vancouver 2021 :: Microsoft Exchange Server Remote Code Execution
In mid-November 2020 I discovered a logical remote code execution vulnerabil...
2021-08-25 23:00:00 | 阅读: 42 |
收藏
|
srcincite.io
exchange
microsoft
helpupdater
revision
Full Stack Web Attack 2021 :: Zero Day Give Away
This year I released a challenge for the Full Stack Web Attack class:Whils...
2021-07-13 23:00:00 | 阅读: 127 |
收藏
|
srcincite.io
shiro
dispatcher
jetty
attacker
Smarty Template Engine Multiple Sandbox Escape PHP Code Injection Vulnerabilities
In this blog post we explore two different sandbox escape vulnerabilities disc...
2021-02-18 22:00:00 | 阅读: 248 |
收藏
|
srcincite.io
smarty
php
security
tpl
injection
Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
When I joined Qihoo’s 360 Vulcan Team, one of the things I had free rein ove...
2021-01-12 23:00:00 | 阅读: 166 |
收藏
|
srcincite.io
microsoft
exchange
dlppolicy
cmdlet
hashset
A SmorgasHORDE of Vulnerabilities :: A Comparative Analysis of Discovery
Some time ago I performed an audit of the Horde Groupware Webmail suite of a...
2020-08-19 23:00:00 | 阅读: 120 |
收藏
|
srcincite.io
horde
php
prefs
bookmark
trean
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
When CVE-2020-1147 was released last week I was curious as to how this vulne...
2020-07-20 23:00:00 | 阅读: 124 |
收藏
|
srcincite.io
xs
microsoft
datatable
xmlreader
msdata
SQL Injection Double Uppercut :: How to Achieve Remote Code Execution Against PostgreSQL
When I was researching exploit primitives for the SQL Injection vulnerabilit...
2020-06-26 23:00:00 | 阅读: 117 |
收藏
|
srcincite.io
largeobject
pg
1337
database
2048
Strike Three :: Symlinking Your Way to Unauthenticated Access Against Cisco UCS Director
This is the final blog post to my series of attacks against Cisco software....
2020-04-17 23:00:00 | 阅读: 110 |
收藏
|
srcincite.io
infra
attacker
opname
temppath
cloudmgr
Silent Schneider :: Revealing a Hidden Patch in EcoStruxure Operator Terminal Expert
Last month, Chris and I competed at Pwn2Own Miami 2020 targeting several ICS a...
2020-02-19 00:00:00 | 阅读: 123 |
收藏
|
srcincite.io
unpacking
extracting
security
saturn
mr
Busting Cisco's Beans :: Hardcoding Your Way to Hell
After the somewhat dismay of reporting to Cisco some other vulnerabilities i...
2020-01-14 23:00:00 | 阅读: 118 |
收藏
|
srcincite.io
dcbu
dcnm
username
fabric
ep
Attacking Unmarshallers :: JNDI Injection using Getter Based Deserialization Gadgets
I know you have pwned deserialization of untrusted data bugs before (if you ha...
2019-08-08 00:00:00 | 阅读: 115 |
收藏
|
srcincite.io
jackson
fasterxml
datasource
Panic! at the Cisco :: Unauthenticated Remote Code Execution in Cisco Prime Infrastructure
Not all directory traversals are the same. The impact can range depending on...
2019-05-18 00:00:00 | 阅读: 100 |
收藏
|
srcincite.io
destdir
instream
getinstance
istream
It's Not Our Sandbox :: Auditing Foxit Reader's PDF Printer For an Elevation of Privilege
Mid last year, I blogged about how I found an exploitable use-after-free in...
2019-04-19 22:00:00 | 阅读: 126 |
收藏
|
srcincite.io
foxit
41e190
0041cb30
printer
41cb30
ActiveX Exploitation in 2019 :: Instantiation is not Scripting
But didn’t Microsoft kill ActiveX? I hear you asking. Well they almost did....
2019-02-02 00:00:00 | 阅读: 110 |
收藏
|
srcincite.io
00410041
foxitpdfsdk
0x410041
microsoft
foxit
Previous
1
2
3
4
5
6
7
8
Next