Exploiting embedded mitel phones for unauthenticated remote code execution #MitelPhoneExploit #RemoteCodeExecution #Vulnerabilities #ReverseEngineering #RootAccess https://baldur.dk/blog/embedded-mitel-exploitation.html
baldur.dk
BALDUR. - Security Consultancy
How to achieve a working remote code execution exploit in an embedded phone without any previous access.
Zip Slip meets Artifactory: A Bug Bounty Story #ZipSlip #Artifactory #BugBounty #SecurityVulnerability #RemoteCodeExecution https://karmainsecurity.com/zip-slip-meets-artifactory-a-bug-bounty-story
Karmainsecurity
Zip Slip meets Artifactory: A Bug Bounty Story | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Critical RCE Vulnerabilities in OpenSSH (CVE-2024-6387, CVE-2024-6409) - How to Detect and Mitigate #OpenSSH #CriticalVulnerabilities #RemoteCodeExecution #DetectAndMitigate #OligoSecurity https://www.oligo.security/blog/critical-openssh-vulnerability-cve-2024-6387-regresshion
www.oligo.security
Critical RCE Vulnerabilities in OpenSSH (CVE-2024-6387, CVE-2024-6409) - How to Detect and Mitigate | Oligo Security
Discover the critical OpenSSH RCE vulnerabilities (CVE-2024-6387, CVE-2024-6409) and learn detection and mitigation steps to protect your servers from potential exploits.
Exploiting pfsense Remote Code Execution – CVE-2022-31814 #pfsense #RemoteCodeExecution #CVE202231814 #Laburity #CyberSecurity https://laburity.com/exploiting-pfsense-remote-code-execution-cve-2022-31814/
Laburity - Cyber Security Services
Exploiting pfsense Remote Code Execution – CVE-2022-31814 - Laburity
Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall…
👍1🔥1
Exploiting Steam: Usual and Unusual Ways in the CEF Framework #ExploitingSteam #CEFframework #RemoteCodeExecution #CommandInjection #HistoricalVulnerabilities https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/
DARKNAVY
Exploiting Steam: Usual and Unusual Ways in the CEF Framework
Introduction
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle #RedTeamPentesting #BacktoSchool #MoodleVulnerability #RemoteCodeExecution #Exploit https://blog.redteam-pentesting.de/2024/moodle-rce/
RedTeam Pentesting - Blog
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHP’s eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach …
🔥1
Authenticated Remote Code Execution in multiple Xerox printers #XeroxPrinters #RemoteCodeExecution #SECConsult #PatchingRequired #RootPrivileges https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/
SEC Consult
Authenticated Remote Code Execution in multiple Xerox printers
Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) were affected by an authenticated remote code execution vulnerability which allowed an attacker with administrative web credentials to fully compromise the devices with root privileges on the…
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! #7ZipVulnerability #RemoteCodeExecution #UpdateNow #CVE202411477 #CybersecurityNews https://securityonline.info/cve-2024-11477-7-zip-vulnerability-allows-remote-code-execution-update-now/
Daily CyberSecurity
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!
7-Zip vulnerability (CVE-2024-11477): understand the risks and learn how to safeguard your systems from potential code execution attacks.
🔥2
Unpatched Remote Code Execution in Gogs #Gogs #Vulnerability #Unpatched #RemoteCodeExecution #Exploit https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/
Vulnerability research and more
Unpatched Remote Code Execution in Gogs
The Gogs self-hosted Git service is vulnerable to symbolic link path traversal that enables remote code execution (CVE-2024-44625). The latest version at the time of writing (0.13.0) is affected. This vulnerability is exploitable against a default install…
Hacking AI Applications: From 3D Printing to Remote Code Execution #HackingAI #3DPrinting #RemoteCodeExecution #SystemPromptDisclosure #ExfiltrationTechniques https://www.securityrunners.io/post/hacking-ai-applications
www.securityrunners.io
Hacking AI Applications: From 3D Printing to Remote Code Execution
The blog post examines methods for hacking AI-native applications by detailing vulnerabilities discovered while building KachraCraft, a 3D design generation tool, including techniques for revealing system prompts, executing server-side request forgery (SSRF)…
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability #OpenSSH #Vulnerability #PoCExploit #CyberSecurity #RemoteCodeExecution https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
Cyber Security News
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability
A proof-of-concept (PoC) exploit for the critical OpenSSH vulnerability CVE-2024-6387, also known as "regreSSHion," has been released, raising alarms across the cybersecurity community.
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) #IvantiConnectSecure #ExploitationWalkthrough #RemoteCodeExecution #VulnerabilityAnalysis #ExploitationTechniques https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
watchTowr Labs
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282.
Today, we’re going to walk through exploitation.…
Today, we’re going to walk through exploitation.…
👍2