Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE - watchtowrlabs/Citrix-Virtual-Apps-XEN-Exploit

On September 10th, 2024, a critical security flaw was disclosed in the Ruby-SAML and OmniAuth-SAML libraries, exposing a vulnerability that allows complete authentication bypass. This flaw, CVE-2024-45409, earned the highest possible score of 10 on GitHub's…

For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been…

It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management…

In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.

Methodology for reverse engineering Windows drivers, finding vulnerabilities and understanding their exploitability.

Software supply chains are complex ecosystems where even a single vulnerability can lead to widely spread security issues. This blog focuses on supply chain account takeovers, particularly in NPM packages, and explains how attackers exploit expired email…

OpenBMC Remote OS Deployment: A Simplified Approach Many BMC implementations can accept a disk image and present it as a read-only USB mass storage device inserted into the host machine, allowing the host machine to boot from this “disk” for remote installation…

It'll be no surprise that 2024, 2023, 2022, and every other year of humanities' existence has been tough for SSLVPN appliances.

Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks firewall and SSLVPN…

Exploring RPC interfaces on Windows. Contribute to trailofbits/RpcInvestigator development by creating an account on GitHub.

LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission. - safedv/RustiveDump

This pull request adds an exploit module for the recent PAN-OS management interface unauthenticated RCE exploit chain (CVE-2024-0012 + CVE-2024-9474), based upon the technical analysis published by...

CVE-2024-20767- ColdFusion Path Traversal can lead to reading important data. CVE-2024-20767 is a vulnerability in ColdFusion versions 2023.6, 2021.12, and earlier. These versions are affected by...

Discover the alarming state of API security in Fortune 1000 and CAC 40. Escape's latest research reveals 2k high-risk vulnerabilities

XSS on www.bing.com context via Maps SDK

We share a few inconsistencies found in Azure logs which make detection engineering more challenging.

Local file disclosure in Sitecore 8.x to 10.x that can lead to RCE (CVE-2024-46938) due to an order of operations bug within a handler responsible for reading local files.

The Prototype Pollution vulnerability is specific to the JavaScript programming language. It enables an attacker to add or alter any properties of global object prototypes. Once the property is changed, the code that inherits it will use the injected property…