Exploiting pfsense Remote Code Execution – CVE-2022-31814 #pfsense #RemoteCodeExecution #CVE202231814 #Laburity #CyberSecurity https://laburity.com/exploiting-pfsense-remote-code-execution-cve-2022-31814/
Laburity - Cyber Security Services
Exploiting pfsense Remote Code Execution – CVE-2022-31814 - Laburity
Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall…
👍1🔥1
Exploiting Steam: Usual and Unusual Ways in the CEF Framework #ExploitingSteam #CEFframework #RemoteCodeExecution #CommandInjection #HistoricalVulnerabilities https://www.darknavy.org/blog/exploiting_steam_usual_and_unusual_ways_in_the_cef_framework/
DARKNAVY
Exploiting Steam: Usual and Unusual Ways in the CEF Framework
Introduction
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher…
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle #RedTeamPentesting #BacktoSchool #MoodleVulnerability #RemoteCodeExecution #Exploit https://blog.redteam-pentesting.de/2024/moodle-rce/
RedTeam Pentesting - Blog
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
Surprisingly often, implementations include functionality where user input is passed to dangerous functions like PHP’s eval() - despite clear warnings. Often, devs are somewhat aware of this danger and attempt to sanitize the input, but this approach …
🔥1
Authenticated Remote Code Execution in multiple Xerox printers #XeroxPrinters #RemoteCodeExecution #SECConsult #PatchingRequired #RootPrivileges https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-in-multiple-xerox-printers/
SEC Consult
Authenticated Remote Code Execution in multiple Xerox printers
Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) were affected by an authenticated remote code execution vulnerability which allowed an attacker with administrative web credentials to fully compromise the devices with root privileges on the…
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! #7ZipVulnerability #RemoteCodeExecution #UpdateNow #CVE202411477 #CybersecurityNews https://securityonline.info/cve-2024-11477-7-zip-vulnerability-allows-remote-code-execution-update-now/
Daily CyberSecurity
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!
7-Zip vulnerability (CVE-2024-11477): understand the risks and learn how to safeguard your systems from potential code execution attacks.
🔥2
Unpatched Remote Code Execution in Gogs #Gogs #Vulnerability #Unpatched #RemoteCodeExecution #Exploit https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/
Vulnerability research and more
Unpatched Remote Code Execution in Gogs
The Gogs self-hosted Git service is vulnerable to symbolic link path traversal that enables remote code execution (CVE-2024-44625). The latest version at the time of writing (0.13.0) is affected. This vulnerability is exploitable against a default install…
Hacking AI Applications: From 3D Printing to Remote Code Execution #HackingAI #3DPrinting #RemoteCodeExecution #SystemPromptDisclosure #ExfiltrationTechniques https://www.securityrunners.io/post/hacking-ai-applications
www.securityrunners.io
Hacking AI Applications: From 3D Printing to Remote Code Execution
The blog post examines methods for hacking AI-native applications by detailing vulnerabilities discovered while building KachraCraft, a 3D design generation tool, including techniques for revealing system prompts, executing server-side request forgery (SSRF)…
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability #OpenSSH #Vulnerability #PoCExploit #CyberSecurity #RemoteCodeExecution https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
Cyber Security News
PoC Exploit Released For OpenSSH Arbitrary Code Execution Vulnerability
A proof-of-concept (PoC) exploit for the critical OpenSSH vulnerability CVE-2024-6387, also known as "regreSSHion," has been released, raising alarms across the cybersecurity community.
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) #IvantiConnectSecure #ExploitationWalkthrough #RemoteCodeExecution #VulnerabilityAnalysis #ExploitationTechniques https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
watchTowr Labs
Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282.
Today, we’re going to walk through exploitation.…
Today, we’re going to walk through exploitation.…
👍2
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections #MicrosoftConfigurationManager #UnauthenticatedSQL #CriticalVulnerability #CVE-2024-43468 #RemoteCodeExecution https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
Synacktiv
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections
Hack The Emulated Planet: Vulnerability Hunting on Planet WGS-804HPT Industrial Switches #PlanetWGS804HPT #VulnerabilityHunting #EmulationTools #RemoteCodeExecution #ExploitDevelopment https://claroty.com/team82/research/hack-the-emulated-planet-vulnerability-hunting-on-planet-wgs-804hpt-industrial-switches
Claroty
Hack The Emulated Planet: Vulnerability Hunting on Planet WGS-804HPT Industrial Switches
Claroty Team82 used QEMU to emulate the relevant system components of Planet Technology Corp’s WGS-804HPT Industrial switch, and uncovered three vulnerabilities that could allow an attacker to remotely execute code on a vulnerable device. The vulnerabilities…
Microsoft Edge Developer VM Remote Code Execution #MicrosoftEdge #RemoteCodeExecution #InfoSec #Puppet #VMCompromise https://infosec.rm-it.de/2025/02/17/microsoft-edge-developer-vm-remote-code-execution/
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution #WazuhCVE #RCEvulnerability #UnsafeDeserialization #RemoteCodeExecution #PatchAnalysis https://cvereports.com/cve-2025-24016-unsafe-deserialization-vulnerability-in-wazuh-leading-to-remote-code-execution/
Llama's Paradox - Delving deep into Llama.cpp and exploiting Llama.cpp's Heap Maze, from Heap-Overflow to Remote-Code Execution #LlamaCPPExploitation #RemoteCodeExecution #HeapOverflow #UniqueExploitationVectors #MemoryManagement https://retr0.blog/blog/llama-rpc-rce
retr0.blog
Retr0's Register
Retr0's Threat Research
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542) #SAPEmarsysSDK #AndroidVulnerability #DataLeak #RemoteCodeExecution #RCESecurity https://www.rcesecurity.com/2025/04/sap-emarsys-sdk-for-android-sensitive-data-leak-cve-2023-6542/
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) #TowrResearch #VaultBreach #CommvaultRCE #SSRFVulnerability #RemoteCodeExecution https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
watchTowr Labs
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will.
No heist story…
No heist story…
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) #SecurityAdvisory #RemoteCodeExecution #ViasatModems #CVE20246198 #ONEKEYResearch https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
Onekey
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) | ONEKEY Research | Research | ONEKEY
Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.
Authenticated Remote Code Execution in Netwrix Password Secure (CVE-2025-26817) #CVE2025 #Netwrix #RCE #PasswordSecure #RemoteCodeExecution https://www.8com.de/cyber-security-blog/authenticated-remote-code-execution-in-netwrix-password-secure-cve-2025-26817
www.8com.de
cve-2025-26817 netwrix rce
Authenticated Remote Code Execution Vulnerability in Netwrix Password Secure
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities #TikiWiki #SSTI #RemoteCodeExecution #CVE202532461 #CMSVulnerability https://karmainsecurity.com/KIS-2025-03
Karmainsecurity
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.