Recent News
CVE-2020-2851 – Stack-based buffer overflow in CDE libDtSvc
A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop…
CVE-2020-2944 – Local privilege escalation via CDE sdtcm_convert
Since I moved from Solaris 11 to audit Solaris 10, my weekend project has become…
Brida 0.4 is out!
After quite a lot of hours of work, Brida 0.4 is finally out! Brida 0.4…
CVE-2020-7247 exploit: LPE and RCE in OpenBSD’s OpenSMTPD
I've written an exploit for the local privilege escalation and remote command execution vulnerability in…
CVE-2019-12180 – ReadyAPI & SoapUI command execution via malicous project file
In early 2019, I had to pentest a couple of SOAP WebServices of a client…
OK Google: bypass the authentication!
During a recent assessment of a voice application we found a very intriguing vulnerability that,…
CVE-2020-7799 – FusionAuth “Apache Freemarker” Code Execution
FusionAuth command execution via Apache Freemarker Template (CVE-2020-7799).