Whitepaper called Hacking HTTP CORS.
b61e090c2844b313bc5bcf80a898258cecf16f0d35e5763fa01cfa2c26e996cb
This is a brief whitepaper that discuss HTTP Host header attacks.
a6fa96ce1a609cfb613a8375b0180918f63f56cc17ee3a3c76e0de0ea38c3e92
This is a whitepaper that discusses attacking GraphQL.
aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37beb
LiteSpeed Web Server Enterprise version 5.4.11 suffers from an authenticated remote command injection vulnerability.
3ba47cb0d0b0247ab02f85b865390f467999b58710524e0b2140b93cf1e7dd71
Whitepaper called Malware Hunting 101. Written in Vietnamese.
4c7c6fc0b06cba7e2b4fb8988f1c690f57a0745feb25e07266255d76ec474755
Openlitespeed Web Server version 1.7.8 suffers from an authenticated command injection vulnerability.
6245ded7393648d6817b10e62fc6f6b93770c5c229af1eac1d2e7523eb97a85a
Whitepaper called Android Application Vulnerabilities. Written in Vietnamese.
25a9be443e83e5ebb65adc0990933e8bc358ae4df7692ffa351cac1c3505acde
This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.
6496c8aa6342663e882ec2f4a0d63167dcd9c32f65f07c081d82e365efcf4f8d
Laravel version 8.4.2 suffers from a debug mode remote code execution vulnerability.
e34cd9189ebccce75149b7a897ad6f0f8f21c47b20e534aec63a70a6024d57f6
This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.
79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d
Responsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.
e60dde7a6fb3e57f25bc60645a9e6b12692e86e856f5127f0306b5a233418882
CSZ CMS version 1.2.9 suffers from multiple cross site scripting vulnerabilities.
79f1df60bfb3aadd09240d3b2f1db88b5dd5c450c8c2e5cd822fcbfb3e1d4cbb
Whitepaper called Object Prototype Pollution Attack.
0cf71dcc65c57e4d0d55c1d72779900dfcd3e0f7bb0d277277738f83613d8f75
This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.
b1fd7066d25604160753e81eec4934df777ae2201da72af60ddf06186600cd4d
Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.
c79b819f3916ff0be16a8f92b4bb6d4ac20350c987de62c68c23246986271990
This is a brief whitepaper discussing best practices in mobile application security.
b1918abbd608009a0920e4a9bc031809a5b57b44c3c36e87343ee875c3173748
Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.
19487e6fb12e5fd2ce1d15d579fca1015fa6eb99c113ccce6a7fd2ae4947256b
WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.
5c77636e1392acaaefaad99cda395188e1f61fbc280e529b78e09a0273f56e6c
WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.
df164b02a712cca62c1fad6d88d073af2a72295ef861341c2f8f29ebd0a7522f
Apache OpenMeetings version 5.0.0 suffers from a denial of service vulnerability.
7539b0d8fbb557e732f484501716397e2294abadc113cf2d94a89501dcf3e5de
BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.
92f4a303fee246d434165dc019b78a49fcc67be677212629c4facc2f010f054c
Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
2e44366f893d3e12294a36d49eeaca34428e4d82f50595d15725bbc37035ee42
WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
22351f0d0d7c3f44bb5f337f9236dda428c979d350043aa67d965801fc39d337
Whitepaper called Exploit Command Injection Router via reverse firmware technique.
52e2f44996fd104e80355da0a4c50a392a577914c8465b2dd09f44548afeaad0
Whitepaper called Detect SQL Injection WordPress Plugin using RegEx.
085b2a3d5011566b3a2e006830d12feacf5415f9dcda5ab618f5ff59125c9106