Advisories archive

TL;DR Find out how a chain of vulnerabilities in rConfig allows a remote unauthenticated user to gain 'apache' user access
TL;DR Find out how we exploited a behavior of Apache while using the limited rights of Aegir user to gain
TL;DR Find out how we exploited an unauthenticated Netgear Nighthawk R8300 vulnerability and gained root access to the device. Vulnerability
TL;DR Find out how we exploited an unauthenticated TerraMaster OS vulnerability and gained root access to the device. Vulnerability Summary
TL;DR Find out how we exploited Roundcube webmail application and crafted an email containing malicious HTML that execute arbitrary JavaScript
TL;DR Find out how we exploited Mimosa Router's web interface vulnerability and gained root access. Vulnerability Summary Mimosa Networks is
TL;DR Find out how we managed to inject an auth session into the device and through it gain a reverse
Vulnerable Key The following is the hardcoded key used by MyLittleAdmin, by inserting its values to ysoserial.exe it is possible
A vulnerability in ManageEngine OpManager allows a remote attacker to leak the API key of the product (administrative level API
Netsweeper provides real-time content monitoring and reporting for early intervention. One of our researchers had recently managed to perform remote