An interesting authentication bypass exploit in Veeam Backup Enterprise Manager

September 13-15, 2024 in Savannah, GA

CVE-2024-29824 Ivanti EPM SQL Injection Remote Code Execution Vulnerability. This blog details the internals of a SQLi RCE vulnerability.

This post contains the cryptographically-signed BusKill warrant canary #008 for June 2024 to January 2025.

POC — CVE-2024–4956 — Nexus Repository Manager 3 Unauthenticated Path Traversal

YetiHunter is an open source tool that combines the indicators that Snowflake, Mandiant, DataDog and Permiso have into one easy to run noscript to detect and hunt for suspicious activity in Snowflake.

This vulenrability is due to the fact that JWT secret used to generate authentication tokens was a hardcoded value which means an unauthenticated attacker can generate valid tokens for any user (not just the administrator) and login to the Veeam Recovery…

Exploiting file read vulnerabilities in Gradio to steal secrets from Hugging Face Spaces.

Exploring how type juggling leverages loose comparisons to breach web application security.

In this blog post, we will explore a new way of exploiting the vulnerability on PHP, using direct calls to iconv(), and illustrate the vulnerability by targeting Roundcube, a popular PHP webmail.

Discover the risks of mobile phone theft and how to secure your device. Learn about the attack scenario targeting the Monzo banking app.

Regression turned into RCE