CODE WHITE | Red Teaming & Attack Surface Management

[Vulnerability] AuthenticationServiceForceResetPassword Missing Authentication in SmarterMail

Thu, 15 Jan 2026 00:00:00 +0000

[Vulnerability] SystemAdminSettingsControllerConnectToHub Missing Authentication in SmarterMail

Thu, 15 Jan 2026 00:00:00 +0000

[Blog] Unauthenticated RCE in NetSupport Manager - A Technical Deep Dive

Tue, 13 Jan 2026 12:11:59 +0000

NetSupport Manager is a remote control and support software that we find surprisingly often utilized in sensitive *Operational Technology (OT)* environments, such as production plant networks. Besides describing two 0-day vulnerabilities that we found in the client component of the software, we also walk you through an exploit odyssey to finally gain unauthenticated Remote Code Execution.

[Vulnerability] Multiple Vulnerabilities in ABL90 FLEX PLUS

Wed, 17 Dec 2025 00:00:00 +0000

[Vulnerability] Multiple Vulnerabilities in NetSupport Manager

Mon, 03 Nov 2025 00:00:00 +0000

[Blog] A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS

Wed, 29 Oct 2025 00:00:00 +0000

How the n-day research for a suspected vulnerability in Microsoft WSUS (CVE-2025-59287) led to the surprising discovery of a new `SoapFormatter` vulnerability added by the Patch Tuesday updates of October 2025.

[Vulnerability] Reporting Web Service ReportingEvent SoapFormatter Deserialization in Windows Server Update Services (WSUS)

Thu, 23 Oct 2025 00:00:00 +0000

[Vulnerability] Mount Service Deserialization via NET Remoting Client in Backup & Replication

Tue, 14 Oct 2025 00:00:00 +0000

[Vulnerability] Local Privilege Escalation in Intensive Care Manager (ICM)

Mon, 21 Jul 2025 00:00:00 +0000

[Vulnerability] Multiple Vulnerabilities in OnlineSuite

Mon, 23 Jun 2025 00:00:00 +0000

[Vulnerability] Remote Code Execution via Deserialization of Untrusted Data in Backup & Replication

Tue, 17 Jun 2025 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution via Deserialization of Untrusted Data in mediDOK

Wed, 14 May 2025 00:00:00 +0000

[Blog] Analyzing the Attack Surface of Ivanti's DSM

Mon, 12 May 2025 12:00:00 +0000

Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized distribution of software packages. In our blog post *Analyzing the Attack Surface of Ivanti's DSM* we take a look at the software from an attacker's perspective. We discuss common misconfigurations, uncover the technical details of two vulnerabilities we identified and provide recommendations to harden existing DSM environments.

[Vulnerability] Multiple Vulnerabilities in GFI MailEssentials

Tue, 29 Apr 2025 00:00:00 +0000

[Vulnerability] Unauthenticated ServerSide TemplateInjection in Metazo

Mon, 28 Apr 2025 00:00:00 +0000

[Vulnerability] DefaultResourceLocator Absolute Path Traversal in ActiveReports.NET

Tue, 25 Feb 2025 00:00:00 +0000

[Vulnerability] ReportFileResolver Absolute Path Traversal in Telerik Reporting

Wed, 12 Feb 2025 00:00:00 +0000

[Vulnerability] SPThemeBackgroundImageUri Relative Path Traversal in SharePoint

Tue, 10 Dec 2024 00:00:00 +0000

[Vulnerability] Multiple Vulnerabilities in Syncfusion ASP.NET MVC

Sat, 30 Nov 2024 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution via Known View State Secret in FieldPie

Thu, 28 Nov 2024 00:00:00 +0000

[Vulnerability] SequenceExternalizable Arbitrary Deserialization in WebLogic Server

Tue, 15 Oct 2024 00:00:00 +0000

[Vulnerability] EntityDataSource Insecure Type Resolution in Telerik Report Server

Wed, 25 Sep 2024 00:00:00 +0000

[Vulnerability] EntityDataSource Insecure Type Resolution in Telerik Reporting

Wed, 25 Sep 2024 00:00:00 +0000

[Vulnerability] Insecure Expression Evaluation in Telerik Reporting

Wed, 25 Sep 2024 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in Backup & Replication

Wed, 04 Sep 2024 00:00:00 +0000

[Vulnerability] Unauthenticated Content Injection in OpenEdge Management

Fri, 30 Aug 2024 00:00:00 +0000

[Vulnerability] Accessible Logs in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Vulnerability] Authenticated XXE in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Vulnerability] Authentication Bypass in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Vulnerability] Deserialization of Untrusted Data in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Vulnerability] HardCoded not changable credentials in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Vulnerability] Serverside Request Forgery TestDataServiceRequest in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Vulnerability] Serverside Request Forgery testDeviceConnection in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Vulnerability] Unprotected JMX Registry in Spectrum

Thu, 22 Aug 2024 00:00:00 +0000

[Blog] Teaching the Old .NET Remoting New Exploitation Tricks

Wed, 31 Jul 2024 00:00:00 +0200

This blog post provides insights into three exploitation techniques that can still be used in cases of a hardened .NET Remoting server with `TypeFilterLevel.Low` and Code Access Security (CAS) restrictions in place. Two of these tricks are considered novel and can help in cases where ExploitRemotingService is stuck.

[Vulnerability] UnknownTypeResolver Insecure Type Resolution in Telerik Report Server

Wed, 10 Jul 2024 00:00:00 +0000

[Vulnerability] UnknownTypeResolver Insecure Type Resolution in Telerik Reporting

Wed, 10 Jul 2024 00:00:00 +0000

[Vulnerability] PreAuth Insecure Deserialization in Dynamics 365 Business Central

Tue, 11 Jun 2024 00:00:00 +0000

[Vulnerability] BinarySerializerVulnerabilityFilter Bypass in Service Provider Console

Tue, 28 May 2024 00:00:00 +0000

[Vulnerability] Insecure NET Remoting in Project Center Server

Mon, 22 Apr 2024 00:00:00 +0000

[Vulnerability] Unauthenticated SQL Injection in Smartfactory Shopfloor.guide

Fri, 12 Apr 2024 00:00:00 +0000

[Vulnerability] HTTP NET Remoting ObjRef Leak in .NET Framework

Fri, 22 Mar 2024 00:00:00 +0000

[Blog] Leaking ObjRefs to Exploit HTTP .NET Remoting

Tue, 27 Feb 2024 00:00:00 +0000

How leaking valid `ObjRef`s to target .NET Remoting for Remote Code Execution is not considered a vulnerability – at least according to Microsoft.

[Vulnerability] SSRF NetNTLM Leaks in Tableau Server

Mon, 19 Feb 2024 00:00:00 +0000

[Vulnerability] Authentication Bypass in AI BOX

Tue, 19 Dec 2023 00:00:00 +0000

[Vulnerability] PreAuthenticated XXE in CCTV with Observer

Tue, 19 Dec 2023 00:00:00 +0000

[Vulnerability] JNDI Injection in Pentaho Business Analytics Server

Thu, 14 Dec 2023 00:00:00 +0000

[Vulnerability] Authenticated Remote Code Execution in GridVis

Tue, 12 Dec 2023 00:00:00 +0000

[Vulnerability] HardCoded Encryption Password Allows for Authenticated Leak of Cleartext Database Credentials in GridVis

Tue, 12 Dec 2023 00:00:00 +0000

[Vulnerability] Local Privilege Escalation in VISOR Vision Sensors

Sun, 10 Dec 2023 00:00:00 +0000

[Vulnerability] Unauthenticated Arbitrary File Write as Root in PROFINET-INspector NT

Wed, 29 Nov 2023 00:00:00 +0000

[Vulnerability] Unauthenticated OS Command Injection in PROFINET-INspector NT

Wed, 29 Nov 2023 00:00:00 +0000

[Vulnerability] Security Feature Bypass Vulnerability in ASP.NET

Tue, 14 Nov 2023 00:00:00 +0000

[Vulnerability] Unauthenticated Serverside Request Forgery in Skype for Business Server

Tue, 10 Oct 2023 00:00:00 +0000

[Blog] Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)

Fri, 29 Sep 2023 00:00:00 +0000

In Part I, we dug into the internals of the ASP.NET `TemplateParser` and elaborated its capabilities in respect to exploitation. In this part, we will look into whether and how this can also be exploited to gain Remote Code Execution. While this research was originally focussed on the `TemplateParser`, the newly discovered technique was also applicable to SharePoint on-premises and SharePoint Online. So we'll elaborate on how SharePoint protects against the use of malicious code and will present a novel trick that allowed to bypass these security measures (CVE-2023-33160).

[Blog] Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)

Mon, 25 Sep 2023 00:00:00 +0000

The `TemplateParser` is fundamental in ASP.NET Web Forms. It is used for parsing different ASP.NET source files such as `*.aspx` and for parsing other input from various sources, including user provided data. In this two part series we will take a deep look into `TemplateParser` internals, its capabilities, and how they can be exploited. This knowledge is then applied in the field to demonstrate Remote Code Execution vulnerabilities in Sitecore (CVE-2023-35813) and SharePoint (CVE-2023-33160).

[Blog] Blindsiding auditd for Fun and Profit

Thu, 03 Aug 2023 08:40:00 +0200

[Vulnerability] Local Privilege Escalation in Ivanti Desktop and Server Management

Wed, 26 Jul 2023 00:00:00 +0000

[Vulnerability] Arbitrary Java EL Execution in Workspace

Sat, 15 Jul 2023 00:00:00 +0000

[Vulnerability] SPPageparserFilter Bypass in SharePoint

Tue, 11 Jul 2023 00:00:00 +0000

[Blog] From Blackbox .NET Remoting to Unauthenticated Remote Code Execution

Mon, 10 Jul 2023 08:17:48 +0000

This is a story on discovering an Unauthenticated Remote Code Execution in a CRM product by the vendor ACT!. What made this story special for us was that we had to take a blackbox approach at the beginning and the system was not exploitable with standard .NET Remoting payloads due to several reasons we'll explain in this blog post.

[Vulnerability] Data Source Protection Bypass During XML Deserialization in DevExpress

Mon, 19 Jun 2023 00:00:00 +0000

[Vulnerability] Exposed Dangerous Method or Function in Experience Manager, Experience Platform, and Experience Commerce

Mon, 19 Jun 2023 00:00:00 +0000

[Vulnerability] Insecure Arbitrary TypeConverter Conversion in DevExpress

Mon, 19 Jun 2023 00:00:00 +0000

[Vulnerability] Missing Protection of XtraReport Serialized Data in ASPNET Web Forms in DevExpress

Mon, 19 Jun 2023 00:00:00 +0000

[Vulnerability] ServerSide Request Forgery Via AsyncDownloader in DevExpress

Mon, 19 Jun 2023 00:00:00 +0000

[Vulnerability] Deserialization of Untrusted Data in Pentaho Business Analytics Server

Wed, 24 May 2023 00:00:00 +0000

[Vulnerability] Unauthenticated Arbitrary File Read as SYSTEM in MCL-Net

Fri, 14 Apr 2023 00:00:00 +0000

[Blog] Java Exploitation Restrictions in Modern JDK Times

Tue, 11 Apr 2023 17:03:00 +0100

Java deserialization gadgets have a long history in context of vulnerability research and at least go back to the year 2015. One of the most popular tools providing a large set of different gadgets is ysoserial by Chris Frohoff. Recently, we observed increasing concerns from the community why several gadgets do not seem to work anymore with more recent versions of JDKs. In this blog post we try to summarize certain facts to reenable some capabilities which seemed to be broken. But our journey did not begin with deserialization in the first place but rather looking for alternative ways of executing Java code in recent JDK versions. In this blost post, we will focus on OpenJDK and Oracle implementations. Defenders should therefore adjust their search patterns to these alternative code execution patterns accordingly.

[Vulnerability] External control of the system or configuration settings in Remote Application Server

Mon, 10 Apr 2023 00:00:00 +0000

[Vulnerability] Relative path traversal in Remote Application Server

Mon, 10 Apr 2023 00:00:00 +0000

[Blog] JMX Exploitation Revisited

Mon, 20 Mar 2023 12:05:00 +0200

The Java Management Extensions (JMX) are used by many if not all enterprise level applications in Java for managing and monitoring of application settings and metrics. While exploiting an accessible JMX endpoint is well known and there are several free tools available, this blog post will present new insights and a novel exploitation technique that allows for instant Remote Code Execution with no further requirements, such as outgoing connections or the existence of application specific MBeans.

[Vulnerability] Multiple Vulnerabilities Unauthenticated in FortiNAC

Thu, 02 Mar 2023 00:00:00 +0000

[Vulnerability] Hardcoded Administrative Credentials in TG670 DSL gateway router

Mon, 20 Feb 2023 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in GoAnywhere MFT

Thu, 02 Feb 2023 00:00:00 +0000

[Vulnerability] Multiple Vulnerabilities in Tornado Server

Wed, 18 Jan 2023 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in pgAdmin Web (Windows)

Wed, 23 Nov 2022 00:00:00 +0000

[Vulnerability] Unauthenticated XXE in Sophos Mobile

Wed, 09 Nov 2022 00:00:00 +0000

[Vulnerability] Unauthorized User Registration in Apache Archiva

Mon, 10 Oct 2022 00:00:00 +0000

[Vulnerability] LowPriv User Stack Buffer Overflow in 2FA in Kerio Connect

Fri, 09 Sep 2022 00:00:00 +0000

[Blog] Attacks on Sysmon Revisited - SysmonEnte

Tue, 06 Sep 2022 11:02:00 +0200

In this blogpost we demonstrate an attack on the integrity of Sysmon which generates a minimal amount of observable events making this attack difficult to detect in environments where no additional security products are installed.

[Vulnerability] Authentication Bypass in R1Soft Server Backup Manager

Tue, 26 Jul 2022 00:00:00 +0000

[Vulnerability] Authenticated Command Injection in App Platform AP Manager

Tue, 12 Jul 2022 00:00:00 +0000

[Vulnerability] Authenticated Command Injection in SEPPmail Appliance

Tue, 12 Jul 2022 00:00:00 +0000

[Blog] Bypassing .NET Serialization Binders

Tue, 28 Jun 2022 16:00:00 +0200

[Vulnerability] Authenticated Command Injection in EDR-810 Series

Tue, 28 Jun 2022 00:00:00 +0000

[Vulnerability] Authenticated Command Injection in TN-5916 NAT Router

Tue, 28 Jun 2022 00:00:00 +0000

[Vulnerability] Authentication Bypass in TN-5916 NAT Router

Tue, 28 Jun 2022 00:00:00 +0000

[Vulnerability] Unauthenticated Remode Code Execution in gRPC Interfaces in SmarterStats

Thu, 09 Jun 2022 00:00:00 +0000

[Vulnerability] Vulnerable RMI Call in Windchill PDMLink

Fri, 03 Jun 2022 00:00:00 +0000

[Vulnerability] RequestDispatcher Local File Inclusion in ZK Framework

Tue, 10 May 2022 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in Phone Management System

Mon, 14 Feb 2022 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in StoreEver ESL G3 Tape Library

Tue, 08 Feb 2022 00:00:00 +0000

[Blog] .NET Remoting Revisited

Thu, 27 Jan 2022 15:49:00 +0100

[Vulnerability] Authentication Bypass Unauthenticated Root Password Reset in Citrix ADM

Thu, 20 Jan 2022 00:00:00 +0000

[Vulnerability] Unauthenticated Service Shutdown in Citrix ADM

Thu, 20 Jan 2022 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in ACT! CRM

Mon, 10 Jan 2022 00:00:00 +0000

[Vulnerability] Deserialization Protection Bypass in Exchange 2013/2016/2019

Wed, 15 Dec 2021 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in ADMIRA/AREMA

Thu, 04 Nov 2021 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution in TPT

Mon, 25 Oct 2021 00:00:00 +0000

[Vulnerability] Authenticated XXE in TIBCO JasperReports Server

Thu, 21 Oct 2021 00:00:00 +0000

[Vulnerability] Unauthenticated RCE via Unsafe Cookie Deserialization in HelpSpot

Fri, 01 Oct 2021 00:00:00 +0000

[Blog] RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through

Tue, 21 Sep 2021 10:04:00 +0200

[Vulnerability] UnAuthenticated Remote Code Execution in Jedox

Tue, 21 Sep 2021 00:00:00 +0000

[Vulnerability] NET Deserialization in Cerberus DSM, Desigo CC, Desigo CC Compact

Tue, 14 Sep 2021 00:00:00 +0000

[Vulnerability] Arbitrary File Reading via Hardcoded Crypto Key in Storefront

Tue, 03 Aug 2021 00:00:00 +0000

[Vulnerability] RCE via Arbitrary Class Execution in Lobster AdminConsole

Wed, 28 Jul 2021 00:00:00 +0000

[Vulnerability] Local Privilege Escalation to SYSTEM in Aternity Agent

Fri, 18 Jun 2021 00:00:00 +0000

[Blog] About the Unsuccessful Quest for a Deserialization Gadget (or: How I found CVE-2021-21481)

Fri, 11 Jun 2021 12:05:00 +0200

[Vulnerability] Path Traversal in ShareFile StorageZone Controller

Fri, 30 Apr 2021 00:00:00 +0000

[Vulnerability] NET Deserialization via NET Remoting in Backup & Replication

Fri, 15 Jan 2021 00:00:00 +0000

[Vulnerability] Several Unauthenticated Remote Code Executions File Reads and Writes in Security Manager

Tue, 08 Dec 2020 00:00:00 +0000

[Vulnerability] Various vulnerabilities file read file write SQL injection XSL transformation DataSet deserialization in Protean CMS

Wed, 09 Sep 2020 00:00:00 +0000

[Vulnerability] LFI leads to RCE in WebConfig

Wed, 02 Sep 2020 00:00:00 +0000

[Blog] Sophos XG - A Tale of the Unfortunate Re-engineering of an N-Day and the Lucky Find of a 0-Day

Mon, 13 Jul 2020 16:46:00 +0200

[Vulnerability] SQL Injection in Firewall XG

Mon, 13 Jul 2020 00:00:00 +0000

[Vulnerability] Java Deserialization in WebLogic Server

Mon, 11 May 2020 00:00:00 +0000

[Vulnerability] Arbitrary File Read in Spring Web MVC

Wed, 29 Apr 2020 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution via NET Remoting in SmarterStats

Fri, 17 Apr 2020 00:00:00 +0000

[Vulnerability] Unauthenticated access to encrypted administration credentials in Dell VxRail

Thu, 16 Apr 2020 00:00:00 +0000

[Vulnerability] Authenticated Remote Code Execution via unsecure Java deserialization in OpenNMS

Wed, 15 Apr 2020 00:00:00 +0000

[Vulnerability] Unauthenticated change of system configuration via unprotected Java servlets in ManageEngine ADManager Plus, ManageEngine Cloud Security Plus, ManageEngine Log360, ManageEngine ADAudit Plus, ManageEngine DataSecurity Plus, ManageEngine O365 Manager Plus, ManageEngine RecoveryManager Plus, ManageEngine EventLog Analyzer

Wed, 15 Apr 2020 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution via unsecure Java deserialization in HPE Insight Systems Manager

Wed, 08 Apr 2020 00:00:00 +0000

[Vulnerability] 622 631 in Avalanche Data Repository Service

Mon, 06 Apr 2020 00:00:00 +0000

[Blog] Liferay Portal JSON Web Service RCE Vulnerabilities

Fri, 20 Mar 2020 13:31:00 +0100

[Vulnerability] Java Deserialization in Portal

Fri, 20 Mar 2020 00:00:00 +0000

[Vulnerability] Arbitrary File Upload in Telerik UI for Silverlight

Tue, 17 Mar 2020 00:00:00 +0000

[Vulnerability] Missing Authorization Check in SAP NetWeaver AS JAVA MigrationService in Netweaver

Mon, 09 Mar 2020 00:00:00 +0000

[Vulnerability] in SmarterMail

Thu, 27 Feb 2020 00:00:00 +0000

[Vulnerability] Java Deserialization in FortiSIEM

Mon, 10 Feb 2020 00:00:00 +0000

[Blog] CVE-2019-19470: Rumble in the Pipe

Fri, 17 Jan 2020 10:18:00 +0100

[Vulnerability] Authentication Bypass Path Traversal in ASES

Fri, 17 Jan 2020 00:00:00 +0000

[Vulnerability] Path Traversal in Telerik MVC

Wed, 08 Jan 2020 00:00:00 +0000

[Vulnerability] Privilege escalation via unsecure NET deserialization and Process Spoofing in TinyWall

Wed, 27 Nov 2019 00:00:00 +0000

[Vulnerability] Java Deserialization in 300 People

Thu, 21 Nov 2019 00:00:00 +0000

[Vulnerability] Authenticated Remote Code Execution via unsecure NET deserialization in C1 CMS

Fri, 18 Oct 2019 00:00:00 +0000

[Vulnerability] Unauthenticated SQLInjection via unprotected Java servlet in ManageEngine OpManager

Wed, 09 Oct 2019 00:00:00 +0000

[Vulnerability] Mitigation Bypass in Telerik UI for Ajax ASP.NET

Tue, 01 Oct 2019 00:00:00 +0000

[Vulnerability] NET Deserialization in myLittleAdmin

Tue, 27 Aug 2019 00:00:00 +0000

[Vulnerability] Path Traversal Unauthenticated Socks5 Proxy in MailEnable

Mon, 26 Aug 2019 00:00:00 +0000

[Blog] Exploiting H2 Database with native libraries and JNI

Thu, 01 Aug 2019 14:54:00 +0200

[Vulnerability] Java Deserialization in cpanel-dovecot-solr

Thu, 25 Jul 2019 00:00:00 +0000

[Vulnerability] Authenticated Remote Code Execution via unsecure Java deserialization in FTAPI

Mon, 22 Jul 2019 00:00:00 +0000

[Blog] Heap-based AMSI bypass for MS Excel VBA and others

Fri, 19 Jul 2019 14:03:00 +0200

[Vulnerability] NET Deserialization in

Tue, 04 Jun 2019 00:00:00 +0000

[Vulnerability] Java Deserialization in Secure Global Desktop

Fri, 17 May 2019 00:00:00 +0000

[Vulnerability] Unauthenticated Remote Code Execution via unprotected RMIRegistry in IBM ServRAID

Wed, 27 Mar 2019 00:00:00 +0000

[Vulnerability] XXE in SyncML XXE in Keyoti RapidSpell in SmarterMail

Tue, 12 Feb 2019 00:00:00 +0000

[Blog] Telerik Revisited

Thu, 07 Feb 2019 11:04:00 +0100

[Vulnerability] NET Deserialization in CribMaster

Thu, 07 Feb 2019 00:00:00 +0000

[Vulnerability] NET Deserialization in Telerik UI for Ajax ASP.NET

Thu, 07 Feb 2019 00:00:00 +0000

[Vulnerability] NET Deserialization in DevExpress

Mon, 14 Jan 2019 00:00:00 +0000

[Vulnerability] Authenticated file system data exfiltration via SOAP webservice in ILIAS

Tue, 04 Dec 2018 00:00:00 +0000

[Vulnerability] NET Deserialization in Managed Workplace RMM

Tue, 13 Nov 2018 00:00:00 +0000

[Blog] LethalHTA - A new lateral movement technique using DCOM and HTA

Fri, 06 Jul 2018 14:08:00 +0200

[Blog] Marshalling to SYSTEM - An analysis of CVE-2018-0824

Fri, 15 Jun 2018 15:19:00 +0200

[Blog] Poor RichFaces

Wed, 30 May 2018 15:00:00 +0200

[Vulnerability] EL Injection in RichFaces

Wed, 30 May 2018 00:00:00 +0000

[Vulnerability] EL Injection in RichFaces

Wed, 30 May 2018 00:00:00 +0000

[Vulnerability] NET Deserialization in Genuine Channels

Mon, 23 Apr 2018 00:00:00 +0000

[Vulnerability] Java Deserialization in GWT

Fri, 13 Apr 2018 00:00:00 +0000

[Blog] Exploiting Adobe ColdFusion before CVE-2017-3066

Tue, 13 Mar 2018 15:41:00 +0100

[Vulnerability] NET Deserialization in

Thu, 22 Feb 2018 00:00:00 +0000

[Blog] Handcrafted Gadgets

Thu, 18 Jan 2018 16:07:00 +0100

[Vulnerability] El Injection in

Thu, 17 Aug 2017 00:00:00 +0000

[Blog] SAP Customers: Make sure your SAPJVM is up-to-date!

Wed, 17 May 2017 16:56:00 +0200

[Vulnerability] Java Deserialization in P4

Wed, 17 May 2017 00:00:00 +0000

[Blog] AMF – Another Malicious Format

Tue, 04 Apr 2017 16:01:00 +0200

[Vulnerability] Java Deserialization in

Tue, 04 Apr 2017 00:00:00 +0000

[Vulnerability] Java Deserialization in Jira

Tue, 04 Apr 2017 00:00:00 +0000

[Vulnerability] Java Deserialization in Spring Flex

Tue, 04 Apr 2017 00:00:00 +0000

[Vulnerability] Java Deserialization JavaBeans Setter in GraniteDS

Tue, 04 Apr 2017 00:00:00 +0000

[Vulnerability] Java Deserialization JavaBeans Setter XXE in Flamingo amf-serializer

Tue, 04 Apr 2017 00:00:00 +0000

[Vulnerability] Java Deserialization JavaBeans Setter XXE in Flex BlazeDS

Tue, 04 Apr 2017 00:00:00 +0000

[Vulnerability] Java Deserialization XXE in WebORB for Java

Tue, 04 Apr 2017 00:00:00 +0000

[Vulnerability] Arbitrary File Upload in ezPublish

Fri, 25 Nov 2016 00:00:00 +0000

[Vulnerability] SQL Injection in ezPublish

Wed, 05 Oct 2016 00:00:00 +0000

[Vulnerability] Java Deserialization in CrashPlan PROe

Fri, 16 Sep 2016 00:00:00 +0000

[Vulnerability] in Service Manager

Wed, 25 May 2016 00:00:00 +0000

[Blog] Return of the Rhino: An old gadget revisited

Wed, 04 May 2016 21:06:00 +0200

[Blog] Infiltrate 2016 Slidedeck: Java Deserialization Vulnerabilities

Tue, 12 Apr 2016 16:11:00 +0200

[Vulnerability] SQL Injection Path Traversal JSP File Inclusion in Edge Server

Thu, 24 Mar 2016 00:00:00 +0000

[Vulnerability] Java Deserialization in Hyperion

Thu, 17 Mar 2016 00:00:00 +0000

[Blog] Compromised by Endpoint Protection: Legacy Edition

Tue, 23 Feb 2016 14:50:00 +0100

[Vulnerability] in Endpoint Protection

Mon, 22 Feb 2016 00:00:00 +0000

[Blog] Java and Command Line Injections in Windows

Thu, 04 Feb 2016 17:03:00 +0100

[Vulnerability] Arbitrary File UploadDownload in Edge Server

Tue, 05 Jan 2016 00:00:00 +0000

[Vulnerability] Java Deserialization XXE in Service Manager

Fri, 18 Dec 2015 00:00:00 +0000

[Vulnerability] Java Deserialization in Weblogic JMS Client

Wed, 09 Dec 2015 00:00:00 +0000

[Vulnerability] Java Deserialization in WebSphere MQ JMS Client

Tue, 08 Dec 2015 00:00:00 +0000

[Vulnerability] Command Injection in Endpoint Protection Manager

Mon, 16 Nov 2015 00:00:00 +0000

[Vulnerability] Java Deserialization in Endpoint Protection Manager

Mon, 16 Nov 2015 00:00:00 +0000

[Vulnerability] Java Deserialization in Active MQ

Tue, 03 Nov 2015 00:00:00 +0000

[Vulnerability] in Community

Fri, 02 Oct 2015 00:00:00 +0000

[Vulnerability] Java Deserialization Command Injection in Edge Server

Fri, 04 Sep 2015 00:00:00 +0000

[Blog] CVE-2015-3269: Apache Flex BlazeDS XXE Vulnerabilty

Mon, 24 Aug 2015 13:23:00 +0200

[Vulnerability] in Flex BlazeDS

Mon, 24 Aug 2015 00:00:00 +0000

[Vulnerability] Java Deserialization in Bamboo

Fri, 21 Aug 2015 00:00:00 +0000

[Blog] Compromised by Endpoint Protection

Fri, 31 Jul 2015 08:23:00 +0200

[Vulnerability] Authentication Bypass Arbitrary File WriteRead Privilege Escalation Path Traversal SQL Injection Binary Planting in Endpoint Protection

Fri, 31 Jul 2015 00:00:00 +0000

[Vulnerability] SQL Injection in webEdition

Wed, 22 Jul 2015 00:00:00 +0000

[Vulnerability] SQL Injection in WebsiteBaker

Tue, 21 Jul 2015 00:00:00 +0000

[Vulnerability] Java Deserialization in WebLogic Server

Mon, 15 Jun 2015 00:00:00 +0000

[Blog] Reading/Writing files with MSSQL's OPENROWSET

Tue, 09 Jun 2015 15:19:00 +0200

[Blog] CVE-2015-2079: Arbitrary Command Execution in Usermin

Wed, 20 May 2015 14:56:00 +0200

[Vulnerability] Command Execution in Usermin

Wed, 20 May 2015 00:00:00 +0000

[Blog] CVE-2015-0935: PHP Object Injection in Bomgar Remote Support Portal

Fri, 08 May 2015 20:48:00 +0200

[Blog] $@|sh – Or: Getting a shell environment from Runtime.exec

Mon, 09 Mar 2015 09:55:00 +0100

[Blog] Exploiting the hidden Saxon XSLT Parser in Ektron CMS

Mon, 02 Mar 2015 14:54:00 +0100

[Blog] How I could (i)pass your client security

Wed, 25 Feb 2015 16:55:00 +0100

[Vulnerability] Privilege Escalation via named pipe in iPass Open Mobile

Wed, 21 Jan 2015 00:00:00 +0000

[Vulnerability] in Jira