Hacker News
- Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine https://www.ambionics.io/blog/iconv-cve-2024-2961-p1 11 comments
- Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine https://www.ambionics.io/blog/iconv-cve-2024-2961-p1 9 comments php
- Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1) https://www.ambionics.io/blog/iconv-cve-2024-2961-p1 2 comments netsec
- Unserializable, but unreachable: Remote Code Execution on vBulletin https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable 5 comments netsec
- Blind exploits to rule WatchGuard firewalls: pre-auth RCE as root on WG appliances https://www.ambionics.io/blog/hacking-watchguard-firewalls 2 comments netsec
- PHP-FPM (PHP's FastCGI server) local root vulnerability (NGINX, Apache) https://www.ambionics.io/blog/php-fpm-local-root 29 comments netsec
- Laravel <= v8.4.2 debug mode: Remote code execution https://www.ambionics.io/blog/laravel-debug-rce 10 comments php
- Breaking PHP's mt_rand() with 2 values and no bruteforce https://www.ambionics.io/blog/php-mt-rand-prediction 14 comments netsec
- Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi https://www.ambionics.io/blog/magento-sqli 4 comments netsec
- Exploiting Drupal8's REST RCE (SA-CORE-2019-003, CVE-2019-6340) https://www.ambionics.io/blog/drupal8-rce 9 comments netsec
- PrestaShop 1.6 Privilege Escalation (CVE-2018-13784) https://www.ambionics.io/blog/prestashop-privilege-escalation 15 comments netsec
- Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce 23 comments netsec
- TYPO3 News module SQL Injection, affecting 60k websites https://www.ambionics.io/blog/typo3-news-module-sqli 5 comments netsec
- Drupal 7.x Services module unserialize() to RCE https://www.ambionics.io/blog/drupal-services-module-rce 12 comments netsec