Bug in Laravel. Disassembling an exploit that allows RCE in a popular PHP framework
Secret of the widget. Exploiting a new severe vulnerability in vBulletin
Security hole in BIG-IP. Exploiting a new vulnerability in F5 products
Holes in the hole. Vulnerabilities in Pi-hole allow to seize control over Raspberry Pi
Ghostcat. How to exploit a new RCE vulnerability in Apache Tomcat
This article addresses a vulnerability in Apache Tomcat that enables the attacker to read files on the server and, under certain conditions, execute arbitrary code. The problem lies in the implementation of the AJP protocol used to communicate with a Tomcat server. Most importantly, the attacker does not need any rights in the target system to exploit this vulnerability.
DoS attacks on ModSecurity: Exploiting critical bug in popular WAF
A critical vulnerability resulting in a denial-of-service error has been recently discovered in ModSecurity, a popular web application firewall (WAF) for Apache, IIS, and Nginx. The bug is truly severe: not only does the library stop working, but applications using it as well. Let’s see what was the mistake of the ModSecurity developers and how we, ethical hackers, can exploit this vulnerability in our penetration tests.