Microsoft Exchange Server-Side Forgery Request (Proxylogin)
Read this write-up on CVE-2021-26855 to understand how it works, how it impacts systems and users, and how to mitigate the threat.
“DIRTY PIPE” LINUX LOCAL PRIVILEGE ESCALATION [CVE-2022-0847]
This blog explains how a Linux local privilege escalation vulnerability, plus a proof of concept on how to exploit it.
Critical RCE vulnerability in F5 BIG-IP [CVE-2022-26352]
An unauthenticated Remote Code Execution Vulnerability in the iControl REST component of BIG-IP tracked as CVE-2022-1388.
Critical RCE in dotCMS Content Management Software
By performing a directory traversal attack during file upload a pre-auth RCE vulnerability was found in DotCMS. It allows an attacker to execute server-level commands on the underlying system.
AWS Lambda Command Injection
The attack comprises of performing command injection vulnerability in Lambda Functions in order to steal the AWS keys and access AWS resources as the stolen keys of the IAM role.
PwnKit: Local Privilege Escalation Vulnerability
A deepdive into a vulnerability and exploit that utilizes the insecure "pkexec" program which allows a local user to get root access on the vulnerable system.