Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
1529Finding vulnerabilities in Swiss Post%27s future e-voting system - Part 2 Insecure deserialization Cryptographic issues NA Ruben Santamarta (@reversemode) Bug Bounty2022-05-222023-06-13
1506From open redirect to RCE in one week Open redirect SSRF Insecure deserialization LFI RCE Mail.ru byq (@ByQwert) Bug Bounty2022-05-312023-06-13
1434Miracle - One Vulnerability To Rule Them All Insecure deserialization SSRF RCE Oracle Nguyễn Tiến Giang (@testanull) Bug Bounty2022-06-232023-06-13
1418Bypassing .NET Serialization Binders Insecure deserialization RCE Microsoft Markus Wulftange (@mwulftange) Bug Bounty2022-06-282023-06-13
1374Netwrix Auditor Advisory Insecure deserialization Netwrix Jordan Parkin Bug Bounty2022-07-132023-06-13
1342SSD Advisory – Microsoft SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE Insecure deserialization RCE Microsoft Alex Birnberg (@alexbirnberg) Bug Bounty2022-07-192023-06-13
1338Riding The Inforail To Exploit Ivanti Avalanche RCE Insecure deserialization Race condition Authentication bypass Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2022-07-192023-06-13
1205Fishbowl Disclosure: CVE-2022-29805 Insecure deserialization Fishbowl Michael Rand Bug Bounty2022-08-182023-06-13
1204Trust Me, I’m a Robot: Can We Trust RPA With Our Most Guarded Secrets? Robotic Process Automation Insecure deserialization SQL injection MiTM Blue Prism Nimrod Stoler (@n1mr0d5) Bug Bounty2022-08-182023-06-13
1100Riding The Inforail To Exploit Ivanti Avalanche Part 2 RCE Insecure deserialization Path traversal Authentication bypass Unrestricted file upload Arbitrary file write Arbitrary file read Ivanti Piotr Bazydło (@chudyPB) Bug Bounty2021-09-082023-06-13
994CVE-2022-41343 RCE Insecure deserialization Phar deserialization dompdf Tanto Security team (@TantoSecurity) Bug Bounty2022-10-062023-06-13
981VMware vCenter Server Platform Services Controller Unsafe Deserialization vulnerability Insecure deserialization Security code review VMware Marcin %27Icewall%27 Noga (@_Icewall) Bug Bounty2022-10-102023-06-13
944PHP Filters Chain: What Is It And How To Use It Insecure deserialization PHP filter chain Laravel Rémi Matasse (@_remsio_) Bug Bounty2022-10-182023-06-13
941Remote Code Execution in Melis Platform RCE Path traversal Insecure deserialization Security code review Melis Platform Karim El Ouerghemmi Bug Bounty2022-10-182023-06-13
910Eat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager RCE Insecure deserialization Security code review VMware Sina Kheirkhah (@SinSinology) Bug Bounty2022-10-252023-06-13
783Multiple vulnerabilities in H2O ≤ 3.32.1.3 Insecure deserialization RCE Arbitrary file read Security code review H2O Clément Amic Bug Bounty2022-11-232023-06-13
673From PostAuth RCE to PreAuth RCE on Liferay Portal RCE Insecure deserialization NA RV Sharma Bug Bounty2022-12-202023-06-13
551CVE from 2018 Strikes Again RCE Insecure deserialization Thick client NA Colin McQueen Bug Bounty2023-01-232023-06-13
521Unserializable, But Unreachable: Remote Code Execution On vBulletin RCE Insecure deserialization Security code review vBulletin Charles Fol (@cfreal_) Bug Bounty2023-01-312023-06-13
508Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails RCE Security code review Missing authentication Insecure deserialization IBM Maxwell Garrett (@TheGrandPew) Bug Bounty2023-02-022023-06-13
493GoAnywhere MFT - A Forgotten Bug Insecure deserialization Security code review Fortra (GoAnywhere) Florian Hauser (@frycos) Bug Bounty2023-02-062023-06-13
479Pwn2Owning Two Hosts At The Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization Insecure deserialization RCE Security code review Inductive Automation Ignition Piotr Bazydło (@chudyPB) Bug Bounty2023-02-082023-06-13
413Unauthenticated RCE in Goanywhere Insecure deserialization RCE Security code review Fortra (GoAnywhere) Youssef Muhammad (@yosef0x1) Bug Bounty2023-02-222023-06-13
378CVE-2022-38108: RCE In Solarwinds Network Performance Monitor Insecure deserialization RCE Security code review SolarWinds Piotr Bazydło (@chudyPB) Bug Bounty2023-02-282023-06-13
370Introducing Aladdin Insecure deserialization Microsoft (Windows) Lefteris Panos (@lefterispan) Bug Bounty2023-03-012023-06-13