| 110 | A deep-dive on Pluck CMS vulnerability CVE-2023-25828 |
Unrestricted file upload
RCE
Security code review |
Pluck CMS |
Matthew Hogg |
Bug Bounty | 2023-05-08 | 2023-06-13 |
| 109 | PwnAssistant - Controlling /home%27s Via A Home Assistant RCE |
Authentication bypass
RCE
Security code review
IoT |
Home Assistant |
elttam (@elttam) |
Bug Bounty | 2023-05-09 | 2023-06-13 |
| 104 | Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3 |
RCE
Authorization bypass
Security code review |
Sitecore |
Dylan Pindur |
Bug Bounty | 2023-05-10 | 2023-06-13 |
| 94 | Pimcore: One click, two security vulnerabilities |
Path traversal
SQL injection
Arbitrary file write
RCE
Security code review |
Pimcore |
Yaniv Nizry (@YNizry) |
Bug Bounty | 2023-05-15 | 2023-06-13 |
| 87 | Unauthenticated Remote Command Execution in Multiple WAGO Products |
RCE
OS command injection
Security code review |
WAGO |
Quentin Kaiser (@QKaiser) |
Bug Bounty | 2023-05-16 | 2023-06-13 |
| 86 | Hardcore RCE via directory name for $3.000 |
RCE
OS command injection
Security code review |
NA |
Lev Shmelev |
Bug Bounty | 2023-05-16 | 2023-06-13 |
| 34 | RCE via LDAP truncation on hg.mozilla.org |
RCE
LDAP truncation
Security code review |
Mozilla |
joernchen (@joernchen) |
Bug Bounty | 2023-06-03 | 2023-06-13 |
| 26 | Storing Passwords - A Journey Of Common Pitfalls |
Pass-the-Hash
Authentication flaw
Security code review |
STARFACE |
RedTeam Pentesting (@RedTeamPT) |
Bug Bounty | 2023-06-05 | 2023-06-13 |
| 22 | SSD Advisory – Roundcube MarkAsJunk RCE |
RCE
OS command injection
Security code review |
Roundcube |
Selim Enes Karaduman (@Enesdex) |
Bug Bounty | 2023-06-06 | 2023-06-13 |
