A researcher discovered a critical RCE vulnerability in Sucuri's server-side scanner caused by explicitly disabled SSL certificate verification (CURLOPT_SSL_VERIFYPEER=false), allowing MiTM attackers to inject arbitrary PHP code. The disclosure reveals how Sucuri mishandled the bug bounty report, downplaying the severity despite the researcher proposing multiple remediation options.
A researcher discovered remote code execution in HubSpot's template engine by exploiting expression language injection in HubL, using reflection to access javax.script.ScriptEngineManager and the Nashorn JavaScript engine to execute arbitrary code. The vulnerability arose from unsafe method calls allowed in the Jinjava-based template parser, which permitted access to Java reflection APIs despite blocking direct access to Runtime and System classes.
Article discussing two remote code execution vulnerabilities in Microsoft SharePoint. The content appears to be a blog index or archive page listing various security research posts by the author.
A path traversal vulnerability in GitHub Desktop's x-github-client:// URI scheme handler allowed arbitrary code execution on macOS by opening malicious application bundles from a cloned repository without user interaction or Gatekeeper validation. The vulnerability was patched in GitHub Desktop v1.3.4.
A DevOps engineer discovered unauthenticated remote code execution as root on exposed Marathon instances by leveraging the task scheduling API to execute arbitrary commands. The vulnerability exploits the lack of authentication on Marathon's HTTP interface combined with the platform's ability to execute arbitrary bash commands through scheduled tasks.
A researcher discovered an RCE vulnerability on ASUS's RMA portal by bypassing front-end file upload restrictions and uploading an ASP webshell to the predictable /uploads directory on Microsoft-IIS 8.5. The vulnerability was disclosed responsibly and eventually patched, though ASUS's response was slow and the researcher reported poor communication from the vendor.
Assetnote discovered and demonstrated a zero-day remote code execution vulnerability affecting Mozilla's AWS network infrastructure. The article appears to be a landing page for Assetnote's security research capabilities rather than detailed technical analysis.
A researcher discovered a zero-day Server-Side Template Injection (SSTI) vulnerability in the Handlebars template engine used in Shopify's Return Magic app, achieving Remote Code Execution by exploiting Object.prototype methods and the Function constructor to bypass sandbox restrictions. The exploit leverages the 'with' helper and Object.prototype.defineProperty() to inject arbitrary code through email workflow templates.
Two vulnerabilities discovered in Magento allowing remote code execution and local file read with low-privilege admin accounts: the first exploits path traversal in product design layout XML to execute arbitrary PHP code via custom product option file uploads, and the second leverages path traversal in email template CSS directives to read arbitrary files.