A bug bounty researcher discovered RCE on an abandoned staging web service via an unauthenticated PUT HTTP method that allowed arbitrary file uploads, enabling PHP web shell deployment and subsequent internal network traversal with privilege escalation through credential reuse and weak security practices.
A brief mention of a $36,000 bug bounty for a remote code execution vulnerability in Google App Engine, but with no technical details provided.
An RCE vulnerability was discovered via Rack's ShowExceptions middleware being enabled in production, which leaked the Rails secret token used to sign cookies. The attacker used this token to forge authenticated cookies and execute arbitrary commands on the server.
A researcher discovered an unauthenticated Apache Solr instance running on a Microsoft subdomain vulnerable to CVE-2019-17558, exploitable via velocity template injection to achieve RCE. The attack requires modifying the params.Resource.Loader.Enabled configuration and then sending a malicious velocity template payload.
Educational article covering file upload vulnerability techniques, attack vectors (such as shell.php.jpg bypasses), and defensive hardening strategies to prevent unauthorized file uploads and remote code execution.
Monthly security patch review covering March 2026 releases from Adobe (80 CVEs across 8 bulletins) and Microsoft (94 CVEs total including third-party updates), with detailed analysis of critical vulnerabilities including Office RCE via Preview Pane, Windows Print Spooler RCE, Excel XSS enabling Copilot data exfiltration, and Windows Graphics elevation-of-privilege bugs.