Technical guide explaining PHP object deserialization vulnerabilities via unserialize(), the gadget chain exploitation technique using phpggc tool, and a real-world case study of exploiting an ebooks webshop's PRODUCTHISTORY cookie containing serialized data.
Assetnote discovered and demonstrated a zero-day remote code execution vulnerability affecting Mozilla's AWS network infrastructure. The article appears to be a landing page for Assetnote's security research capabilities rather than detailed technical analysis.
Two vulnerabilities discovered in Magento allowing remote code execution and local file read with low-privilege admin accounts: the first exploits path traversal in product design layout XML to execute arbitrary PHP code via custom product option file uploads, and the second leverages path traversal in email template CSS directives to read arbitrary files.
A researcher discovered a zero-day Server-Side Template Injection (SSTI) vulnerability in the Handlebars template engine used in Shopify's Return Magic app, achieving Remote Code Execution by exploiting Object.prototype methods and the Function constructor to bypass sandbox restrictions. The exploit leverages the 'with' helper and Object.prototype.defineProperty() to inject arbitrary code through email workflow templates.
A researcher discovered an RCE vulnerability on ASUS's RMA portal by bypassing front-end file upload restrictions and uploading an ASP webshell to the predictable /uploads directory on Microsoft-IIS 8.5. The vulnerability was disclosed responsibly and eventually patched, though ASUS's response was slow and the researcher reported poor communication from the vendor.
A DevOps engineer discovered unauthenticated remote code execution as root on exposed Marathon instances by leveraging the task scheduling API to execute arbitrary commands. The vulnerability exploits the lack of authentication on Marathon's HTTP interface combined with the platform's ability to execute arbitrary bash commands through scheduled tasks.
A path traversal vulnerability in GitHub Desktop's x-github-client:// URI scheme handler allowed arbitrary code execution on macOS by opening malicious application bundles from a cloned repository without user interaction or Gatekeeper validation. The vulnerability was patched in GitHub Desktop v1.3.4.
Article discussing two remote code execution vulnerabilities in Microsoft SharePoint. The content appears to be a blog index or archive page listing various security research posts by the author.
An unauthenticated remote code execution vulnerability in Dell KACE K1000 Systems Management Appliance (version 6.3.113397 and earlier) exists in the /service/krashrpt.php endpoint, which fails to properly sanitize the kuid and name parameters before passing them to shell commands, allowing arbitrary code execution on the appliance and potentially all managed client endpoints. The vulnerability was silently patched by Dell in version 6.4 SP3 (6.4.120822) under bug ID K1-18652.
A researcher discovered a critical RCE vulnerability in Sucuri's server-side scanner caused by explicitly disabled SSL certificate verification (CURLOPT_SSL_VERIFYPEER=false), allowing MiTM attackers to inject arbitrary PHP code. The disclosure reveals how Sucuri mishandled the bug bounty report, downplaying the severity despite the researcher proposing multiple remediation options.
A critical remote code execution vulnerability was discovered in PayPal's manager.paypal.com through unsafe Java object deserialization in the 'oldFormData' parameter, exploitable via the Commons Collections gadget chain and ysoserial tool to execute arbitrary OS commands and access production databases. The vulnerability was reported in December 2015 and patched by PayPal's security team.
Research demonstrating a complete RCE attack chain on DeskPro helpdesk software through multiple chained vulnerabilities: insufficient API access control (leaking JWT secrets and admin config), and insecure deserialization in the template editor. The exploit was demonstrated against Bitdefender's support center, achieving remote code execution from an unauthenticated user registration.
A Jenkins instance was found vulnerable to RCE due to improper access control, allowing unauthenticated users to gain admin access via GitHub OAuth and execute arbitrary Groovy scripts. The vulnerability was discovered during subdomain enumeration and responsibly disclosed to the organization's CTO.
A researcher discovered an unauthenticated Apache Solr instance running on a Microsoft subdomain vulnerable to CVE-2019-17558, exploitable via velocity template injection to achieve RCE. The attack requires modifying the params.Resource.Loader.Enabled configuration and then sending a malicious velocity template payload.
A bug bounty researcher discovered RCE on an abandoned staging web service via an unauthenticated PUT HTTP method that allowed arbitrary file uploads, enabling PHP web shell deployment and subsequent internal network traversal with privilege escalation through credential reuse and weak security practices.
A researcher discovered a sandbox escape vulnerability in HackerEarth's Theia IDE that allowed remote code execution by accessing the disabled terminal through VS Code's 'Task: Run selected text' command. The exploit enabled reading AWS credentials, SSL certificates, and other sensitive system files from the underlying infrastructure.
An RCE vulnerability was discovered via Rack's ShowExceptions middleware being enabled in production, which leaked the Rails secret token used to sign cookies. The attacker used this token to forge authenticated cookies and execute arbitrary commands on the server.
DuoLingo's TinyCards Android app was vulnerable to content injection attacks due to loading initial web content over unencrypted HTTP instead of HTTPS, allowing MITM attackers to inject arbitrary JavaScript and achieve code execution within the WebView. The vulnerability was fixed in version 1.0 (version code 10) released November 20, 2017.
Veeam patched four critical RCE vulnerabilities in Backup & Replication (CVE-2026-21666, CVE-2026-21667, CVE-2026-21669, CVE-2026-21708) allowing low-privileged users and Backup Viewer accounts to execute remote code, plus multiple high-severity privilege escalation and credential extraction flaws. Patches released in versions 12.3.2.4465 and 13.0.1.2067 as VBR is commonly targeted by ransomware gangs for lateral movement and backup destruction.
Two critical vulnerabilities in n8n workflow automation platform allow remote code execution via expression sandbox escape (CVE-2026-27577, CVSS 9.4) and unauthenticated credential exposure (CVE-2026-27493, CVSS 9.5). Both flaws have been patched.
Microsoft released patches for 84 vulnerabilities in its March Patch Tuesday cycle, including 8 critical-severity flaws and 2 publicly disclosed zero-days. The majority of patched issues involve privilege escalation (46) and remote code execution (18).