Posts

• October 5, 2021 CVE-2021-43136 - FormaLMS - The evil default value that leads to Authentication Bypass
• July 9, 2021 SA-CONTRIB-2021-036 - Privilege escalation via XML Signature Wrapping on Miniorange Drupal plugin
• June 14, 2020 Matrix Synapse 1.12.3 - SSRF and Cache poisoning
• December 14, 2018 CVE-2018-20139 - Daikin Emura Series - Arbitrary Remote Control via DNS Rebinding
• January 3, 2018 Facebook chat / dashboard content injection