Vulnerability Disclosure & LG Electronics
30 - 09 - 2019
[ sql , lge , disclosure ]

Vulnerability disclosure & how NOT to handle it, featuring LG electronics.




The Year of Linux on the Desktop (CVE-2019-14744)
11 - 08 - 2019
[ kde , code execution ]

KDE Frameworks (kf5/kdelibs) < 5.61.0 is vulnerable to a command injection vulnerability (CVE-2019-14744) in the KConfig class. This post goes over how I found it along with a brief analysis.




Axway SecureTransport 5.x XML Injection / XXE
21 - 07 - 2019
[ xml , xxe , ssrf ]

Axway SecureTransport versions 5.3 through 5.0 (and potentially others) are vulnerable to an unauthenticated blind XML injection (& XXE) vulnerability.




Fun With Custom URI Schemes
22 - 05 - 2019
[ uri , rce ]

Take a look into how custom URI schemes can be used to leverage underlying vulnerabilities in applications.




A Questionable Journey From XSS to RCE
13 - 05 - 2019
[ xss , rce ]

Electronic Arts' Origin Client suffered from a vulnerability that allowed attackers to leverage remote code execution... all because of a simple content injection issue.