CODE WHITE - FINEST HACKING
Intelligence Driven Security
Initial Assessment
Security Intelligence Service
About us
PUBLIC VULNERABILITY LIST
Insecure NET Remoting in Project Center Server
SSRF NetNTLM Leaks in Tableau Server
Authentication Bypass in AI BOX
...
CAREERS
Challenge
Pentester / Redteamer
Threat Intelligence Analyst
BLOG
Leaking ObjRefs to Exploit HTTP .NET Remoting
Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)
Exploiting ASP.NET TemplateParser — Part I: Sitecore (CVE-2023-35813)
...
>
CODE WHITE - Finest Hacking
>
Credits
>
Florian Hauser
SSRF NetNTLM Leaks in Tableau Server
Authentication Bypass in AI BOX
PreAuthenticated XXE in CCTV with Observer
Unauthenticated Serverside Request Forgery in Skype for Business Server
Unauthenticated Arbitrary File Read as SYSTEM in MCL-Net
Multiple Vulnerabilities Unauthenticated in FortiNAC
Hardcoded Administrative Credentials in TG670 DSL gateway router
Unauthenticated Remote Code Execution in GoAnywhere MFT
Multiple Vulnerabilities in Tornado Server
Unauthenticated Remote Code Execution in pgAdmin Web (Windows)
Unauthenticated XXE in Sophos Mobile
Unauthorized User Registration in Apache Archiva
LowPriv User Stack Buffer Overflow in 2FA in Kerio Connect
Authentication Bypass in R1Soft Server Backup Manager
Unauthenticated Remode Code Execution in gRPC Interfaces in SmarterStats
Unauthenticated Remote Code Execution in Phone Management System
Unauthenticated Remote Code Execution in StoreEver ESL G3 Tape Library
Authentication Bypass Unauthenticated Root Password Reset in Citrix ADM
Unauthenticated Service Shutdown in Citrix ADM
Unauthenticated Remote Code Execution in ACT! CRM
Deserialization Protection Bypass in Exchange 2013/2016/2019
Unauthenticated Remote Code Execution in ADMIRA/AREMA
Unauthenticated Remote Code Execution in TPT
Authenticated XXE in TIBCO JasperReports Server
UnAuthenticated Remote Code Execution in Jedox
Local Privilege Escalation to SYSTEM in Aternity Agent
Several Unauthenticated Remote Code Executions File Reads and Writes in Security Manager
Unauthenticated Remote Code Execution via NET Remoting in SmarterStats
Unauthenticated access to encrypted administration credentials in Dell VxRail
Authenticated Remote Code Execution via unsecure Java deserialization in OpenNMS
Unauthenticated change of system configuration via unprotected Java servlets in ManageEngine ADManager Plus, ManageEngine Cloud Security Plus, ManageEngine Log360, ManageEngine ADAudit Plus, ManageEngine DataSecurity Plus, ManageEngine O365 Manager Plus, ManageEngine RecoveryManager Plus, ManageEngine EventLog Analyzer
Unauthenticated Remote Code Execution via unsecure Java deserialization in HPE Insight Systems Manager
Privilege escalation via unsecure NET deserialization and Process Spoofing in TinyWall
Authenticated Remote Code Execution via unsecure NET deserialization in C1 CMS
Unauthenticated SQLInjection via unprotected Java servlet in ManageEngine OpManager
Java Deserialization in cpanel-dovecot-solr
Authenticated Remote Code Execution via unsecure Java deserialization in FTAPI
Unauthenticated Remote Code Execution via unprotected RMIRegistry in IBM ServRAID
Authenticated file system data exfiltration via SOAP webservice in ILIAS
