CODE WHITE - FINEST HACKING
Intelligence Driven Security
Initial Assessment
Security Intelligence Service
About us
PUBLIC VULNERABILITY LIST
Unauthenticated Remote Code Execution in Backup & Replication
Unauthenticated Content Injection in OpenEdge Management
Accessible Logs in Spectrum
...
CAREERS
Challenge
Pentester / Redteamer
Threat Intelligence Analyst
BLOG
Teaching the Old .NET Remoting New Exploitation Tricks
Leaking ObjRefs to Exploit HTTP .NET Remoting
Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)
...
>
CODE WHITE - Finest Hacking
>
Credits
>
Markus Wulftange
UnknownTypeResolver Insecure Type Resolution in Report Server
UnknownTypeResolver Insecure Type Resolution in Reporting
Insecure NET Remoting in Project Center Server
HTTP NET Remoting ObjRef Leak in .NET Framework
JNDI Injection in Pentaho Business Analytics Server
Security Feature Bypass Vulnerability in ASP.NET
SPPageparserFilter Bypass in SharePoint
Data Source Protection Bypass During XML Deserialization in DevExpress
Exposed Dangerous Method or Function in Experience Manager, Experience Platform, and Experience Commerce
Insecure Arbitrary TypeConverter Conversion in DevExpress
Missing Protection of XtraReport Serialized Data in ASPNET Web Forms in DevExpress
ServerSide Request Forgery Via AsyncDownloader in DevExpress
Deserialization of Untrusted Data in Pentaho Business Analytics Server
RequestDispatcher Local File Inclusion in ZK Framework
NET Deserialization in Cerberus DSM, Desigo CC, Desigo CC Compact
Arbitrary File Reading via Hardcoded Crypto Key in Storefront
Path Traversal in ShareFile StorageZone Controller
NET Deserialization via NET Remoting in Backup & Replication
Various vulnerabilities file read file write SQL injection XSL transformation DataSet deserialization in Protean CMS
Java Deserialization in WebLogic Server
Java Deserialization in WebLogic Server
Arbitrary File Read in Spring Web MVC
Java Deserialization in Portal
Arbitrary File Upload in Telerik UI for Silverlight
in SmarterMail
Java Deserialization in FortiSIEM
Authentication Bypass Path Traversal in ASES
Path Traversal in Telerik MVC
Privilege escalation via unsecure NET deserialization and Process Spoofing in TinyWall
Java Deserialization in 300 People
Mitigation Bypass in Telerik UI for Ajax ASP.NET
NET Deserialization in myLittleAdmin
Path Traversal Unauthenticated Socks5 Proxy in MailEnable
Java Deserialization in cpanel-dovecot-solr
NET Deserialization in
Java Deserialization in Secure Global Desktop
XXE in SyncML XXE in Keyoti RapidSpell in SmarterMail
NET Deserialization in CribMaster
NET Deserialization in Telerik UI for Ajax ASP.NET
NET Deserialization in DevExpress
NET Deserialization in Managed Workplace RMM
EL Injection in RichFaces
EL Injection in RichFaces
NET Deserialization in Genuine Channels
Java Deserialization in GWT
NET Deserialization in
El Injection in
Java Deserialization in
Java Deserialization in Jira
Java Deserialization in Spring Flex
Java Deserialization JavaBeans Setter in GraniteDS
Java Deserialization JavaBeans Setter XXE in Flamingo amf-serializer
Java Deserialization JavaBeans Setter XXE in Flex BlazeDS
Java Deserialization XXE in WebORB for Java
Arbitrary File Upload in ezPublish
SQL Injection in ezPublish
Java Deserialization in CrashPlan PROe
in Service Manager
SQL Injection Path Traversal JSP File Inclusion in Edge Server
Arbitrary File UploadDownload in Edge Server
Java Deserialization XXE in Service Manager
Command Injection in Endpoint Protection Manager
in Community
Java Deserialization Command Injection in Edge Server
Authentication Bypass Arbitrary File WriteRead Privilege Escalation Path Traversal SQL Injection Binary Planting in Endpoint Protection
SQL Injection in webEdition
SQL Injection in WebsiteBaker
in Jira
NET Deserialization in Skype for Business
PHP Deserialization in Remote Support Portal