Dradis, a widely used documentation tool among penetration testers for creating and managing penetration testing reports, is vulnerable to an issue that allows an authenticated user to trigger a Net-NTLM authentication request from fellow users, if they visit a prepared issue/evidence in a Dradis project. This vulnerability could potentially impact any internal web application where […]
Category Archives: Security
CVE-2023-50458 is an information disclosure vulnerability identified in Dradis Pro and Dradis Community editions. Dradis, a widely used documentation tool among penetration testers for creating and managing penetration testing reports, was affected by this vulnerability. The issue was resolved in version 4.11.0.
This blog post walks you into the discovery of CVE-2022-43747 in baramundi Management Agent (bMA). CVE-2022-43747 is a buffer overflow vulnerability, which allows an attacker to achieve remote code execution when a certain condition is met. In this post I will demonstrate how I have discovered the vulnerability, what condition is required for code execution […]
baramundi Management Agent (bMA), a module of baramundi Management Suite (bMS) is affected by a buffer overflow vulnerability. An attacker could potentially exploit the vulnerability to crash the affected module, or achieve remote code execution when a certain condition is met.
CVE-2022-44654 is assigned to a weakness that I have discovered in the User-Mode Hooking (UMH) Monitoring Engine module of Trend Micro Apex One and Apex One as a Service. This module, which helps to monitor for malicious payloads on Windows by injecting itself into each user-mode process and hooking certain Windows APIs, is missing an […]
“Update Manager” v1.2.1.0 (and possibly earlier), a software component from otris software AG used by multiple otris applications, e.g. otris Privacy, to facilitate updating otris products; allows attackers, to escalate their privileges on Windows systems to SYSTEM (highest permissions on Windows), by exploiting a vulnerability in the aforementioned software.
I have always been fascinated by fat client applications and I believe this goes back almost 20 years ago to when I was a teenager with a computer and a passion to learn, and I still am, passionate to learn 🙂 My start was with HTML and Assembly, an odd combination I admit, but that […]
I started ticking differently after taking on the Corelan Advanced Win32 Exploit Development training last month at BruCON 0x0B. I am very delighted and excited about that, and looking forward to putting the new experience to more practical use. A NULL-pointer dereference According to Wikipedia¹: The program can potentially dereference a null pointer, thereby raising […]
Mooltipass is a hardware-based password manager that is simple to use and provides an added layer of security (say no more to passwords-reuse). The passwords that are stored on the device are encrypted with AES-256, where the encryption key is stored on an external card, that works as a 2FA-token. The key on the card […]