Disclosures
Filter Content:
Categories:
Tags:
January 13, 2025 | Attack Blogs, Disclosures
SimpleHelp remote support software is susceptible to critical vulnerabilities that could allow full takeover of SimpleHelp servers. Users of SimpleHelp…
October 9, 2024 | Attack Blogs, Disclosures
On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset…
September 25, 2024 | Attack Blogs, Disclosures
On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code…
August 23, 2024 | Attack Blogs, Disclosures
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces…
August 23, 2024 | Attack Blogs, Disclosures
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces…
June 14, 2024 | Attack Blogs, Disclosures
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces…
May 28, 2024 | Attack Blogs, Disclosures
In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I…
May 20, 2024 | Attack Blogs, Disclosures
In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet…
March 14, 2024 | Attack Blogs, Disclosures
Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt…
March 11, 2024 | Attack Blogs, Disclosures
NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.
