Disclosures
Palo Alto Expedition: From N-Day to Full Compromise
On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition ...
CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive
On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA’s Known Exploited Vulnerability ...
NTLM Credential Theft in Python Windows Applications
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach. The post NTLM Credential Theft ...
Traccar 5 Remote Code Execution Vulnerabilities
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach. The post Traccar 5 Remote ...
Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach. The post Exploiting File Read ...
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive
In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I kindly inquired with the PSIRT if I could have access to the ...
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to ...
Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty”
Earlier this year, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent ...
NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To
NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability. The post NextChat: An AI Chatbot That Lets You Talk to Anyone You Want ...
Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If ...
