← Find more feeds

blog.assetnote.io

Assetnote

Get the latest updates from Assetnote directly as they happen.

Follow now 40 followers

Latest posts

Last updated over 1 year ago

Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera

about 2 years ago

If you work in the hospitality industry, it’s quite likely that you...

Read full

Advisory: Oracle Opera Pre-Auth RCE (CVE-2023-21932)

about 2 years ago

Summary An attacker can obtain the JNDI connection name through servlets that...

Read full

Finding XSS in a million websites (cPanel CVE-2023-29489)

about 2 years ago

cPanel is a web hosting control panel software that is deployed widely...

Read full

Advisory: Reflected Cross-Site Scripting in cPanel (CVE-2023-29489)

about 2 years ago

Summary A reflected cross-site scripting vulnerability can be exploited without any authentication...

Read full

Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails

over 2 years ago

Introduction Many enterprise organizations that deal with large amounts of data that...

Read full

RCE in Avaya Aura Device Services

over 2 years ago

For those who haven’t had the pleasure, Avaya Aura is a (rather...

Read full

Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI

over 2 years ago

Introduction At Assetnote, we often audit enterprise software source code to discover...

Read full

Exploiting Static Site Generators: When Static Is Not Actually Static

over 2 years ago

Over the last ten years, we have seen the industrialization of the...

Read full

Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)

over 2 years ago

Introduction Methodology Exploitation But why does this work Vendor Response Remediation Advice...

Read full

Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)

almost 3 years ago

TL;DR Jira is vulnerable to SSRF which requires authentication to exploit. There...

Read full

Advisory: Server Side Request Forgery in Jira Server (CVE-2022-26135)

almost 3 years ago

Summary Jira Core & Jira Service Desk are vulnerable to server-side request...

Read full

Chaining vulnerabilities to criticality in Progress WhatsUp Gold

almost 3 years ago

Introduction Once in a while, you come across the perfect storm of...

Read full

Or log in

Everything you care about in one place

Assetnote

Latest posts

Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera

Advisory: Oracle Opera Pre-Auth RCE (CVE-2023-21932)

Finding XSS in a million websites (cPanel CVE-2023-29489)

Advisory: Reflected Cross-Site Scripting in cPanel (CVE-2023-29489)

Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails

RCE in Avaya Aura Device Services

Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI

Exploiting Static Site Generators: When Static Is Not Actually Static

Breaking Bitbucket: Pre Auth Remote Command Execution (CVE-2022-36804)

Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)

Advisory: Server Side Request Forgery in Jira Server (CVE-2022-26135)

Chaining vulnerabilities to criticality in Progress WhatsUp Gold

Try Feeder for free