cve 41

• 👩‍💻IW Weekly #133: Tools For Recon, Sandbox Bypass in Chromium Browser, Zendesk Vulnerability, CVE-2024-23113, SAML XPath Confusion, AI-Powered 403 Bypassers and many more… Oct 21, 2024
• 👩‍💻IW Weekly #129: Google VRP Blog, CVE-2024-29847 Exploit, Hotstar Hacked, Bug Bounty Tips, OSINT Explained, and many more… Sep 23, 2024
• 👩‍💻IW Weekly #119: Universal Code Execution, Evernote RCE, Multiple ServiceNow CVEs, Escalating XSS Using Password Managers, DOMPurify Bug, CSS Injections and many more… Jul 15, 2024
• 👩‍💻IW Weekly #114: 4-Step Bug Hunting Methodology, CVE-2024-4358, Reflector, Bypass SSL Pinning, GraphQL API Vulnerabilities and many more… Jun 10, 2024
• Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973) May 27, 2024
• 👩‍💻IW Weekly #110: GitHub Actions Cache Poisoning, CVE-2024-0200, Relative Path File Injection, Hacking Apple, Hacking Microsoft's AI bot and many more… May 13, 2024
• 👩‍💻IW Weekly #107: CVE-2024-0333, $50,000 for hacking Google A.I, Auth-Bypass via Response Tampering, HTTP Request smuggling case study, Telegram RCE and many more… Apr 22, 2024
• 👩‍💻IW Weekly #101: CSP Bypass using formaction attribute, 200 hours of hacking to $20K, CVE-2024-1403 analysis, Necessity of DevSecOps, Use of Github Actions to Bypass Microsoft Entra Smart Lockout and many more… Mar 11, 2024
• Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140) Feb 4, 2024
• 👩‍💻IW Weekly #95: From Rook to XSS, CVE-2023-5480, Response Manipulation to Privilege Escalation, Top 10 Web Hacking Techniques for 2023, Unicode Escape Handling in Java and many more… Jan 29, 2024
• 👩‍💻IW Weekly #93: GitLab Critical Fixes, Google Info-Stealers, Sandwich Attack, CVE-2023-7028, IDN Homograph Attack, IrisCTF24 Challenges and many more… Jan 15, 2024
• 👩‍💻IW Weekly #90: Django Debug Mode, Attacking The Rsync Service, DOM XSS to Stored XSS, CVE-2022-2216, Hacking AWS & Kubernetes, Twitter’s XSS + CSRF Leads to Account Takeover and many more… Dec 18, 2023
• 👩‍💻IW Weekly #86: CVE-2023-46729, Hacked Google’s Bug Tracking System, Outsmarting AI Models, Sandbox Escaping, Self-Redirect to XSS, Critical 0-day XXE to SSRF and many more… Nov 20, 2023
• 👩‍💻IW Weekly #84: DOM-based race condition, Bypassing Android Debug and root detection, F5-BIG-IP CVE-2023-46747, SQL injection on admin login , Hacking HP monitor display, Analyzing Metamask snaps and many more… Nov 6, 2023
• Hacking HP Display Monitors via Monitor Control Command Set (CVE-2023-5449) Oct 31, 2023
• 👩‍💻IW Weekly #83: CVE-2023-4966, Address Bar Spoofing, SQLi to NTLM, Okta Breach, UPI Security, PII via Frontend Authentication Redirects and many more… Oct 30, 2023
• Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 Oct 23, 2023
• 👩‍💻IW Weekly #81: Chrome SOP Bypass, Unauthorized access to Admin panel, Access to Instagram’s private posts, Looney Tunable Linux Privilege escalation [CVE-2023-4911], NoSQL injections and many more… Oct 16, 2023
• Bug Bytes #213 – Hacking a Prison, XSS on steroids, CAIDO free for students and Bogus CVEs Oct 4, 2023
• RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044) Oct 3, 2023
• 👩‍💻IW Weekly #79: RCE in Google Chrome, CVE-2023-40044, OIDC misconfiguration to ATO, accessing millions of call recordings and many more.. Oct 2, 2023
• 👩‍💻IW Weekly #77: Azure AD privilege escalation, CVE-2022-3910, Web Cache deception attack, GraphQL enumeration techniques, IDOR and many more.. Sep 18, 2023
• Advisory: Flarum LFI - CVE-2023-40033 Aug 27, 2023
• 👩‍💻IW Weekly #73: ATO in Shopify Stores, CVE-2023-36809, Risks in Cross-Chain Bridges, Bypassing Firewalls, Hacking iOS Apps, Uncovering Zenbleed and many more.. Aug 21, 2023
• Finding and Exploiting Citrix NetScaler Buffer Overflow (CVE-2023-3519) (Part 3) Aug 8, 2023
• 👩‍💻IW Weekly #70: NFT Bridge Vulnerability, CVE-2023-3519 Deep Analysis, RCE in Huawei Theme Manager, Preauth RCE in Metabase, Chaining Bugs for Session Hijack and many more.. Jul 31, 2023
• 👩‍💻IW Weekly #69: OpenSSH RCE, Xamarin Applications Reverse Engineering, Puzzled XSS, CVE-2023-3519 analysis, XSS and CORS bypass and many more.. Jul 24, 2023
• Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2) Jul 24, 2023
• Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) Jul 22, 2023
• Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway Jul 21, 2023
• Advisory: Metabase Pre-Auth RCE (CVE-2023-38646) Jul 21, 2023
• Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed Jul 19, 2023
• 👩‍💻IW Weekly #68: Account Takeover using Custom OTP, CVE-2023-36934, Investigating EC2 , XSS in hidden inputs , macOS user's real name brute-forced with mDNS and many more.. Jul 17, 2023
• Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489) Jul 4, 2023
• Advisory: ShareFile Pre-Auth RCE (CVE-2023-24489) Jul 3, 2023
• CVE-2022-21703: cross-origin request forgery against Grafana Feb 8, 2022
• All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646) Oct 22, 2021
• All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035) Sep 29, 2021
• Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) Jun 29, 2021
• Analysis of CVE-2019-14994 - Jira Service Desk Path Traversal leads to Massive Information Disclosure Sep 26, 2019
• Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144) Feb 7, 2015