with the classes that are in the whitelist and thus accepted by the
application. Instead of sending a gadget chain containing classes not
familiar to the application, the idea is to modify the existing
serialized objects that are used by the application during normal
operations.
At Red Timmy Securi
GitHub:
https://github.com/redtimmy/Richsploit
Regards,
Red Timmy Security
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Hi,
we have recently registered five CVE(s) affecting the Oce Colorwave 500
printer.
CVE-2020-10669 is an authentication bypass allowing an attacker to
access documents that have been uploaded to the printer. As the
documents remain stored in the system even after they have been printed
(dep
Hi,
early last autumn we have conducted an assessment on MicroStrategy
Intellitence Server & Web 10.4, that brought to the discovery of six
different vulnerabilities and recently at the registration of a total of
five CVE(s).
CVE-2020-11450 - Information Disclosure in Axis2 Happiness Page
Mic
Original post:
https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/
SUMMARY
Apache Tomcat is affected by a Java deserialization vulnerability, if
the PersistentManager is configured as session manager. Successful
exploitation requires t
Hi
we have published the part 3 of "How to hack a company by circumventing
its WAF for fun and profit". We basically show how the usage of a single
character can be abused to skip common checks performed at layer 7 by
network devices and security appliances.
Also another case where F5 Big-IP
Pulse Secure is recognized among the top 10 Network Access Control (NAC)
vendors by global revenue market share. The componay declares that "80%
of Fortune 500 trust its VPN products by protecting over 20 million
users".
At Red Timmy Security we have discovered that Pulse Secure
Hello,
in a recent security assessment we have managed to escape out of a
docker container by circumventing an ad-hoc reverse proxy that was
supposed to prevent abuse of "docker.sock" file exposure.
Full story here:
https://www.redtimmy.com/docker/a-tale-of-escaping-a-hardened-docker-containe
Hi,
we have just released an exploit for CVE-2020-13162. This vulnerability
affects the Windows Client of Pulse Secure < 9.1.6. It is a TOCTOU and
allow an attacker to escalate the privilige to NT_AUTHORITY\SYSTEM.
Details about the exploit itself can be found at
https://www.redtimmy.com/priv
has been requested but not assigned yet.
Kind Regards
Red Timmy Security
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
On June 21st 2020 Fortinet has released a security bulletin for its
FortiSIEM product: https://www.fortiguard.com/psirt/FG-IR-20-041. All
versions of the product equal to/minor than 5.2.8 are vulnerable to an
unauthorized remote command execution via Expression Language injection.
The affected
as happened to us), as well as the reasoning
behind the choices about targets and approaches followed during the
bounty campaign.
Full stories here ->
https://www.redtimmy.com/bug-bounty-failure-stories-to-learn-from-how-we-ended-up-to-hack-a-bank-with-no-reward/
regards
Red Timmy Secur
CVSS 3.0 score:
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Description of the Vulnerable Product
Poly is a company with an annual revenue of 1,2 USD billion per year.
They are behind the Plantronics brand producing audio devices for the
segments business and consumer. Their software, Pl
my.com/iot-ics-armageddon-hacking-devices-like-theres-no-tomorrow-part-1/
regards
Red Timmy Security
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
14 matches
Mail list logo