My Flock Safety independent security research has reached the point where it felt necessary to compile it all into a formal white paper and statement. Moving forward, all vulnerabilities will be added first to this white paper during the responsible disclosure embargo.
Tag: CVE
CVE-2022-34108, CVE-2022-34109, CVE-2022-34110 DoS + Arbitrary file Download/Copy in MSI Feature Navigator
Denial Of Service and an Arbitrary file copy and download found in MSI's Feature Navigator demo software!
CVE-2022-34615, CVE-2022-34621, CVE-2022-34623, CVE-2022-34624 – IDOR, User Enum and More (In Mealie)
Multiple new CVEs discovered and disclosed! IDOR, User Enum, invalid session termination and a weak password policy!
CVE-2022-37857, CVE-2022-37163, CVE-2022-37164 Hardcoded Credentials/Weak Password Policies
A location sharing open source server and android client was found to hardcode credentials and allow weak passwords by default (including blank passwords!)
CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base
Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
CVE-2022-34009
Denial of Service discovered against Fossil SCM when running on Windows boxes.
How to install NetHunter on Any Android Phone (Nexus 6p) 2021
Complete instructions on how to install kali nethunter on any android device updated for 2021!
Top 10 Books for Penetration Testers and Hackers 2021 Part 1
Top 10 books for any hacker, penetration tester, bug bountier or more!