Home

Zmanda Management Console 3.3.9 - RCE (CVE-2019-19469)

Weak default credentials in combination with missing input validation allow a remote attacker to execute arbitrary code on a server using the Zmanda Management Console 3.3.9. Description It's possibl…

21 January 2021

Weaponize XSS and bypass (bad) WAFs

Imagine we’ve a reflected XSS on https://test-site.com and the following characters are filtered: spaces, (single) quotes, <, >, } and {. But you also want to develop a weaponized exploit to exf…

21 January 2021

OSINT: Tracking cryptocurrency trading volume using the Slovenian ZPPDFT-1 act

Recently I found an interesting file on uppd.gov.si called nakazila.xls (translated: wire transfers) while I was doing some reconnaissance for a bug bounty program. After verifying that the file was p…

21 January 2021

EFAIL – are encrypted e-mails insecure now?

As the chairmen of a German human rights association I‘m familiar with how NGOs handle e-mail encryption and how important it is. Of course the research behind EFAIL points out valid vulnerabilities, …

21 January 2021

Robert Kugler

Let's s3cur3.it!

Zmanda Management Console 3.3.9 - RCE (CVE-2019-19469)

Weaponize XSS and bypass (bad) WAFs

OSINT: Tracking cryptocurrency trading volume using the Slovenian ZPPDFT-1 act

EFAIL – are encrypted e-mails insecure now?