eval.blog

Category: Security

Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App

October 21, 2023 ◦ 4 min ◦

• Security

Breaking The Mutant Language's "Encryption (Writeup)"

August 15, 2023 ◦ 22 min ◦

• Security

CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Public Disclosure of CVE-2021-27902 and CVE-2021-27903

July 29, 2021 ◦ 14 min ◦

• Security

FILTER_VALIDATE_URL bypass in PHP 8

July 16, 2021 ◦ 1 min ◦

• Security

Untrusted code execution in PHPMailer

July 10, 2021 ◦ 1 min ◦

• Security

active_url validation check bypass in Laravel

June 12, 2021 ◦ 1 min ◦

• Security

POP Gadget using function injection in RequiredIf

June 12, 2021 ◦ 1 min ◦

• Security

Code Execution via Cross Site Scripting in Tagspaces (A file manager)

June 11, 2021 ◦ 1 min ◦

• Security

Relative Path Traversal in Flarum using fake OAuth Provider

June 11, 2021 ◦ 1 min ◦

• Security

XSS in Unified Transform (A school management software)

May 18, 2021 ◦ 1 min ◦

• Security

Stored Cross Site Scripting in October CMS

April 3, 2021 ◦ 1 min ◦

• Security

Cross Site Scripting in digidocu

March 30, 2021 ◦ 1 min ◦

• Security

Internal IP Address leak in Misconfigured WordPress to bypass WAF

December 27, 2020 ◦ 3 min ◦

• Security

Account Takeover on unverified emails in File Sync & Share in Acronis

June 24, 2020 ◦ 1 min ◦

• Security

Open Redirect in Flattr

June 11, 2020 ◦ 1 min ◦

• Security

Unrestricted access to any "connected pack" in docs in coda.io

June 24, 2020 ◦ 1 min ◦

• security