How to (not) lose money in Web3Good day everyone. The purpose of this article is to give an overview what can go wrong when interacting with Web3 Dapps from a…Oct 7, 2022Oct 7, 2022
Remote Code Execution in NVIDIA NVFlareNVFlare (NVIDIA Federated Learning Application Runtime Environment) is an open source SDK for Federated Learning. Institutions can…Sep 29, 2022Sep 29, 2022
Use of Password Hash Instead of Password for Authentication 0-day vulnerability in Fast OS DockerWhile investigating the Docker web-GUI “Fast OS Docker”, I came across a “Use of Password Hash Instead of Password for Authentication”…Aug 7, 2022Aug 7, 2022
Authenticated SQL injection vulnerability in “NEX Forms” Wordpress pluginI discovered an authenticated SQL injection vulnerability in the “NEX Forms” Wordpress plugin, which has at the time of writing around 10k…Aug 1, 2022Aug 1, 2022
Authentication Bypass vulnerability in camp, a Raspberry Pi camera serverI recently had a look at camp , a Raspberry Pi camera server based on Python with more than 100 stars on Github. It uses the Tornado…Jul 25, 2022Jul 25, 2022
Authenticated SQL injection vulnerability in “Translatepress Multilingual” Wordpress pluginWhile investigating Wordpress plugins, I stumbled upon “Translatepress Multilingual”, which is used to make Wordpress pages available in…Jul 23, 2022Jul 23, 2022
Remote Code Execution 0-day in rpc.pyThere is an Unauthenticated Remote Code Execution vulnerability in https://pypi.org/project/rpc.py/. No specific configuration is required…Jul 5, 2022Jul 5, 2022
Remote Code Execution vulnerability in EdgeDB remote compiler pool server featureRecently, I discovered an unauthenticated Remote Code Execution vulnerability in a development feature of EdgeDB called “remote compiler…Jun 25, 2022Jun 25, 2022