all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

217 - Insecure Firewalls, MyBB, and Winning with WinRAR

Add to bookmarks
Oct. 10, 2023, 11:45 a.m. | zi

DAY[0] dayzerosec.com

This week we've got some fun issues, including a WinRAR processing bug that results in code execution due (imo) to a filename adjustment when extracting that isn't performed consistently. A MyBB admin-panel RCE, fairly privileged bug but I think the bug pattern could appear elsewhere and is something to watch out for, And several silly issues in a "next-gen" firewall, including source disclosures and RCEs from the login page.

admin admin-panel bounty-podcast bug code code execution filename firewalls fun imo insecure isn mybb panel podcast privileged rce results watch week winning winrar

Visit resource

More from dayzerosec.com / DAY[0]

254 - Memory Corruption: Best Tackled with Mitigations or Safe-Languages? 3 weeks, 2 days ago | dayzerosec.com
binary-discussion-podcast cisa corruption languages +8
253 - A Retrospective and Future Look Into DAY[0] 1 month ago | dayzerosec.com
air change episode future +5
252 - Bypassing KASLR and a FortiGate RCE 2 months, 2 weeks ago | dayzerosec.com
aslr binary-podcast bypass bypassing +12
251 - RCE’ing Mailspring and a .NET CRLF Injection 2 months, 3 weeks ago | dayzerosec.com
attack bounty bounty-podcast bypass +9
250 - Future of Exploit Dev 2 months, 3 weeks ago | dayzerosec.com
binary-podcast corruption dev development +12
249 - libXPC to Root and Digital Lockpicking 2 months, 4 weeks ago | dayzerosec.com
android bounty-podcast bypass check +11
248 - Binary Ninja Free and K-LEAK 3 months ago | dayzerosec.com
automated binary binary ninja binary-podcast +10
247 - Hacking Google AI and SAML 3 months ago | dayzerosec.com
auth bounty-podcast bypass google +7
246 - Rust Memory Corruption??? 3 months, 1 week ago | dayzerosec.com
access binary-podcast code corruption +9

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com