all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

203 - Pentaho Pre-Auth RCE and Theft by CAN Injection

Add to bookmarks
April 11, 2023, 7:48 p.m. | zi

DAY[0] dayzerosec.com

Some fun issues this week as we explore code execution in Synthetics Recorder stemming from a comment in the code. An auth bypass in Pentaho leading to RCE via SSTI, car theft via CAN bus message injection, and how to become a cluster admin from a compromised pod in AWK Elastic Kubernetes Service.

auth bounty-podcast bus bypass can bus car car theft cluster code code execution compromised elastic fun injection kubernetes message pentaho podcast rce service ssti theft

Visit resource

More from dayzerosec.com / DAY[0]

252 - Bypassing KASLR and a FortiGate RCE 1 month, 1 week ago | dayzerosec.com
aslr binary-podcast bypass bypassing +12
251 - RCE’ing Mailspring and a .NET CRLF Injection 1 month, 1 week ago | dayzerosec.com
attack bounty bounty-podcast bypass +9
250 - Future of Exploit Dev 1 month, 2 weeks ago | dayzerosec.com
binary-podcast corruption dev development +12
249 - libXPC to Root and Digital Lockpicking 1 month, 2 weeks ago | dayzerosec.com
android bounty-podcast bypass check +11
248 - Binary Ninja Free and K-LEAK 1 month, 3 weeks ago | dayzerosec.com
automated binary binary ninja binary-podcast +10
247 - Hacking Google AI and SAML 1 month, 3 weeks ago | dayzerosec.com
auth bounty-podcast bypass google +7
246 - Rust Memory Corruption??? 2 months ago | dayzerosec.com
access binary-podcast code corruption +9
245 - A PHP and Joomla Bug and some DOM Clobbering 2 months ago | dayzerosec.com
api bounty-podcast bug cache +15
244 - Linux Burns Down CVEs 2 months, 1 week ago | dayzerosec.com
binary-podcast cves down fuzzing +3

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Information Security Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Principal Security Researcher (Advanced Threat Prevention)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

EWT Infosec | IAM Technical Security Consultant - Manager

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Engineering Operations Manager

@ Gusto | San Francisco, CA; Denver, CO; Remote
View on infosec-jobs.com

Network Threat Detection Engineer

@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC
View on infosec-jobs.com
View more jobs