Web

Unauthenticated XML eXternal Entity (XXE) vulnerability

Nov 9, 2017
An high risk vulnerability reported by me and Mathew Nash, affecting Oracle Hyperion Financial Reporting Web Studio - possibly all versions up to 11.1.2.4

READ MORE
Uber Hacking: How We Found Out Who You Are Where You Are and Where You Went

Apr 9, 2016
What can be more exciting than being authorized to test one of the most hyped companies in 2016?

READ MORE
Multiple SQL Injection in JNews (CVE-2015-7342)

Oct 28, 2015
The JNews component was found to be vulnerable to SQL Injection affecting multiple pages.

READ MORE
SQL Injection in AcyMailing (CVE-2015-7338)

Oct 28, 2015
The AcyMailing component was vulnerable to SQL Injection on the export controller. This was another issue discovered by me, Filipe and Vitor while we were looking for low-hanging fruits in the TOP Joomla plugins.

READ MORE
SQL Injection in JEvents (CVE-2015-7340)

Oct 28, 2015
JEvents component was vulnerable to SQL Injection on new events functionality. This vulnerability was located inside the backoffice.

READ MORE