CVE-2022-1531

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover...

Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

This report from @spaceraccoon demonstrated a valid attack resulting in RCE and full compromise of the target. The detailed and thorough report was especially helpful throughout the triage process, and ultimately helped us reproduce and resolve the issue as quickly as possible. The vulnerable sit...