Posts

• WAN-based command injection in Netgear RAX30
• CVE-2021-44733: Fuzzing and exploitation of a use-after-free in the Linux kernel TEE subsystem
• Linux kernel TEE: free arbitrary page
• OP-TEE OS: allocate too small shared memory
• Pre-auth LAN RCE in Netgear R6700
• XSS to RCE via a Magento Help Desk extension
• LAN-based command injection in TP-Link Archer A7
• TP-Link WDR4300 Post-auth RCE
• CVE-2020-13848: Denial of Service in Portable UPnP SDK (aka libupnp)
• CVE-2020-13111: Out-of-bounds write in NaviServer
• CVE-2020-12845: Denial of Service in Cherokee Web Server
• CVE-2020-12460: Heap-overflow in OpenDMARC
• CVE-2019-19731: Directory traversal in Roxy Fileman for .NET
• CVE-2019-19702: XXE injection in Modoboa DMARC plugin