Numerous vulnerabilities in Faveo Helpdesk
Security research revealing multiple critical vulnerabilities in Faveo Helpdesk including RCE via hard-coded encryption keys, admin access control bypasses, and stored XSS.
2021
Polr URL Shortener Admin Takeover
Complete admin takeover vulnerability in Polr URL shortener exploiting PHP loose comparison and cookie manipulation to bypass authentication and gain full administrative access.
Detecting and Preventing Credential Stuffing Attacks - Pt. 1
Learn how credential stuffing attacks work and discover practical defense strategies including MFA, CAPTCHAs, monitoring, and alerting to protect your applications from these common threats.
Geoplugin.net Insecure Deserialization
Discovering a critical supply chain vulnerability in Geoplugin.net's PHP API that leads to remote code execution through insecure deserialization in popular libraries.