Blog posts

blog-img

Exploiting embedded mitel phones for unauthenticated remote code execution

How to achieve a working remote code execution exploit in an embedded phone without any previous access.

25 April 2024
blog-img

The Blind Spots of Automated Web App Assessments

Showcasing why automated scanners might miss some very obvious bugs and how to deal with that.

02 January 2024
blog-img

NC3 CTF Solutions

Danish National Cybercrime Center held their annual hacking competition. We participated and solved some challenges

15 December 2023
blog-img

Building your first metasploit exploit

Comprehensive guide on how to convert your RCE vulnerability into a fully functional metasploit module, that will spawn any payload. We use CVE-2023-32781 as our example.

24 November 2023
blog-img

WithSecure Elements Vulnerability to isolate all companies

How we could exploit a vulnerability in WithSecure Elements EDR to shut down a company network through malicious isolation.

20 November 2023
blog-img

PRTG Remote Code Execution - CVE-2023-32782

This post details the process of exploiting CVE-2023-32782 in PRTG to gain remote code execution.

02 November 2023

Advisories

blog-img

CVE-2023-32782 - PRTG RCE

Remote code execution in Dicom Query sensor as SYSTEM

20 September 2023
blog-img

CVE-2023-32781 - PRTG RCE

Remote code execution in HL7 sensor as SYSTEM

19 September 2023
blog-img

CVE-2023-31452 - PRTG CSRF

CSRF allowing the leakage of cleartext windows credentials over the network.

18 September 2023
blog-img

CVE-2023-31451 - PRTG File Disclosure with Regex

Utilize regex feature for leaking sensitive configuration files

16 September 2023
blog-img

CVE-2023-31450 - PRTG Path Traversal

Path traversal in SQL sensor

15 September 2023
blog-img

CVE-2023-31449 - PRTG Path Traversal

Path traversal in WMI sensor

13 September 2023
blog-img

CVE-2023-31448 - PRTG Path Traversal

Path traversal vulnerability was discovered in the HL7 sensor of PRTG

10 September 2023
blog-img

CVE-2023-24037 - Nagios

Authentication bypass due to insecure timing comparison

09 September 2023
blog-img

CVE-2023-24036 - Nagios

Open Redirect

08 September 2023
blog-img

CVE-2023-24035 - Nagios

Authentication bypass due to insecure timing comparison

07 September 2023
blog-img

CVE-2022-45871 - WithSecure fsicapd

Unauthed memory corruption in the fsicapd component leads to DoS

10 September 2022
blog-img

CVE-2022-38165 - F-Secure Policy Manager (Unauthed arbitrary filewrite)

Unauthenticated arbitrary filewrite as SYSTEM

05 September 2022
blog-img

CVE-2022-38162 - F-Secure Policy Manager

Multiple Cross-Site (XSS) Scripting vulnerabilities

10 August 2022
blog-img

CVE-2022-28885 - F-Secure Policy Manager

Unauthed memory corruption in the fsicapd component leads to DoS

10 April 2022
blog-img

CVE-2020-XXXX - BTCPay (XSS to leaked private key)

XSS which leads to a leaked private key, allowing wallet control

10 September 2020
blog-img

CVE-2020-12480 - Play Framework (Global CSRF Bypass)

Global CSRF bypass due to RFC incompliance in HTTP header

10 February 2020
blog-img

CVE-2019-XXXXX/fsc-2019-3 - F-secure Internet Gatekeeper (RCE)

Heap Based buffer overflow leads to Remote Code Execution

10 October 2019
blog-img

CVE-2019-XXXX - Cerberus FTP (XSS to RCE)

Cerberus FTP login XSS leads to RCE

10 September 2019
blog-img

CVE-2019-XXXXX/fsc-2019-4 - F-secure Server Security (RCE)

Remote Code Execution in F-secure Server Security

10 September 2019
blog-img

CVE-2018-9191 - Fortinet FortiClient (LPE)

Fortinet IPC permission leads to local privilege escalation as SYSTEM

10 September 2018
BALDUR.

Research driven offensive security consultancy to ensure maximum security for your enterprise. We thrive on technical challenges and breaking applications to help making them secure.

Pages

Contact

Copyright Baldur © 2024. All Rights Reserved.