Blog

../assets/images/featured/whatsup-wcf-01.jpg

WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive

I discovered an unauthenticated path traversal against the latest version of progress whatsup gold and turned it into a pre-auth RCE, following is how I did it, this is the story of CVE-2024-4885

../assets/images/featured/whatsup-wcf-02.jpg

WhatsUp Gold Pre-Auth RCE WriteDataFile Primitive

Using a path traversal vulnerability to achieve remote code execution, this is the story of CVE-2024-4883 a pre-auth RCE against progress whatsup gold

../assets/images/featured/whatsup-CVE-2024-5009.jpg

WhatsUp Gold SetAdminPassword Privilege Escalation

Lets analyze a privilege escalation which I found targeting progress whatsup gold, this is the story of CVE-2024-5009

../assets/images/featured/veeam-vro-CVE-2024-29855.jpg

There are no Secrets || Exploiting Veeam CVE-2024-29855

CVE-2024-29855

../assets/images/featured/veeam-epm-CVE-2024-29849.jpg

Bypassing Veeam Authentication CVE-2024-29849

CVE-2024-29849

../assets/images/featured/report-server-banner.jpg

Molding lies into reality || Exploiting CVE-2024-4358

CVE-2024-4358

../assets/images/featured/vrni-cover.png

VMWare Aria Operations for Networks Static SSH key RCE

CVE-2023-34039

../assets/images/featured/vrni.png

Pre-authenticated RCE in VMware vRealize Network Insight

CVE-2023-20887

../assets/images/featured/vmware-nsx-exploited.png

Pre-authenticated Remote Code Execution in VMWare NSX Manager

CVE-2021-39144, CVE-2022-31678

../assets/images/featured/veeam-exploit.png

Veeam Unauthenticated Remote Code Execution

CVE-2022-26503,CVE-2022-26504,CVE-2022-26500,CVE-2022-26501