Advisory Featured Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.
Advisory Featured ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4 Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.
Advisory Featured LiquidFiles Vulnerabilities: From Discovery to Disclosure Join us in my quest to find some vulnerabilities in the Liquidfiles application! A full walkthrough awaits detailing the methodology and the findings that made all the effort worthwhile.
Advisory Featured A Watchguard Vulnerability That's a "Feature"- GuardLapse Picture this: a feature from a security appliance that willingly dispatches its password hashes to any device on the network. That is precisely what WatchGuard's SSO does under certain circumstances. Does a bad feature warrant filing a CVE? I'm not sure.
