Research

Security Findings

CVE Product Description Link
CVE-2015-7580
Ruby On Rails
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. https://hackerone.com/reports/81212
CVE-2016-5832
Wordpress
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors. https://www.cvedetails.com/cve/CVE-2016-5832/
CVE-2015-8474
Redmine
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. https://www.redmine.org/issues/19577
N/A (2014-04-14)
Sagem Fast 3304-V2
Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The router is vulnerable to an authentification bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions. https://www.exploit-db.com/exploits/32859
N/A (2015-12-22)
SeaMonkey
Cross-site scripting (XSS) vulnerability if an attacker could convince a user to right-click on a broken image and choose “View Image” from the context menu then he could get javascript to run on a site of the attacker’s choosing by making the image src attribute a javascript: URL. https://bugzilla.mozilla.org/show_bug.cgi?id=1234651
CVE-2020-26210
BookStack
A user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h

Security Research

Title Publication
Crowdsourced security, an efficient and cost-effective solution to augment your organization's security
https://www.youtube.com/watch?v=upqr869qGOY
[Contribution] Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
https://samcurry.net/filling-in-the-blanks-exploiting-null-byte-buffer-overflow-for-a-40000-bounty/