Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Application Security

CVE-2019-0227: Expired Domain to Remote Code Execution in Apache Axis

David Yesland
April 9, 2019

Apache Axis™ is a Simple Object Access Protocol (SOAP) engine. During a recent red team engagement we came across an install of an old version of Apache Axis, version 1.4. There are now newer versions such as Apache Axis2, Apache CXF, and…

Read more
Application Security

NVIDIA Arbitrary File Writes to Command Execution
CVE-2019-5674

Application Security

Exploiting CVE-2018-1335:
Command Injection in Apache Tika

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
GCP

Google Cloud Platform (GCP)
Bucket Enumeration and Privilege Escalation

Spencer Gietzen
February 26, 2019

For those unfamiliar, GCP is a cloud platform that offers a variety of cloud-computing solutions for businesses of any size to take advantage of. Most people would put it up in the “big 3” cloud providers that are available,…

Read more