Rhino Security Labs

Strategic & Technical Blog

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

David Yesland

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability due to an overly broad filter pattern used in the API authorization filters.
By appending a crafted string to the API URL, users with no privileges can…

CVE-2020-13405: MicroWeber
Unauthenticated User Database Disclosure

Java Deserialization Exploitation With
Customized Ysoserial Payloads

Fuzzing Left4Dead 2 with CERT’s
Basic Fuzzing Framework

Hunter Stanton

If you saw my previous blog post on the buffer overflow I found in Left4Dead 2, you know that I found that vulnerability through fuzzing. 
Modern game engines usually have a very large attack surface within which vulnerabilities could…