Rhino Security Labs

Strategic & Technical Blog

Technical Strategic Technical & Strategic Both
Enterprise Security

Java Deserialization Exploitation With
Customized Ysoserial Payloads

David Yesland

During a recent application assessment at Rhino we identified a Java deserialization vulnerability which ended up leading to unauthenticated remote code execution. Exploitation of the vulnerability turned out to not be as simple as…

Read more
Enterprise Security

CVE-2019-0227: Expired Domain to Remote Code Execution in Apache Axis

Enterprise Security

NVIDIA Arbitrary File Writes to Command Execution
CVE-2019-5674

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
API
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Google Cloud
Internet of Things
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
Uncategorized
Enterprise Security

Exploiting CVE-2018-1335:
Command Injection in Apache Tika

David Yesland

This post is a walk-through of steps taken to go from an undisclosed CVE for a command injection vulnerability in the Apache tika-server to a complete exploit. The CVE is https://nvd.nist.gov/vuln/detail/CVE-2018-1335. Since Apache Tika is…

Read more