Repository regarding my security research. Detailed proof of concept will be written on my blog.
- Oracle (CVE-2021-2461) - Oracle Communications Interactive Session Recorder 6.4 Provision API Remote Code Execution
- Strapi (CVE-2022-31367) - Strapi up to 3.6.9/4.1.9 SQL Injection Through Filtering Feature
- Daloradius (CVE-2023-0046) - Unrestricted Logging Filename Lead to RCE
- Daloradius (CVE-2023-0048) - Lack of Input Sanitazion lead to RCE
- Froxlor (CVE-2023-0316) - Local File Read through Improper Filename Validation