cyllective's blog

Tag - web

Creating a Malicious Atlassian Plugin

Exploring the world of a possible supply chain attack, resulting in a compromised, malicious Confluence plugin
#web #java #plugins #atlassian

Auditing Atlassian Plugins, 53 0-Days Later

Explaining the process and tooling behind our way of auditing Atlassian plugins, 53 0Days later.
#web #cve #plugins #atlassian

Collabora Online Stored XSS (CVE-2024-29182)

A Writeup for a Stored XSS we found in Collabora Online - CVE-2024-29182
#web #cve #collabora

COMfiltrat0r - Exfiltration via WebSerial

During a Data Loss Prevention audit, cyllective managed to find a way to copy files off a Windows computer that had USB storage blocked - introducing COMfiltrat0r
#dlp #web #hardware

Auditing WordPress Plugins

A summarized post about security research of WordPress plugins and the explorational audit spree which followed
#web #cms #cve #plugins #wordpress

OctoberCMS Authenticated RCE (CVE-2022-21705)

Join us in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
#web #cms #cve #octobercms

OctoberCMS Authenticated RCE (CVE-2021-32649)

Follow along in the discovery and exploitation of an authenticated remote code execution vulnerability in OctoberCMS
#web #cms #cve #octobercms

Plone Authenticated RCE (CVE-2021-32633)

Join the journey into Plone CMS that lead us to discover an authenticated RCE vulnerability
#web #cms #cve #plone