Bypass CSP Using WordPress By Abusing Same Origin Method Execution

May 29, 2022

By Paulos Yibelo There are two scenarios found in which CSP can be bypassed if WordPress is hosted on the website […]

CVE-2022-24990: TerraMaster TOS unauthenticated remote command execution via PHP Object Instantiation

March 7, 2022

Introduction This report explains how researchers at Octagon Networks were able to chain two interesting vulnerabilities to achieve unauthenticated remote command […]

CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO

March 2, 2022

| No Comments

| Uncategorized

Apache JSPWiki is a leading open source Wiki engine, feature-rich and built around standard JEE components (Java, servlets, JSP), according to […]

MAMP Server preauth XSS leading to Host Compromise (0day)

January 26, 2022

| No Comments

| Uncategorized

According to their wiki, MAMP is a solution stack composed of free and open-source and proprietary commercial software used together to […]

CVE-2021-45467: CWP CentOS Web Panel – preauth RCE

January 22, 2022

| No Comments

| bug bounty, rce, preauth rce,

CentOS Web Panel or commonly known as CWP is a popular web hosting management software, used by over 200,000 unique servers, […]

Company

About Contact Press

Technical Resources

Technical Blog Advisories Videos Reports

Platform

Overview Services Blog

Solutions

Code Review Real Time Monitoring

contact@octagon.net

Bypass CSP Using WordPress By Abusing Same Origin Method Execution

CVE-2022-24990: TerraMaster TOS unauthenticated remote command execution via PHP Object Instantiation

CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO

MAMP Server preauth XSS leading to Host Compromise (0day)

CVE-2021-45467: CWP CentOS Web Panel – preauth RCE

Recent Posts

Archives

Categories

Company

Technical Resources

Platform

Solutions