24/10/2019
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
Min
By thezero
19/10/2019
Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack
OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.
Min
By thezero
04/02/2019
Writeup for the FridaLab challenge with a basic introduction to the Frida toolkit on Android.
Min