Sometimes they come back: exfiltration through MySQL and CVE-2020-11579

Walkthrough and exploitation of MySQL LOCAL INFILE accompanied by the release of a new open-source tool to exploit similar vulnerabilities.

Exploiting Apache Solr through OpenCMS

Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.

Nagios XI 5.5.10: XSS to #

Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.