Saad Mazouzi
Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution
This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.
Wed 16 October 2024
Advanced Techniques for Bypassing 4xx Errors
Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.
Mon 05 August 2024
Known Exploitable Vulnerabilities: Catching them all
In this article we will Discover essential tools and empirical insights for identifying critical, high-severity, and actively exploitable vulnerabilities sourced from reputable platforms like CISA KEV, Google’s Tsunami, and the innovative Ostorlab’s Asteroid Project.
Wed 10 January 2024