PandoraFMS v7.0NG.777.3 Remote Command Execution (CVE-2024-11320)

Estimated Reading Time: 9 minutes Previously, during a quick code review of PandoraFMS, I identified CVE-2019-20224, an RCE vulnerability affecting the product. In this blog post, I’ll delve into another code review of PandoraFMS that uncovered a new RCE vulnerability, now assigned CVE-2024-11320. This post is the first in a two-part series focused on CVE-2024-11320. In this part, I’ll walk…

Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315)

Estimated Reading Time: 8 minutes Summary about Froxlor Froxlor is a web-based server management software for Linux-based operating systems. It is primarily used to manage web hosting environments and allows users to create and manage websites, email accounts, and FTP accounts. It also provides tools for monitoring server resources and managing backups. Froxlor is written in PHP and uses a…

Adventures in Burp Extender Land

Estimated Reading Time: 7 minutes Recently I was testing a mobile application and it’s interaction with an API backend. It was the first time that I had come across an application that used two different JWT tokens in the headers to authorise against the API end point. Burp is great at handling cookies, but is not so great on handling…