Daniele Scanu on sk4 / Recent content in Daniele Scanu on sk4 Hugo -- gohugo.io en-us Fri, 25 Aug 2023 14:23:40 +0200 About /about/ Fri, 25 Aug 2023 15:26:21 +0200 /about/ My name is Daniele (aka @sk4), I’m a digital forensics expert. In my spare time I enjoy looking 👀 for new low level vulnerabilities and tasting new wines 🍷.

]]> CVEs /cves/ Fri, 25 Aug 2023 15:13:03 +0200 /cves/
  • CVE-2023-5593: Local Privilege Escalation via Zyxel VPN Client (Out of Bound)
  • CVE-2021-41243: Arbitrary File Write via Archive Extraction (Zip Slip)
  • CVE-2021-23340: Local File Inclusion on Pimcore
  • CVE-2021-23405: SQL Injection on Pimcore
  • CVE-2020-7759: SQL Injection on Pimcore
  • CVE-2019-10763: SQL Injection on Pimcore
  • CVE-2019-9693: SQL Injection on module ShowTime2 of CMS Made Simple
  • CVE-2019-9692: Remote Code Execution on module ShowTime2 of CMS Made Simple
  • CVE-2019-16317: Remote Code Execution through wrapper phar on Pimcore
  • CVE-2019-16318: File Extention restriction bypass on Pimcore
  • CVE-2019-10866: SQL Injection on Wordpress plugin Form Maker
  • CVE-2019-10867: Deserialization on CMS Pimcore
  • CVE-2019-9061: Deserialization on module ModuleManager of CMS Made Simple
  • CVE-2019-9060: Unauthenticated Path Traversal on module CGExtensions of CMS Made Simple
  • CVE-2019-9059: Command Injection on core of CMS Made Simple
  • CVE-2019-9058: Deserialization on core of CMS Made Simple
  • CVE-2019-9057: Deserialization on module FilePicker of CMS Made Simple
  • CVE-2019-9056: Deserialization on module FrontEndUsers of CMS Made Simple
  • CVE-2019-9055: Deserialization on module DesignManager of CMS Made Simple
  • CVE-2019-9053: SQL Injection on CMS Made Simple
    • ]]>