Portfolio

 

Reports and Acknowledgements

Vulnerabilities / Exploits

  • MyMag WordPress theme Unrestricted File Upload
  • Multiple XSS Vulnerabilities in BoxBilling
  • Remote Code Execution in mversion (CVE-2020-7688)
  • Regular Expression Denial of Service (ReDoS) in urlregex
  • Regular Expression Denial of Service (ReDoS) in url-regexp
  • [metascraper-helpers] Denial of Service
  • Regular Expression Denial of Service (ReDoS) in RestQL

Securing Open Source Code

  • Fixed: Improper Access Control in Cezerin (CVE-2019-18608)
  • Fixed: Remote Command Execution in strider-git
  • Fixed: Improper Access Control in Cezerin2
  • Fixed: Remote Code Execution in mversion
  • Fixed: Remote Code Execution in Apache cordova-serve module