CVE-2020-9448 – XSS Vulnerability in the Digital Guardian Management Console

CVE-2020-9448 – Authenticated Cross-Site Scripting in the Digital Guardian Management Console DeepCode reported a Cross-Site Scripting vulnerability in the Digital Guardian Management Console on 25th February 2020. The vulnerability results from a lack of input validation in the filtering feature of the “Policies & Rules” menu of the management console. Vulnerability in Filters The filtering […]
CVE 2020-6171 – Cross-Site Scripting in CLink Office v2

DeepCode discovered a Cross-Site Scripting (XSS) vulnerability in CLink Office via parameter injection. As of 18 January 2020, a simple Google search returned 2,500 web servers using the application, mostly in Hong Kong.
Exploit Development with AFL, PEDA and PwnTools

In this tutorial, we expand on our previous article on AFL by developping a simple exploit using PEDA and Pwntools.