Work and Research

CVEs

• CVE-2022-3017: CSRF on deleting an API key in froxlor/froxlor
• CVE-2021-24347: SP Project & Document Manager WordPress plugin < 4.22 Authenticated Shell Upload
• CVE-2021-26710: Redwood Report2Web 4.3.4.5 and 4.5.3 Cross-Site Scripting
• CVE-2021-26711: Redwood Report2Web 4.3.4.5 Frame Injection
• CVE-2021-24288: AcyMailing < 7.5.0 Open Redirect

Talks:

• Defending AppSec: From Mass Scanning Low Hanging Fruit to Digging for Critical Bugs [BSides Athens 2023]

News and Mentions:

• Bangladesh government website leaks citizens’ personal data [TechCrunch]
• Online store exposed millions of Chinese citizen IDs [TechCrunch]
• Interview about the Bangladesh BDRIS leak [BBC]
• A Spy Agency Leaked People's Data Online—Then the Data Was Stolen [WIRED]