Blog posts
Ambionics / Web Exploitation

Owncloud: details about CVE-2023-49103 and CVE-2023-49105

Mon 04 December 2023

We provide details about CVE-2023-49103 and CVE-2023-49105

Read more
Ambionics / Web Exploitation

Unserializable, but unreachable: Remote code execution on vBulletin

Tue 31 January 2023

Ambionics Security team discovered a pre-authentication remote code execution in vBulletin 5.6.9.

Read more
Ambionics / Web Exploitation

Hacking Root-Me: SPIP SQL injection leading to RCE (challenge)

Wed 12 January 2022

We identified a vulnerability in SPIP's SQL engine, which allowed us to access the backoffice of the hacking platform Root-Me.

Read more
Ambionics / Web Exploitation

PHP-FPM local root vulnerability (CVE-2021-21703)

Thu 21 October 2021

This article reveals a privilege escalation vulnerability affecting PHP-FPM.

Read more
Ambionics / Web Exploitation

Laravel <= v8.4.2 debug mode: Remote code execution

Tue 12 January 2021

Ambionics Security team discovered an RCE in Laravel, when the framework is in debug mode.

Read more
Ambionics / Web Exploitation

Remote code execution on Sqreen: exploiting the microagent

Thu 19 November 2020

Ambionics Security team discovered a heap overflow that results in remote code execution on Sqreen's microagent.

Read more