trein
@reindaelman.bsky.social
Application Security Engineer at @intigriti | OSWE | BSCP | https://hackerone.com/trein
Pinned
trein
@reindaelman.bsky.social
· Nov 24
CVE-2024-8856 - Unauthenticated RCE via Arbitrary File Upload
Hacked.be | Cybersecurity blog by Rein Daelman.
hacked.be
CVE-2024-8856 is out! This is my 7th CVE, but my first critical one.
TL;DR
Unauthenticated RCE via Arbitrary File Upload (thanks to some very questionable file type validation).
Already posted on X, but wanted something on my profile... 😅
#BugBounty #Security
Write-up:
hacked.be/posts/CVE-20...
TL;DR
Unauthenticated RCE via Arbitrary File Upload (thanks to some very questionable file type validation).
Already posted on X, but wanted something on my profile... 😅
#BugBounty #Security
Write-up:
hacked.be/posts/CVE-20...
Just had my #bugbounty report disclosed on
#HackerOne 💪
TL;DR
RCE via path traversal in the Mozilla VPN Client through the local websocket server (developer mode).
hackerone.com/reports/2995...
#HackerOne 💪
TL;DR
RCE via path traversal in the Mozilla VPN Client through the local websocket server (developer mode).
hackerone.com/reports/2995...
Unsupported Browser | HackerOne
hackerone.com
July 29, 2025 at 10:46 AM
Just had my #bugbounty report disclosed on
#HackerOne 💪
TL;DR
RCE via path traversal in the Mozilla VPN Client through the local websocket server (developer mode).
hackerone.com/reports/2995...
#HackerOne 💪
TL;DR
RCE via path traversal in the Mozilla VPN Client through the local websocket server (developer mode).
hackerone.com/reports/2995...
CVE-2024-8856 is out! This is my 7th CVE, but my first critical one.
TL;DR
Unauthenticated RCE via Arbitrary File Upload (thanks to some very questionable file type validation).
Already posted on X, but wanted something on my profile... 😅
#BugBounty #Security
Write-up:
hacked.be/posts/CVE-20...
TL;DR
Unauthenticated RCE via Arbitrary File Upload (thanks to some very questionable file type validation).
Already posted on X, but wanted something on my profile... 😅
#BugBounty #Security
Write-up:
hacked.be/posts/CVE-20...
CVE-2024-8856 - Unauthenticated RCE via Arbitrary File Upload
Hacked.be | Cybersecurity blog by Rein Daelman.
hacked.be
November 24, 2024 at 2:49 PM
CVE-2024-8856 is out! This is my 7th CVE, but my first critical one.
TL;DR
Unauthenticated RCE via Arbitrary File Upload (thanks to some very questionable file type validation).
Already posted on X, but wanted something on my profile... 😅
#BugBounty #Security
Write-up:
hacked.be/posts/CVE-20...
TL;DR
Unauthenticated RCE via Arbitrary File Upload (thanks to some very questionable file type validation).
Already posted on X, but wanted something on my profile... 😅
#BugBounty #Security
Write-up:
hacked.be/posts/CVE-20...