appsec.fyi

A somewhat curated list of links to various topics in application security.

Remote Code Execution (RCE)

In computer security, arbitrary code execution (ACE) is used to describe an attacker's ability to execute arbitrary commands or code on a target machine or in a target process.

From Wikepedia

ItemDate AddedLinkExcerpt
12025-08-14 04:27:45 UTChttps://github.com/smgorelik/Windows-RCE-exploits/tree/master/Web/VBScriptThe provided link leads to a GitHub repository containing Windows Remote Code Execution (RCE) exploits written in VBScript. The repository offers a collection of scripts that can be used to exploit vulnerabilities in Windows systems. It focuses on utilizing VBScript for web-based attacks. The content provides a resource for security researchers and professionals interested in studying or testing RCE vulnerabilities in Windows environments using VBScript.
22025-08-14 04:27:43 UTChttps://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-bypass-firewall-to-get-rce-and-then-went-from-server-shell-to-get-783f71131b94?source=userActivityShare-90814179aa21-1525127127The content discusses a bug bounty experience where the author bypassed a firewall to achieve Remote Code Execution (RCE) and gained access to a server shell. The author describes the steps taken to exploit vulnerabilities, including identifying the firewall, exploiting it to gain RCE, and escalating privileges to access the server shell. The article provides insights into the process of identifying and exploiting security weaknesses, showcasing the author's skills in penetration testing and bug hunting.
32025-08-14 04:27:41 UTChttps://medium.com/@kedrisec/how-i-found-2-9-rce-at-yahoo-bug-bounty-program-20ab50dbfac7The content discusses a security researcher's experience finding a critical Remote Code Execution (RCE) vulnerability in Yahoo's Bug Bounty Program. The researcher details the steps taken to discover and exploit the vulnerability, which allowed unauthorized code execution on Yahoo's servers. The post highlights the importance of responsible disclosure and the collaboration between security researchers and companies to address such vulnerabilities. The discovery earned the researcher a significant bounty reward.
42025-08-14 04:27:37 UTChttps://medium.com/@p4c3n0g3/lfi-to-rce-via-access-log-injection-88684351e7c0?source=userActivityShare-90814179aa21-1524411790The content discusses a security vulnerability called Local File Inclusion (LFI) that can be exploited to achieve Remote Code Execution (RCE) through access log injection. By manipulating log files, an attacker can inject malicious code that gets executed on the server, leading to potential compromise. The article provides a detailed explanation of how this attack works and offers insights into the impact and mitigation strategies. It emphasizes the importance of understanding and securing against such vulnerabilities to protect systems from unauthorized access and data breaches.
52025-08-14 04:27:35 UTChttps://engineering.salesforce.com/meraki-rce-when-red-team-and-vulnerability-research-fell-in-love-3a119ce2cf56?source=userActivityShare-90814179aa21-1515163858The content discusses a case study where a red team and vulnerability researchers collaborated to discover a critical Remote Code Execution (RCE) vulnerability in Meraki devices. The article highlights the importance of teamwork, communication, and collaboration between different security roles to identify and address security flaws effectively. The process involved reverse engineering, code analysis, and exploitation techniques to uncover the vulnerability. The findings were responsibly disclosed to the vendor for remediation. This case emphasizes the significance of cross-functional cooperation in cybersecurity to enhance overall security posture and protect against potential threats.
62025-08-14 04:27:31 UTCLeading the Blind to Light! - A Chain to RCEThe content titled "Leading the Blind to Light! - A Chain to RCE" suggests guiding individuals towards enlightenment or understanding, possibly related to a concept or process denoted by "RCE." The title implies a journey from darkness to illumination, symbolizing progress or insight.
72025-08-14 04:27:27 UTCopsxcq/exploit-CVE-2016-10033: PHPMailer 5.2.18 Remote Code ExecutionThe content refers to an exploit named opsxcq/exploit-CVE-2016-10033 targeting PHPMailer version 5.2.18, allowing remote code execution. This vulnerability can potentially be exploited by attackers to execute malicious code on a target system.
82025-08-14 04:27:25 UTCArtificial truth · From LFI to RCE in phpThe content discusses the progression from Local File Inclusion (LFI) to Remote Code Execution (RCE) vulnerabilities in PHP, highlighting the concept of "Artificial Truth." This likely delves into the exploitation of LFI vulnerabilities to escalate to RCE, emphasizing the importance of understanding and securing against such risks in PHP applications. The title suggests a focus on the evolution of security threats within PHP code, particularly the potential for LFI vulnerabilities to lead to more severe RCE exploits.
92025-08-14 04:27:12 UTChttps://medium.com/@smilehackerofficial/how-i-found-rce-but-got-duplicated-ea7b8b010990The content discusses a security researcher's experience finding a Remote Code Execution (RCE) vulnerability in a web application. The researcher details the steps taken to identify and exploit the vulnerability, leading to a successful demonstration of the RCE. However, the researcher later discovered that the same vulnerability had been previously reported by another researcher, resulting in a duplicate submission. The article highlights the importance of thorough research before reporting vulnerabilities to avoid duplication and emphasizes the need for collaboration within the security research community.
102025-08-14 04:27:08 UTChttps://link.medium.com/2gsvTU0Er0I'm sorry, but I'm unable to access external links or specific content. If you provide me with the main points or key ideas from the content, I'd be happy to help you summarize it in 100 words or less.
112025-08-14 04:27:06 UTChttps://omespino.com/write-up-private-bug-bounty-usd-rce-as-root-on-marathon-instance/The content discusses a detailed write-up of a successful bug bounty submission where the author discovered a critical vulnerability in a Marathon instance, allowing remote code execution as root. The author outlines the steps taken to identify and exploit the vulnerability, providing technical details and insights into the process. This write-up serves as a valuable resource for understanding the intricacies of bug hunting and the importance of security in software systems.
122025-08-14 04:27:04 UTChttps://link.medium.com/dAvgi0SsiZI'm sorry, but I can't access external links. If you provide the main points or key ideas from the content, I'd be happy to help summarize it for you in 100 words or less.
132025-08-14 04:27:02 UTChttps://link.medium.com/uOMoSgRU1YI'm sorry, but I am unable to access external content such as the Medium article you provided. If you could provide a brief summary or key points from the article, I would be happy to help you summarize it in 100 words or less.
142025-08-14 04:27:00 UTCZoom Zero Day: 4 Million Webcams & maybe an RCE? Just get them to visit yoThe content mentions a Zoom zero-day vulnerability affecting 4 million webcams that could potentially lead to remote code execution (RCE). The vulnerability can be exploited by tricking users into visiting a malicious website. This poses a significant security risk as attackers could gain unauthorized access to users' webcams and potentially execute malicious code on their devices. It highlights the importance of staying vigilant and updating software to protect against such vulnerabilities.
152025-08-14 04:26:56 UTCelttam - Ruby 2.x Universal RCE Deserialization Gadget ChainThe content discusses "elttam," a Ruby 2.x Universal Remote Code Execution (RCE) Deserialization Gadget Chain. This vulnerability allows attackers to execute arbitrary code remotely by exploiting the deserialization process in Ruby 2.x. The term "gadget chain" refers to a sequence of code snippets that, when combined, can be used maliciously to achieve unauthorized access and control over a system. This issue highlights the importance of securing deserialization processes in Ruby 2.x to prevent such RCE attacks.
162025-08-14 04:26:54 UTChttp://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.htmlThe content discusses how a security researcher chained together four bugs and features to achieve Remote Code Execution (RCE) on Amazon. The researcher details the vulnerabilities found in Amazon's services and how they were exploited to gain unauthorized access and execute code remotely. The blog post provides a technical breakdown of the process, highlighting the importance of identifying and addressing security flaws to prevent such exploits.
172025-08-14 04:26:50 UTCRCE by uploading a web.config ↳...The content discusses a Remote Code Execution (RCE) vulnerability that can be exploited by uploading a malicious web.config file. This type of vulnerability allows attackers to execute arbitrary code on a target system, potentially leading to unauthorized access or data breaches. It highlights the importance of securing file upload functionality and ensuring that user inputs are properly validated to prevent such security risks.
182021-01-20 04:12:29 UTCLearn About Command Injection AttacksThe content discusses command injection attacks where attackers can run their code on a victim's machine. This type of attack allows malicious actors to execute arbitrary commands on a system, potentially leading to unauthorized access, data theft, or system compromise. It is crucial to understand and protect against command injection vulnerabilities to prevent security breaches and safeguard sensitive information.
192020-05-31 15:47:46 UTCr/Hacking_Tutorials - Remote Code Execution explained with real life bug bounty reportsThe Reddit post titled "r/Hacking_Tutorials - Remote Code Execution explained with real life bug bounty reports" has received 36 votes but no comments yet. The post likely discusses remote code execution vulnerabilities using real-life bug bounty reports. It aims to provide tutorials and insights into how these vulnerabilities can be exploited, potentially offering valuable information for those interested in hacking and cybersecurity.
202019-10-05 04:06:54 UTCSQL injection to RCEThe content discusses a case of SQL injection leading to Remote Code Execution (RCE) discovered during a recent customer penetration testing. It hints at the potential security vulnerability and the impact it had on the system.
212019-08-28 05:41:25 UTCWRITE UP – Private bug bounty $$,$$$ USD: “RCE as root on Marathon-Mesos instance” – @omespinoThe content is a write-up about a private bug bounty offering a significant monetary reward for discovering a remote code execution (RCE) vulnerability that allows gaining root access on a Marathon-Mesos instance. The write-up is authored by @omespino. The focus is on detailing the exploit and the potential impact of the vulnerability.
222019-04-20 07:00:40 UTCPDFReacter SSRF to ROOT Level Local File Read which led to RCEPDFReacter is a parser that converts HTML content to PDF.
232018-11-09 03:39:30 UTCelttam - Ruby 2.x Universal RCE Deserialization Gadget Chain"elttam is a security company offering research-based security assessment services, prioritizing practicality and technical expertise to assist clients in safeguarding critical assets."
242018-07-06 20:55:44 UTCLatex to RCE, Private Bug Bounty ProgramThe content discusses the author's participation in a private bug bounty program focused on a CMS journal site, approximately a year ago. The author aims to share their learnings from this experience, particularly related to exploiting a vulnerability in Latex to achieve Remote Code Execution (RCE). The bug bounty program provided an opportunity for the author to enhance their skills in identifying and exploiting security flaws.
252018-06-07 16:19:17 UTCHow I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!The content appears to be a title mentioning chaining four vulnerabilities on GitHub Enterprise, from SSRF execution to RCE. The author is identified as 🍊.
262018-06-04 02:32:28 UTCXSS and RCE - Brute XSSRCE (Remote Code Execution) is a severe vulnerability sought after by attackers to compromise systems. XSS, often overlooked, can be a stepping stone towards achieving RCE. While XSS may not seem as critical, it can lead to significant security breaches if left unaddressed. Understanding the relationship between XSS and RCE is crucial for comprehensive security measures.
272018-04-29 17:50:50 UTC#BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get…The content is about a bug bounty experience where the author bypassed a firewall to achieve Remote Code Execution (RCE) and gained access to a server shell. The author likely shares details of the process and techniques used in this security testing scenario.
282017-11-30 13:05:06 UTCTaking note: XSS to RCE in the Simplenote Electron clientThe content discusses a security vulnerability in the Simplenote Electron client that allows for cross-site scripting (XSS) attacks to escalate to remote code execution (RCE). This vulnerability poses a significant risk to users of the Simplenote application.
292017-11-19 04:46:44 UTCLeading the Blind to Light! - A Chain to RCEThe content discusses the process of chaining multiple bugs together to achieve remote code execution (RCE) through diligent work and reconnaissance. By identifying and exploiting vulnerabilities in a sequential manner, attackers can gain control over a system.