appsec.fyi

A somewhat curated list of links to various topics in application security.

Remote Code Execution (RCE)

In computer security, arbitrary code execution (ACE) is used to describe an attacker's ability to execute arbitrary commands or code on a target machine or in a target process.

From Wikepedia

ItemDate AddedLinkExcerpt
12025-08-14 04:27:51 UTChttps://weekly.infosecwriteups.com/iw-weekly-39-10-000-bounty-zero-click-account-takeover-stored-xss-open-redirection-vulnerability-sql-injection-rce-reconnaissance-techniques-and-much-more/The content discusses various cybersecurity topics covered in IW Weekly 39, including a $10,000 bounty, zero-click account takeover, stored XSS, open redirection vulnerability, SQL injection, RCE, reconnaissance techniques, and more. It highlights the importance of understanding and addressing these vulnerabilities to enhance security measures.
22025-08-14 04:27:49 UTCChaining an Blind SSRF bug to Get an RCE | by Santosh Kumar Sha (@killmongaThe content discusses chaining a Blind Server-Side Request Forgery (SSRF) bug to achieve Remote Code Execution (RCE), presented by Santosh Kumar Sha. This technique involves exploiting a vulnerability in which an attacker can make a server perform unauthorized requests, leading to gaining control over the server and executing malicious code remotely. The focus is on demonstrating how an SSRF bug can be leveraged to escalate to a more severe RCE attack, highlighting the importance of understanding and securing against such vulnerabilities in web applications.
32025-08-14 04:27:47 UTCJust Gopher It: Escalating a Blind SSRF to RCE for $15k — Yahoo Mail | by SThe content discusses escalating a blind Server-Side Request Forgery (SSRF) vulnerability to Remote Code Execution (RCE) in Yahoo Mail, earning a reward of $15,000. The process involves utilizing the Gopher protocol to exploit the SSRF vulnerability and achieve RCE. The article likely details the steps taken to identify, exploit, and report the vulnerability to Yahoo Mail's security team, resulting in a significant bounty payout.
42025-08-14 04:27:45 UTChttps://github.com/smgorelik/Windows-RCE-exploits/tree/master/Web/VBScriptThe provided link leads to a GitHub repository containing Windows Remote Code Execution (RCE) exploits written in VBScript. The repository offers a collection of scripts that can be used to exploit vulnerabilities in Windows systems. It focuses on utilizing VBScript for web-based attacks. The content provides a resource for security researchers and professionals interested in studying or testing RCE vulnerabilities in Windows environments using VBScript.
52025-08-14 04:27:43 UTChttps://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-bypass-firewall-to-get-rce-and-then-went-from-server-shell-to-get-783f71131b94?source=userActivityShare-90814179aa21-1525127127The content discusses a bug bounty experience where the author bypassed a firewall to achieve Remote Code Execution (RCE) and gained access to a server shell. The author describes the steps taken to exploit vulnerabilities, including identifying the firewall, exploiting it to gain RCE, and escalating privileges to access the server shell. The article provides insights into the process of identifying and exploiting security weaknesses, showcasing the author's skills in penetration testing and bug hunting.
62025-08-14 04:27:41 UTChttps://medium.com/@kedrisec/how-i-found-2-9-rce-at-yahoo-bug-bounty-program-20ab50dbfac7The content discusses a security researcher's experience finding a critical Remote Code Execution (RCE) vulnerability in Yahoo's Bug Bounty Program. The researcher details the steps taken to discover and exploit the vulnerability, which allowed unauthorized code execution on Yahoo's servers. The post highlights the importance of responsible disclosure and the collaboration between security researchers and companies to address such vulnerabilities. The discovery earned the researcher a significant bounty reward.
72025-08-14 04:27:37 UTChttps://medium.com/@p4c3n0g3/lfi-to-rce-via-access-log-injection-88684351e7c0?source=userActivityShare-90814179aa21-1524411790The content discusses a security vulnerability called Local File Inclusion (LFI) that can be exploited to achieve Remote Code Execution (RCE) through access log injection. By manipulating log files, an attacker can inject malicious code that gets executed on the server, leading to potential compromise. The article provides a detailed explanation of how this attack works and offers insights into the impact and mitigation strategies. It emphasizes the importance of understanding and securing against such vulnerabilities to protect systems from unauthorized access and data breaches.
82025-08-14 04:27:35 UTChttps://engineering.salesforce.com/meraki-rce-when-red-team-and-vulnerability-research-fell-in-love-3a119ce2cf56?source=userActivityShare-90814179aa21-1515163858The content discusses a case study where a red team and vulnerability researchers collaborated to discover a critical Remote Code Execution (RCE) vulnerability in Meraki devices. The article highlights the importance of teamwork, communication, and collaboration between different security roles to identify and address security flaws effectively. The process involved reverse engineering, code analysis, and exploitation techniques to uncover the vulnerability. The findings were responsibly disclosed to the vendor for remediation. This case emphasizes the significance of cross-functional cooperation in cybersecurity to enhance overall security posture and protect against potential threats.
92025-08-14 04:27:33 UTCTaking note: XSS to RCE in the Simplenote Electron clientThe content discusses a security vulnerability in the Simplenote Electron client that allows attackers to exploit a cross-site scripting (XSS) issue to achieve remote code execution (RCE). This vulnerability poses a significant risk to users of the Simplenote application, potentially allowing malicious actors to execute arbitrary code on affected systems. It highlights the importance of promptly addressing security vulnerabilities in software applications to prevent exploitation and protect user data and systems.
102025-08-14 04:27:31 UTCLeading the Blind to Light! - A Chain to RCEThe content titled "Leading the Blind to Light! - A Chain to RCE" suggests guiding individuals towards enlightenment or understanding, possibly related to a concept or process denoted by "RCE." The title implies a journey from darkness to illumination, symbolizing progress or insight.
112025-08-14 04:27:27 UTCopsxcq/exploit-CVE-2016-10033: PHPMailer 5.2.18 Remote Code ExecutionThe content refers to an exploit named opsxcq/exploit-CVE-2016-10033 targeting PHPMailer version 5.2.18, allowing remote code execution. This vulnerability can potentially be exploited by attackers to execute malicious code on a target system.
122025-08-14 04:27:25 UTCArtificial truth · From LFI to RCE in phpThe content discusses the progression from Local File Inclusion (LFI) to Remote Code Execution (RCE) vulnerabilities in PHP, highlighting the concept of "Artificial Truth." This likely delves into the exploitation of LFI vulnerabilities to escalate to RCE, emphasizing the importance of understanding and securing against such risks in PHP applications. The title suggests a focus on the evolution of security threats within PHP code, particularly the potential for LFI vulnerabilities to lead to more severe RCE exploits.
132025-08-14 04:27:23 UTChttp://brutelogic.com.br/blog/xss-and-rce/The content discusses Cross-Site Scripting (XSS) and Remote Code Execution (RCE) vulnerabilities. It explains how XSS can be used to inject malicious scripts into web applications, potentially leading to RCE attacks. The article emphasizes the importance of understanding these vulnerabilities to prevent security breaches. It provides examples and insights on how attackers exploit these vulnerabilities and offers recommendations on how to mitigate the risks associated with XSS and RCE. The content serves as a valuable resource for individuals seeking to enhance their knowledge of web security and protect against potential cyber threats.
142025-08-14 04:27:21 UTCAn Introduction to Visualforce - developer.force.comThe content is titled "An Introduction to Visualforce" on developer.force.com. It likely provides an overview or beginner's guide to Visualforce, a framework that allows developers to build custom user interfaces for Salesforce applications. Visualforce enables the creation of dynamic, interactive pages using a markup language similar to HTML. Developers can use Visualforce to customize the look and feel of their Salesforce applications, enhancing user experience and functionality. The content is likely aimed at developers looking to learn more about Visualforce and how to leverage it in their Salesforce development projects.
152025-08-14 04:27:18 UTCThe Tale Of SSRF To RCE on .GOV Domain | by Tobydavenn | Sep, 2022 | MediumThe content titled "The Tale Of SSRF To RCE on .GOV Domain" by Tobydavenn on Medium discusses a scenario involving Server-Side Request Forgery (SSRF) leading to Remote Code Execution (RCE) on a .GOV domain. The article likely delves into the technical details of how this vulnerability was exploited, highlighting the significance of such security flaws on government domains. It may provide insights into the exploitation process, potential impacts, and the importance of addressing SSRF vulnerabilities promptly to prevent RCE attacks.
162025-08-14 04:27:14 UTChttps://www.reddit.com/r/Hacking_Tutorials/comments/gtpkug/remote_code_execution_explained_with_real_life/?utm_source=share&utm_medium=ios_app&utm_name=iossmfThe content discusses remote code execution, explaining how it works with real-life examples. It delves into the concept of exploiting vulnerabilities to execute code on a remote system, potentially leading to unauthorized access. The post likely provides insights into the dangers of remote code execution and how hackers can leverage it for malicious purposes. It serves as a tutorial or informational resource for individuals interested in understanding cybersecurity threats and how to protect against them.
172025-08-14 04:27:12 UTChttps://medium.com/@smilehackerofficial/how-i-found-rce-but-got-duplicated-ea7b8b010990The content discusses a security researcher's experience finding a Remote Code Execution (RCE) vulnerability in a web application. The researcher details the steps taken to identify and exploit the vulnerability, leading to a successful demonstration of the RCE. However, the researcher later discovered that the same vulnerability had been previously reported by another researcher, resulting in a duplicate submission. The article highlights the importance of thorough research before reporting vulnerabilities to avoid duplication and emphasizes the need for collaboration within the security research community.
182025-08-14 04:27:08 UTChttps://link.medium.com/2gsvTU0Er0I'm sorry, but I'm unable to access external links or specific content. If you provide me with the main points or key ideas from the content, I'd be happy to help you summarize it in 100 words or less.
192025-08-14 04:27:06 UTChttps://omespino.com/write-up-private-bug-bounty-usd-rce-as-root-on-marathon-instance/The content discusses a detailed write-up of a successful bug bounty submission where the author discovered a critical vulnerability in a Marathon instance, allowing remote code execution as root. The author outlines the steps taken to identify and exploit the vulnerability, providing technical details and insights into the process. This write-up serves as a valuable resource for understanding the intricacies of bug hunting and the importance of security in software systems.
202025-08-14 04:27:04 UTChttps://link.medium.com/dAvgi0SsiZI'm sorry, but I can't access external links. If you provide the main points or key ideas from the content, I'd be happy to help summarize it for you in 100 words or less.
212025-08-14 04:27:02 UTChttps://link.medium.com/uOMoSgRU1YI'm sorry, but I am unable to access external content such as the Medium article you provided. If you could provide a brief summary or key points from the article, I would be happy to help you summarize it in 100 words or less.
222025-08-14 04:27:00 UTCZoom Zero Day: 4 Million Webcams & maybe an RCE? Just get them to visit yoThe content mentions a Zoom zero-day vulnerability affecting 4 million webcams that could potentially lead to remote code execution (RCE). The vulnerability can be exploited by tricking users into visiting a malicious website. This poses a significant security risk as attackers could gain unauthorized access to users' webcams and potentially execute malicious code on their devices. It highlights the importance of staying vigilant and updating software to protect against such vulnerabilities.
232025-08-14 04:26:56 UTCelttam - Ruby 2.x Universal RCE Deserialization Gadget ChainThe content discusses "elttam," a Ruby 2.x Universal Remote Code Execution (RCE) Deserialization Gadget Chain. This vulnerability allows attackers to execute arbitrary code remotely by exploiting the deserialization process in Ruby 2.x. The term "gadget chain" refers to a sequence of code snippets that, when combined, can be used maliciously to achieve unauthorized access and control over a system. This issue highlights the importance of securing deserialization processes in Ruby 2.x to prevent such RCE attacks.
242025-08-14 04:26:54 UTChttp://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.htmlThe content discusses how a security researcher chained together four bugs and features to achieve Remote Code Execution (RCE) on Amazon. The researcher details the vulnerabilities found in Amazon's services and how they were exploited to gain unauthorized access and execute code remotely. The blog post provides a technical breakdown of the process, highlighting the importance of identifying and addressing security flaws to prevent such exploits.
252025-08-14 04:26:50 UTCRCE by uploading a web.config ↳...The content discusses a Remote Code Execution (RCE) vulnerability that can be exploited by uploading a malicious web.config file. This type of vulnerability allows attackers to execute arbitrary code on a target system, potentially leading to unauthorized access or data breaches. It highlights the importance of securing file upload functionality and ensuring that user inputs are properly validated to prevent such security risks.
262021-01-20 04:12:29 UTCLearn About Command Injection AttacksThe content discusses command injection attacks where attackers can run their code on a victim's machine. This type of attack allows malicious actors to execute arbitrary commands on a system, potentially leading to unauthorized access, data theft, or system compromise. It is crucial to understand and protect against command injection vulnerabilities to prevent security breaches and safeguard sensitive information.
272020-05-31 15:47:46 UTCr/Hacking_Tutorials - Remote Code Execution explained with real life bug bounty reportsThe Reddit post titled "r/Hacking_Tutorials - Remote Code Execution explained with real life bug bounty reports" has received 36 votes but no comments yet. The post likely discusses remote code execution vulnerabilities using real-life bug bounty reports. It aims to provide tutorials and insights into how these vulnerabilities can be exploited, potentially offering valuable information for those interested in hacking and cybersecurity.
282019-10-05 04:06:54 UTCSQL injection to RCEThe content discusses a case of SQL injection leading to Remote Code Execution (RCE) discovered during a recent customer penetration testing. It hints at the potential security vulnerability and the impact it had on the system.
292019-08-28 05:41:25 UTCWRITE UP – Private bug bounty $$,$$$ USD: “RCE as root on Marathon-Mesos instance” – @omespinoThe content is a write-up about a private bug bounty offering a significant monetary reward for discovering a remote code execution (RCE) vulnerability that allows gaining root access on a Marathon-Mesos instance. The write-up is authored by @omespino. The focus is on detailing the exploit and the potential impact of the vulnerability.
302019-04-20 07:00:40 UTCPDFReacter SSRF to ROOT Level Local File Read which led to RCEPDFReacter is a parser that converts HTML content to PDF.
312018-11-09 03:39:30 UTCelttam - Ruby 2.x Universal RCE Deserialization Gadget Chain"elttam is a security company offering research-based security assessment services, prioritizing practicality and technical expertise to assist clients in safeguarding critical assets."
322018-07-06 20:55:44 UTCLatex to RCE, Private Bug Bounty ProgramThe content discusses the author's participation in a private bug bounty program focused on a CMS journal site, approximately a year ago. The author aims to share their learnings from this experience, particularly related to exploiting a vulnerability in Latex to achieve Remote Code Execution (RCE). The bug bounty program provided an opportunity for the author to enhance their skills in identifying and exploiting security flaws.
332018-06-07 16:19:17 UTCHow I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!The content appears to be a title mentioning chaining four vulnerabilities on GitHub Enterprise, from SSRF execution to RCE. The author is identified as 🍊.
342018-06-04 02:32:28 UTCXSS and RCE - Brute XSSRCE (Remote Code Execution) is a severe vulnerability sought after by attackers to compromise systems. XSS, often overlooked, can be a stepping stone towards achieving RCE. While XSS may not seem as critical, it can lead to significant security breaches if left unaddressed. Understanding the relationship between XSS and RCE is crucial for comprehensive security measures.
352018-04-29 17:50:50 UTC#BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get…The content is about a bug bounty experience where the author bypassed a firewall to achieve Remote Code Execution (RCE) and gained access to a server shell. The author likely shares details of the process and techniques used in this security testing scenario.
362017-11-30 13:05:06 UTCTaking note: XSS to RCE in the Simplenote Electron clientThe content discusses a security vulnerability in the Simplenote Electron client that allows for cross-site scripting (XSS) attacks to escalate to remote code execution (RCE). This vulnerability poses a significant risk to users of the Simplenote application.
372017-11-19 04:46:44 UTCLeading the Blind to Light! - A Chain to RCEThe content discusses the process of chaining multiple bugs together to achieve remote code execution (RCE) through diligent work and reconnaissance. By identifying and exploiting vulnerabilities in a sequential manner, attackers can gain control over a system.