labs.watchtowr.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-10.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-10 2026 | More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)RCE | This content highlights a pre-authentication OS command injection vulnerability (CVE-2026-10520) in Ivanti Sentry. The title sarcastically suggests this is further proof that common terms might have unintended interpretations, implying a misunderstanding or misrepresentation of the vulnerability or its impact. The provided link likely contains further technical details about the exploit and its implications. No bug bounty payout amount is mentioned. |
| 2026-04-16 2026 | SmarterTools SmarterMail Pre-Auth RCE (CVE-2025-52691)RCE | Writeup of CVE-2025-52691, a pre-authentication remote code execution vulnerability in SmarterTools SmarterMail. This analysis details how an unauthenticated file upload endpoint, which accepts a JSON-deserializable `contextData` parameter, allows an attacker to control a `guid` property. The patched build 9413 introduces GUID validation, suggesting its exploitation was previously possible by manipulating this field during upload processing, as detailed by Mr Chua Meng Han from CSIT. |
| 2026-04-16 2026 | Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)RCE | Writeup detailing CVE-2025-23120, a domain-level RCE in Veeam Backup & Replication. This vulnerability arises from a flawed blacklist-based deserialization mechanism, allowing domain users to achieve SYSTEM privileges on the Veeam server. The attack leverages the .NET Remoting Channel and a specific class, `Veeam.Backup.Model.CDbCryptoKeyInfo`, which ultimately leads to inner deserialization with a blacklist. This writeup follows previous research on CVE-2024-40711, also in Veeam, highlighting the persistent issues with blacklist-based security. |
| 2026-04-16 2026 | Exploitation Walkthrough - Ivanti Connect Secure RCE (CVE-2025-0282)RCE | Walkthrough of CVE-2025-0282 in Ivanti Connect Secure, detailing a stack-based buffer overflow in the `ift_handle_1` function. Exploitation involves crafting a malicious `clientCapabilities` block exceeding 256 bytes to trigger an out-of-bounds write. While direct return address overwriting is complicated by a preceding `free()` call on `object_to_be_freed`, an alternative exploitation path leverages a virtual function call at offset 0x48 within `a1`. |
| 2025-11-12 2025 | Is It CitrixBleed4? Well No. Is It Good? Also No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)XSS | Writeup detailing CVE-2025-12101, a reflected XSS vulnerability found in Citrix NetScaler's SAML RelayState parameter. The analysis also covers an undocumented memory leak (WT-2025-0089) triggered by a specific AAA virtual server misconfiguration, noting the ongoing fragility of memory management in these appliances. |